I blocked outgoing ports 53 and 853 (other than to my resolver) due to this; unfortunately this doesn’t help with DoH.
But one of my favorite things is that you can block Apple News ads by blocking doh.apple.com: that’s right, the app gets the IP address of the DoH server using the current nameserver before switching to that specified in the DNS record. 😆
And then you have apps that will use their own DNS silently instead of the NS you point them to…
I blocked outgoing ports 53 and 853 (other than to my resolver) due to this; unfortunately this doesn’t help with DoH.
But one of my favorite things is that you can block Apple News ads by blocking
doh.apple.com: that’s right, the app gets the IP address of the DoH server using the current nameserver before switching to that specified in the DNS record. 😆Lmao that’s a good one.