So I noticed recently that despite iOS settings saying all DNS queries go through iCloud Private Relay's DNS servers, despite Private Relay using Oblivious DNS over HTTPS, and even despite dnsleaktest.com (and others) showing nothing but Cloudflare servers, I'm still redirected to AT&T's DNS Error Assist search page if I enter an invalid URL (google.cmo for instance).
I'm aware of how to disable this, but I'm more curious about the technical implications if anything and wanted to know if anyone had any ideas about the following:
- Does this mean all DNS queries are being leaked to my ISP? Or only invalid ones?
- Can AT&T associate my real IP address with the invalid DNS query, or are they still only seeing that a Private Relay address attempted an invalid DNS query?
- If the answer to question 1 is "yes" to the first option, is AT&T able to see all non-HTTPS connections even with Private Relay enabled?
- Is there anything else I could test to determine if my DNS queries are being hijacked other than standard online DNS leak testing sites?
Basically I'm wanting to know the extent of the leak given that leak tests return ostensibly water-tight results. It's very odd to me that even though every service I've tried so far is saying my DNS isn't leaking, invalid DNS lookups can still somehow be hijacked by my ISP's provisioned router (I know, bad idea to keep around, whatever).
With my limited expertise on the subject, I would guess my DNS queries aren't being leaked, but any returned errors are simply triggering a redirect in my browser to AT&T's DNS Error Assist service, and only then does the original lookup leak to them. Is this plausible or testable? And if so, refer to question 2.
Also noteworthy that only my home wifi has this problem. Switching my iPhone's internet to my cellular service gives me Safari's blank DNS error page when I enter an invalid URL.