Comment by nickburns
1 month ago
This does nothing for a mobile device that either concurrently maintains its cellular 'data' connection together with its Wi-Fi connection (and whose apps are permitted to access both)—or leaves the LAN without connecting remotely via a force-tunneled VPN. And even with such a VPN, the cellular NIC continues to maintain baked-in alternate routes on both Android and iOS. All that's before we even get into specific Pi-Hole and LAN config, not to mention DoH.
Krebs and everyone else he cites is right—it's time for Apple and Google to eliminate MAID altogether.
ETA: Do not downvote this parent! Use trustworthy ad blockers anywhere and everywhere you can!
> the cellular NIC continues to maintain baked-in alternate routes on both Android and iOS
How do you know this is the case? (I believe it to be, would like to verify)
Also worth mentioning many apps hardcode DNS servers or fallback to other DNS providers when they fail to resolve hostnames. I see this all the time on my network. (I have a PfSense box that redirects to upstream NextDNS when this happens)
NextDNS is a great alternative for mobile devices
https://nextdns.io
If self-host is your thing, there are blocky [0] or Adguard Home [1].
I self-host DOH using blocky so my Android devices can use it via "Private DNS" that is active on both wifi and cellular.
[0] https://0xerr0r.github.io/blocky/latest/
[1] https://github.com/AdguardTeam/AdGuardHome
[2] https://adguard-dns.io/en/public-dns.html how to configure