-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add iCloud Private Relay to blockable services #3814
base: master
Are you sure you want to change the base?
Add iCloud Private Relay to blockable services #3814
Conversation
internal/filtering/blocked.go
Outdated
"||mask.icloud.com^", | ||
"||mask-h2.icloud.com^", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Negative answers must be returned for this to work correctly.
"||mask.icloud.com^", | |
"||mask-h2.icloud.com^", | |
"|mask.icloud.com^$dnsrewrite=NXDOMAIN;;", | |
"|mask-h2.icloud.com^$dnsrewrite=NXDOMAIN;;", |
@ahelpingchip after trying the above 2 configs in my local AdGuard Home DNS config, I can confirm that @agneevX's suggestion is indeed correct. Can we get this update implemented as part of this PR as this iCloud Private Relay blocking functionality would be great to get into the main branch! |
A quick note on this. AdGuard Home will soon share the same blocklists and "blockable services" with AdGuard DNS. This all is stored in a separate repo: Services: https://github.com/AdguardTeam/HostlistsRegistry/blob/main/assets/services.json @ainar-g please decide whether we merge this PR here and then move it to HostlistsRegistry or if we should change the workflow already. |
Apologies for the late revert; I missed this! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lox
@ameshkov, apologies for the late response. I think, it's okay to merge this and then move to the list a bit later. I count on reviewing and merging this in the next few days. |
When iCloud Private Relay is on, Apple devices use Apple's own custom DoH resolver to handle DNS requests. This of course means that AdGuard Home is bypassed.
By blocking the hostnames in this article, the network can signal Apple devices to not use iCloud Private Relay and respect local network DNS settings.
This PR adds iCloud Private Relay to the list of blockable services.