Jump to content
Not connected, Your IP: 3.145.86.211
qwertyuiopas

DNS Blocking not Always Effective?

Recommended Posts

Posted ... (edited)

I have several DNS lists enabled (per device settings), and recently I found that that they're not always effective. By that I means I could still access the supposedly blocked sites irregularly. For example, I could occasionally access https://www3 dot doubleclick dot net (the website will be redirected if the blocking is not effective). Is this is an expected behavior? If so, could this be improvised to have a more strict effectiveness?

Edited ... by qwertyuiopas
disable link

Share this post


Link to post

Which lists are enabled, and did you check whether the domain is in one of those lists?
You could also try pinpointing which list contains the domain but when enabled does not block the domain.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

I just enabled most ads blocking list, most of them have this domain in the list. Specifically, the most basic "Ads & Trackers Blocklist" have this domain too. I have a personal Scriptable widget setup in my iOS homescreen, so whenever I use the device I notice this issue. Attached is a screenshot when the blocking is not effective (sorry have to redact lots of personal or identifiable information). The red hand icon indicates the blocking is not effective. It's a very simple javascript to test accessibility to the ads site:

async function isAdsBlockActive() {
    try {
        let req = new Request('https://www3.doubleclick.net')
        req.method = "HEAD"
        req.timeoutInterval = 5
        let res = await req.load();
        return false
    } catch (error) {
        return true
    }
}
 

IMG_0364.jpg

Share this post


Link to post

Are you sure DNS resolution always goes via AirDNS? Maybe DNS over HTTPS/TLS is enabled, or gets used intermittently (sometimes called Secure DNS or something, not sure with Apple)?
Which VPN client are you using?


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
15 hours ago, OpenSourcerer said:

Are you sure DNS resolution always goes via AirDNS? Maybe DNS over HTTPS/TLS is enabled, or gets used intermittently (sometimes called Secure DNS or something, not sure with Apple)?
Which VPN client are you using?


That's a great question. I have no idea, I think it's very unlikely an iOS issue (since VPN on iOS have already exist for quite a long time, if it's a bug I guess it would have been fixed)? I'm using the official Wireguard app. Perhaps AirVPN could comment on this? @Staff

Share this post


Link to post
1 hour ago, qwertyuiopas said:

I have no idea, I think it's very unlikely an iOS issue (since VPN on iOS have already exist for quite a long time, if it's a bug I guess it would have been fixed)?


It's not a bug if it's a feature. Keep in mind that iOS services for example actively ignore VPN connections, confirmed on iOS 16 and 17. I can certainly imagine them using some Apple DNS server to resolve names for iOS services regardless of DNS settings, and since those widgets are most probably part of an iOS service since an iOS feature is provided, it's possible to connect the dots: DNS resolutions triggered from those widgets may just use the assigned DNS server but with a quick fallback to some Apple DNS server in case it takes "too long".

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

That might be the case. Unfortunately I have no way to verify this, at least not via any published documentation on this by Apple. Hopefully someone with deeper knowledge in iOS can verify this.

Share this post


Link to post

I noticed the same on Android also with the common Wireguard app.

I do not have this issue if I connect to my home router using Wireguard and using the same block list (pihole)

On AirVPN I'm getting ads every now and then. Dnsleaktest and ipleak never indicate any dns package leak. Any idea?

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...