When Apple allowed apps to specify their own encrypted DNS server, this was a convenient way for apps to avoid ad-blocking DNS servers. I got tired of the Gmail app on iOS and iPadOS bypassing my AdGuard Home DNS server, just like it can bypass similar blocking services like PiHole. Another example is Safari browser on iPadOS and iOS in Privacy mode will bypass your DNS servers and use an Apple specified DNS over HTTP server. If you use a standard (ie unencrypted) DNS server, this will be bypassed.
It turns out it’s relatively easy to stop this from happening.
You need to specifiy a DNS over HTTPS (DoH) server via a configuration profile as this will override any specific DoH server that has been done in an app. Since AdGuard Home can serve as a DoH server, all you have to do is turn on this feature and install a configuration profile that points to it.
The steps are:
No more AdGuard bypass by apps!