- Hide menu

Fix for iOS and iPadOS apps bypassing AdGuard Home using DoH

When Apple allowed apps to specify their own encrypted DNS server, this was a convenient way for apps to avoid ad-blocking DNS servers. I got tired of the Gmail app on iOS and iPadOS bypassing my AdGuard Home DNS server, just like it can bypass similar blocking services like PiHole. Another example is Safari browser on iPadOS and iOS in Privacy mode will bypass your DNS servers and use an Apple specified DNS over HTTP server. If you use a standard (ie unencrypted) DNS server, this will be bypassed.

It turns out it’s relatively easy to stop this from happening.

You need to specifiy a DNS over HTTPS (DoH) server via a configuration profile as this will override any specific DoH server that has been done in an app. Since AdGuard Home can serve as a DoH server, all you have to do is turn on this feature and install a configuration profile that points to it.

The steps are:

  1. Turn on Encryption settings in AdGuard Home (see screenshot above)
  2. Use your preferred method of getting a SSL certificate for your AdGuard Home server. LetsEncrypt is the most common method
  3. You’ll probably want add a rewrite rule to point the name of you DoH server to an internal IP address
  4. Download iMazing, the excellent and free Configuration Profile tool
  5. Make a profile with a DNS Setting payload (see screenshot below)
  6. Save and install the profile on your i-Device

No more AdGuard bypass by apps!