Apple Private Relay on pihole

if your Apple device has a DNS issue, but the DNS queries are not showing in the pihole logs you should see something along the lines of mask.icloud.com and mask-h2.icloud.com being blocked as Blocked (Special Domain) nxdomain. This appears to be a problem with Apple Private Relay, which can happen even when this is disabled. Below are the steps to resolve the issue.

Open the pihole server and edit /etc/pihole/pihole-FTL.conf in a text editor of your choice

add the line BLOCK_ICLOUD_PR=false

Save the file and reboot the hardware

After reboot Apple device DNS queries should begin to show properly in the pihole, and the PR mask.icloud.com and mask-h2.icloud.com domains should no longer be visible.

Apple Private Relay on pihole

Blocking External Client DNS Queries

Pi-Hole

Redirecting Client DNS Requests

Configure Conditional Forwarder on PiHole

Redirect to a different domain - Cloudflared

Redirect from root to WWW - cloudflared

Redirect Domain to New Domain

Integrate PRTG with Active Directory

PRTG Server is running but all probes are down

Aliases

Basic Firewall Configuration Example

Blocking Web Sites

Migrating to new Controller

Setting up the UniFi Network Controller using Docker

Unifi Console Commands

Unifi Controller as a Windows Service

Windows

Apple Private Relay on pihole

No Comments