0

DNS requests from iOS devices

I have iOS devices and have installed the NextDNS app on those.

when I look in analytics I see many DNS requests to Apple DoH domains shown below.

token.safebrowsing.apple

mask.icloud.com

mask.apple-dns.net

doh.dns.apple.com

mask-h2.icloud.com

 

My question is if the iOS devices are sending DoH requests to these servers does that mean I'm no getting any of the filtering from NextDNS?

4 replies

null
    • Greg.1
    • 4 mths ago
    • Reported - view

    Ok, I have confirmed that the iOS devices are indeed using their own DNS service and not going through NextDNS. Despite the DHCP settings on my router.  So I implemented blocks to all IPs associated with the Apple DNS sites so the devices will revert to using the DHCP issued DNS server (NextDNS) so I get the benefit of NextDNS. Here are the domains I resolve to create that block list. For those who care.

    doh.dns.apple.com
    mask-t.apple-dns.net
    doh.dns.apple.com.v.aaplimg.com
    mask-h2.icloud.com
    mask.apple-dns.net
    mask.icloud.com
    token.safebrowsing.apple

    These resolve to at least 40 IPv4 addresses and 34 IPv6 addresses. But they seem to change
    look them up here if you want all the IPS.
    https://www.nslookup.io/

    • Greg.1
    • 4 mths ago
    • Reported - view

    or you can just put those domains on the block list in NextDNS. Easier.

      • iOS Developer
      • Rob
      • 4 mths ago
      • Reported - view

       How would putting something on a NextDNS block list help, if the devices are not using NextDNS?

      • Greg.1
      • 4 mths ago
      • Reported - view

      RobThe device seems to make a request to NextDNS to find the IP for the Apple domains.

       

      I did do an experiment to see if Apple is using the NextDNS filtering as I read on Redit there is some agreement between Apple and NextDNS so it gave me hope.
      I removed all the above apple domains and put a block for something normal. In my case I put ford.com on the deny list.
      Then let the iOS device (and my Windows box) with the NextDNS app installed, do its thing.
      Sure enough it did block ford.com like it should. So apparently the iOS device does send requests to NextDNS first, then to its own DNS.

Login to reply

Content aside

  • 4 mths agoLast active
  • 4Replies
  • 284Views
  • 2 Following