crypt0rr
commented
2 years ago Tested according to this document from Apple. Cannot replicate the 'The user will be alerted that they need to either disable Private Relay for your network or choose another network.' part, presumably due to Private Relay is currently in beta.
Will update the DNS and IP's served in the repo.
Your list contains mask-h2.icloud.com and mask.icloud.com. According to this document these domains are used to return the private relay addresses. This document further states the dns request should not be blocked or dropped, but return NXDOMAIN, this to allow the (apple) device to check if the apple private relay function can be used, whithout any delays or timeout.
I would suggest to remove these domains from the list, they are NOT DoH servers, only DNS records used to determine if apple private relay can be used.