How to remove domains from DNS Query Redirection?

Hi!
After updating luci-app-https-dns-proxy, domains appeared in Redirect DNS requests /mask.icloud.com/ and /mask-h2.icloud.com/
and if they are deleted and the https-dns-proxy service is restarted, they appear again,
how to get rid of them since I don't need it ?

Can you post cat /etc/config/https-dns-proxy and cat /etc/config/dhcp ?

These are canary domains for iCloud Private Relay. Along with the Mozilla canary domain they are there to make sure that all your network devices use your router for network resolution and not the other services where dns resolution requests cannot be intercepted by your router.

If no client on your network is using iCloud Private Relay they do not affect you at all.

2 Likes

I immediately understood what these domains were, the question is how to remove them so that they do not appear again,
plus they cause some kind of anomaly, in the config they are duplicated 10 times. On October 1 everything was still fine,
then I updated my assembly and now it appeared :slight_smile:
It definitely didn’t get better, and as I understand it, what should I write to the developer of this package? Well,
to add any additional settings, so that you can configure yourself

I've submitted PR to remove duplicates: https://github.com/openwrt/packages/pull/19525. They do appear if you happen to start service multiple times in a row, now it's fixed.

Once I merge this PR, I'll create another one with the settings for canary domains, they will be canary_domains_mozilla and canary_domains_icloud which you'll need to set to 0.

PRs for new settings: https://github.com/openwrt/packages/pull/19527 and https://github.com/openwrt/packages/pull/19528. WebUI PRs: https://github.com/openwrt/luci/pull/6004 and https://github.com/openwrt/luci/pull/6005

1 Like

Cool, Thanks!
Can you somehow solve the issue with the gateway?
I have already described the problem. Openwrt router is connected to the first router,
When the WAN IP address changes on the first router, the one issued by the provider, the gateway changes accordingly,
then https-dns-proxy stops working, only restarting this service helps.
Is it possible to somehow bind https-dns-proxy to the gateway of the openwrt router or to the gateway of the first router?
Or maybe there is some other solution?
I had to add this command to the scheduler */10 * * * * /etc/init.d/https-dns-proxy restart,
so that every 10 minutes the service is restarted, at the moment when the service is restarted,
dns naturally does not work and accordingly the page will not open at this moment,
the wan IP address on the first router can change at any time, that's why I set the reboot interval to 10 minutes,
but you yourself understand that when you open something, for example, a page at the moment when the service is restarting,
it says that the page was not found,
which is very annoying
I tried all possible ways to set up, that's why I turned to the forum for help, because apart from you I'm 100% sure no one will help

Elaborate on this please.

"Openwrt router is connected to the first router"
yes

and https-dns-proxy and https-dns-proxy-opkg appeared in config,
I understand that because of some kind of error

I added interface alias "wan"
There are two servers in https-dns-proxy
cloudflare and adguard
after changing the wan ip address on the first router that the provider issues,
cloudflare stops working, but only adguard works,
and after about one hour, cloudflare starts working.
In general, I solved the problem with such a primitive metho :slight_smile:

Please tell me how to change the polling interval parameter from 120 to 3600 or disable it altogether?

dns doesn't actually break the connection with the server on port 53, this connection is constantly hanging, I would like to increase the interval time or disable this feature altogether

In Instance Settings it says that you can do this, but I don't know how

and all the manipulations did not help, the ip wan changes on the first router, dns stops working,
the openwrt build is the latest, all updates are installed

replaced dnsmasq with dnsmasq-full and it became much more fun to work, pages open faster, my problem didn’t really go away, but it still became much better to work with luci-app-https-dns-proxy