Add iCloud Private Relay to blockable services #3814
Conversation
internal/filtering/blocked.go
Outdated
| "||mask.icloud.com^", | ||
| "||mask-h2.icloud.com^", |
There was a problem hiding this comment.
Negative answers must be returned for this to work correctly.
| "||mask.icloud.com^", | |
| "||mask-h2.icloud.com^", | |
| "|mask.icloud.com^$dnsrewrite=NXDOMAIN;;", | |
| "|mask-h2.icloud.com^$dnsrewrite=NXDOMAIN;;", |
|
@ahelpingchip after trying the above 2 configs in my local AdGuard Home DNS config, I can confirm that @agneevX's suggestion is indeed correct. Can we get this update implemented as part of this PR as this iCloud Private Relay blocking functionality would be great to get into the main branch! |
|
A quick note on this. AdGuard Home will soon share the same blocklists and "blockable services" with AdGuard DNS. This all is stored in a separate repo: Services: https://github.com/AdguardTeam/HostlistsRegistry/blob/main/assets/services.json @ainar-g please decide whether we merge this PR here and then move it to HostlistsRegistry or if we should change the workflow already. |
|
Apologies for the late revert; I missed this! |
|
@ameshkov, apologies for the late response. I think, it's okay to merge this and then move to the list a bit later. I count on reviewing and merging this in the next few days. |
When iCloud Private Relay is on, Apple devices use Apple's own custom DoH resolver to handle DNS requests. This of course means that AdGuard Home is bypassed.
By blocking the hostnames in this article, the network can signal Apple devices to not use iCloud Private Relay and respect local network DNS settings.
This PR adds iCloud Private Relay to the list of blockable services.