Hello forum community, dear eBlocker team,
I've a situation I like to describe and hope for a solution:
Right after recent update of my iOS devices to iOS14 (iPad, iPhones), DNS firewall for those devices shows no function indicating that "...device uses a buffered DNS-response. Please start the test again in a few minutes". - see attached screenshot. All other devices I have connected to the eBlocker (windows, linux, apple devices with iOS older than iOS 14) do not show this issue at all.
I've waited and started the test over and over again with no change, tried everything like delete the DNS caches on those devices then restart device; I've reset those devices in eBlocker, rebooted the blocker, reinstalled the devices in eBlocker, but all of these measures did not helped.
To be remarked: after the update to iOS 14, eBlocker devise list does not show "Apple Inc" as Vendor for those the devices updated to iOS 14 anymore. Could that be related to this situations?
My eBlocker is running on a Raspberry Pi 4 with 4 GB and direct connected to Fritzbox 7490. DHCP on eBlocker.
Does anyone in the community faces with the same situation? Or even has a solution for it?
Best regards
BonyCB
Hello,
will we run to a problem to get privacy on Appel IOS?
https://www.techradar.com/news/apple-devices-will-get-encrypted-dns-in-ios-14-and-macos-11
https://www.macobserver.com/news/product-news/ios-14-encrypted-dns/
Is it possible to deactivate "DNS over HTTPS" in IOS 14 ?
regards
PIO78
@pio78 I use iOS 14 since Beta and I have not found a setting to disable it. I am also not certain how Apple means when they say: ... will support both the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols.
... To improve the privacy of iOS and macOS users, Apple says it plans to add new functions and features to its app development frameworks.
I would assume that developers have the option to implement whatever they like.
So my understanding here is that it will be provided via frameworks to apps, but it is nothing something centrally enforced in the OS. So I would want to believe that the apps will or will not offer this.
I also expect that at one point in time optional will become mandatory.
https://www.zdnet.com/article/apple-adds-support-for-encrypted-dns-doh-and-dot/
I wonder how the VPN blocking apps on the devices will handle it. So far I have not seen anything. But I will investigate a bit.
@BonyCB No need to worry. You are using https and the pattern blocker - not DNS-filtering, as the screenshot shows.
Nevertheless the test shows that iOS 14 now caches the DNS request (for longer?), which is not a big problem either.
Only if you disable eBlocker, your iOS might have a request cached and is not propagating this to a new DNS-server. So some requests may still get blocked (on non https devices only) even if eBlocker is paused/disabled - until iOS let's the cache expire.
@random Thanks for the prompt feedback and to hear that I don't need to worry! Really appreciate! 👍
However I'm not sure what that means at the end - I'm just a normal user with basic understanding 😔. I'm using the eBlocker as it is designed for and set it up as it should be set up.
Fact is, after the iOS14 update I'm facing the described situation (what I did not had before). The eBlocker is indicating a remark with a red exclamation point. To me this means take care - something is not ok! Is some (functionality) that needs to be updated on the eBlocker based on this new Apple update? Does the DNS firewall works proper on the eBlocker even with this remark?
I'm using 1.1.1.1 and 9.9.9.9 as DNS server list as described in the eBlocker manual.
Best regards
BonyCB
Does the DNS firewall works proper on the eBlocker even with this remark?
Yes.
See above.
THX!
@bonycb As you are using iOS 14, you might want to check this out: https://eblocker.org/community/announcements/ios-14-important-configuation-necessary/
Thanks for the forwarding me the post. Yeap - I also saw it and changed accordingly the settings.
It helped to get the iOS devices recognized again as "Apple Inc." by the eBlocker, however did not solved the red exclamation point. But acc. to @radom, this is not a problem. I understood this from my point of view as a blemish.
Anyway, I reached to get rid of this blemish by setting up the DNS server to manual in the settings of the WLAN connection, typed in only my eBlocker IP address and deleted all other entires.
It works now! No red exclamation point in the "Status" information of the device anymore. All checked green now.
Maybe @random or somebody else can explain this and give a comments if there is no risk to keep this setting.
THX
BonyCB
setting up the DNS server to manual in the settings of the WLAN connection, typed in only my eBlocker IP address and deleted all other entires.
You stated above you were using eBlocker‘s DHCP. Using eBlocker‘s DHCP sets the DNS of all clients to eBlocker‘s IP automatically.
Are you sure your your client was set to obtain the DNS settings via DHCP before? And if so, have you rebooted your client after connecting eBlocker to obtain the settings from eBlocker?
To answer your question, I can only suspect: your client‘s DNS setting was manually set to your router or other DNS server(s) / or client was not rebooted / or did not obtain the DHCP settings from eBlocker for some reason (probably your router‘s DHCP was not disabled!) / or eBlocker‘s DHCP was/is not enabled at all. Only you know the answer 😉 but it would be great to know for the next user having similar questions.
In any case: if client‘s DNS is not set to eBlocker‘s IP of course eBlocker‘s DNS firewall is not being used / bypassed.
As said above: If eBlocker HTTPS is enabled for client, the DNS firewall is not used anyhow but the much more advanced pattern filter. eBlocker’s DNS firewall is meant for clients that can not be enabled for eBlocker HTTPS (due to the lack of flexibility of adding certificates, as in SmartTVs, IoT etc).
Hope this helps 😉