Hello there,
I recently encountered a scenario where I could not use company-internal services from my phone while on the company wifi. The issue was that I had iCloud Private Relay enabled, and the service I was trying to access was shadowed to our company homepage for access from external DNS servers.
This seems to be commonly used; even the Deutsche Bahn operates this approach to shadow their iceportal.de - a service offering special services while on one of their trains. As an external user, opening their website, you will find instructions on accessing the services (like joining their WiFi, etc.)
Assume you want to access internal.example.com. A typical user connected to the company wifi will receive a response from the local DNS server and may get an A record to the server hosting the resource. On the other hand, external users outside the network will receive their response from an external DNS server configured to return a CNAME record to example.com.
Now, iCPR will use Apple's DNS infrastructure to protect a user's privacy, which may result in the wrong resource being served. I was wondering if there is a way to work around this, aside from disabling iCPR for your network? Can an owner of a domain set some DNS record to signal iCPR to lookup a domain from the internal DNS server if on a specified WiFi or something like this?
I hope you may be able to help me out.
Greetings, Thomas