You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: dark-menace
dark-menace Author
User level: Level 1
6 points

Iphone (IOS 16.6.1) ignoring DNS server settings & content filtering

Hi


I used OpenDNS for content filtering at home. My Iphone (specifically Safari) when connected to WiFi seems to be ignoring the OpenDNS server settings and so content is not being blocked as expected (ie various social media sites).


Here's what i can verify:

  1. Im not using any kind of VPN or proxy on my iphone
  2. Im definitely connected to my home wifi
  3. The content filtering via OpenDNS works fine on other wirelessly connected devices such as windows PCs connected to the same WiFi network.
  4. Even if I manually change the DNS settings on my wifi connection on my Iphone it still seems to ignore them.


I am wondering if this is something to do with DNS over HTTPS (DoH) and whether there are any obvious solutions?


Thanks

D-M.

iPhone SE, iOS 16

Posted on Oct 2, 2023 12:28 AM

Reply
Question marked as Top-ranking reply
User profile for user: jasonfromca
jasonfromca
User level: Level 1
10 points

Posted on Jan 5, 2024 7:54 AM

I found this to have fixed my iPhone issue with custom DNS settings on my eero.


Disable the setting in Safari for “Advanced Tracking and Fingerprinting Protection”. Find it in Settings > Safari > Advanced. By default it’s enabled for Private browsing only, but regardless when it's enabled it somehow overrides the DNS server addresses that are set on the router. Turn the feature off.

View in context

Similar questions

11 replies
Question marked as Top-ranking reply
User profile for user: jasonfromca
jasonfromca
User level: Level 1
10 points

Jan 5, 2024 7:54 AM in response to dark-menace

I found this to have fixed my iPhone issue with custom DNS settings on my eero.


Disable the setting in Safari for “Advanced Tracking and Fingerprinting Protection”. Find it in Settings > Safari > Advanced. By default it’s enabled for Private browsing only, but regardless when it's enabled it somehow overrides the DNS server addresses that are set on the router. Turn the feature off.

Reply
User profile for user: LotusPilot
LotusPilot
Community+ 2024
User level: Level 10
289,762 points

Oct 2, 2023 9:23 AM in response to dark-menace

Have you enabled Apple's Private Relay service? If so, while active, your iPad will completely bypass your manual DNS settings and DNS-related Content Filtering:

Settings > [Your Name / AppleID] > iCloud > [iCloud+] Private Relay > Private Relay - set to ON or OFF as preferred


With Private Relay active, your iPad will use ODoH (Oblivious DoH) to encrypt and forward your DNS traffic via Apple's regional Content Delivery Partner's servers (usually Cloudflare).


About iCloud Private Relay - Apple Support

Cloudflare Oblivious DNS

Reply
User profile for user: dark-menace
dark-menace Author
User level: Level 1
6 points

Jan 15, 2024 2:10 PM in response to evanhemmen

I think IPV6 was only a small part of the equation for me. I still had issues in line with what's been posted above.


What seems to have worked for me is using OpenDNS servers in my DNS settings on my router, note you have to register and set up an account and link it to your public internet IP address on the OpenDNS dashboard for this to work. A similar process will work for any other DNS content filtering service.


Then and this is the key bit, I manually set my DNS server in my WiFi connection properties on my kids devices to my router's IP address, in this case 10.0.0.1. For some reason that causes the intended websites to be blocked when home on the WiFi.


Unfortunately, you cant change DNS settings for 4G/5G on iOS devices, so for that I'm reliant on Apple's content filtering available under Settings >> Screen Time.


Older kids with a bit of nous could easily enough remove the WiFi dns settings on their WiFi connection and that would defeat the above. Unfortunately for reasons I dont understand Apple dont allow you to block access to "Settings" on an iphone with a pass code or similar to stop kids from playing around, but do let you lock down the screen time (content filtering etc) settings.


I know setting up profiles is an option to further restrict access to iOS devices contents and settings, but Apple Configurator or corporate level MDM solutions are the only way to do this and I lack a Mac to be able to do it.

Reply
User profile for user: dark-menace
dark-menace Author
User level: Level 1
6 points

Jun 13, 2024 9:49 PM in response to GetShocked

In my experience and it seems to be working at least at this stage.


  1. On your iOS device, go into your WiFi settings and turn off "Private Wi-Fi Address".
  2. In the same location turn off "Limit IP Address Tracking"
  3. Set "Configure DNS" to "Manual.
  4. Within there, set the 2 DNS servers to OpenDNS's servers (assuming you are registered and setup for OpenDNS), or whatever other DNS content filtering service you use.


This has worked for a number of weeks since I last revisited the issue. I will report back here if it stops for no apparent reason.

Reply
User profile for user: aassaa1234
aassaa1234
User level: Level 1
8 points

Jan 23, 2024 10:59 AM in response to jasonfromca

jasonfromca, Jan 5, 2024 7:54 AM in response to dark-menace

I found this to have fixed my iPhone issue with custom DNS settings on my eero.
Disable the setting in Safari for “Advanced Tracking and Fingerprinting Protection”. Find it in Settings > Safari > Advanced. By default it’s enabled for Private browsing only, but regardless when it's enabled it somehow overrides the DNS server addresses that are set on the router. Turn the feature off.


I've been having the same behaviour as described in this thread, so did some digging


According to Advanced Tracking and Fingerprinting Prot… - Apple Community it seems like this “Advanced Tracking and Fingerprinting Protection” enables DoH (DNS over HTTPS) which I'd imagine works around the DNS server(s) your router advertises via DHCP. So it'd explain the issue we're facing


I've been testing this by blocking a website in my DNS settings (AdGuard Home), and seeing if a private tab on my iPhone (with “Advanced Tracking and Fingerprinting Protection” set to "Private Browsing") is still able to open it, and I'm not able to replicate the issue consistently (ie. the website still fails to load). This matches with @evanhemmen's experience above.


However, I noticed that after opening the website once, then blocking it, then opening it again, the website still opens, which leads me to suspect there's a local DNS cache at play here as well. This is relevant when you consider that the device may have cached the DNS entry from an (often unfiltered) Mobile network, and then reuses it with WiFi, but I can't 100% confirm this is what's happening.


(edit: quote of the original comment)


Reply
User profile for user: evanhemmen
evanhemmen
User level: Level 1
13 points

Oct 3, 2023 10:53 PM in response to dark-menace

Same here on IOS 17.0.2. I have opendns family filtering active on network level (Unifi USG router) for my kids. But on there iPhones Safari (on home WiFi, no VPN whatsoever active) seems to randomly ignore the opendns filtering.


2 additional findings:


  1. It seems a Safari specific issue, because if I use Firefox on IOS, all unwanted websites are blocked.
  2. In Safari private mode unwanted websites are not blocked, in normal model it is 50-50. Even when trying the same website, hitting refresh again and the website might appear or might be blocked.


And the most frustrating about this is, both their phones are part of my iCloud family account (age 8 and age 11), with all content restrictions active.


A little damage in my faith in Apple’s eco system. Which I thought was set and forget…


Any suggestions would be highly appreciated.



Reply
User profile for user: dark-menace
dark-menace Author
User level: Level 1
6 points

Oct 4, 2023 8:54 PM in response to dark-menace

Upon further investigation, it appears my Iphone is using an IPV6 address rather than the traditional IPV4 and according to this link - https://support.opendns.com/hc/en-us/articles/227986667-Does-OpenDNS-Support-

IPv6-


"Currently, it is not possible for users to register IPv6 addresses in the OpenDNS Dashboard. Custom content filtering cannot be set for IPv6 traffic." This would explain why my Iphone is not experiencing my intended content restrictions.


Haven't worked out if i can turn off IPV6 for WiFi connection on my Iphone, but suspect I cannot. May need an alternative provider for content filtering at this stage that supports IPV6.

Reply
User profile for user: evanhemmen
evanhemmen
User level: Level 1
13 points

Oct 4, 2023 11:15 PM in response to dark-menace

I’ve blocked IPv6 on router level in my house. So I think that is not the issue with me.


But, while looking at my iPhone WiFi settings I saw the option “privat wifi-adress” was turned on. I don’t exactly know what is does (looks like MAC address masking). But when I turned it off, it looks like unwanted websites are now being blocked… not at home right now but will test some more.

Reply

Iphone (IOS 16.6.1) ignoring DNS server settings & content filtering

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up