Hello all,
I was wondering if there was a way to have Private Relay resolve DNS queries with the network-provided DNS server instead of the current DNS server Private Relay uses. We are fine with traffic being hidden but would only like to see DNS queries send by clients in order to log and block malicious domains. What actions would we need to take on our network to block the Private Relay DNS server in order to make requests go to the network-provided DNS server?
Thanks, Ironbolt89
It’s not a very elegant solution, but since VPN and NetworkExtension traffic is not routed through Private Relay, you could set up a VPN server on your local network (e.g. WireGuard), and use the associated iOS/macOS app to connect to the server.
In your VPN configuration, only route traffic destined for the local network through the VPN (so that Internet traffic still goes through Private Relay as normal, not the VPN), and set the DNS server in your VPN to be your local DNS server.
I am hoping a better solution exists/will exist at some point, though! I’ve made a suggestion to allow users to choose whether to route DNS queries through Private Relay (FB9184754), and I suggest you make similar feedback for your use case.
I suspect you're going to have to install a VPN client app to intercept and filter the DNS traffic.
Connecting via local DNS is a rather large hole in connection privacy, otherwise.
