search

fkonradmain / adguard-ansible-iac

IaC for a public Adguard Home Server based on Ansible
GNU General Public License v3.0
0 stars 0 forks source link

Apple DNS Compatibility issues #12

Open fkonradmain opened 5 months ago

fkonradmain commented 5 months ago

Apple App Store is blocked and we don't really know why.

Internet manuals suggest the following:

  1. Block the Adguard Service "icloud_private_relay", which has the following configuration:
        {
            "id": "icloud_private_relay",
            "name": "iCloud Private Relay",
            "icon_svg": "PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9ImN1cnJlbnRDb2xvciIgdmlld0JveD0iMCAwIDUxMiA1MTIiPjxwYXRoIGQ9Ik0zOTUuNzQ4IDI3Mi4wNDZjLS42NDYtNjQuODQxIDUyLjg4LTk1LjkzOCA1NS4yNzEtOTcuNDgzLTMwLjA3NS00NC4wMS03Ni45MjUtNTAuMDM5LTkzLjYyLTUwLjczNi0zOS44NzEtNC4wMzctNzcuNzk4IDIzLjQ3NC05OC4wMzMgMjMuNDc0LTIwLjE4NCAwLTUxLjQwOS0yMi44NzctODQuNDc2LTIyLjI3Ni00My40NTguNjQ2LTgzLjUyOSAyNS4yNjktMTA1LjkwNiA2NC4xOS00NS4xNTIgNzguMzUtMTEuNTYzIDE5NC40MiAzMi40NDUgMjU3Ljk2MyAyMS41MDQgMzEuMTA0IDQ3LjE0NiA2Ni4wMzggODAuODEzIDY0Ljc5IDMyLjQyMS0xLjI5NCA0NC42ODEtMjAuOTc5IDgzLjg3OC0yMC45NzkgMzkuMTk2IDAgNTAuMjE1IDIwLjk3OSA4NC41MjQgMjAuMzM1IDM0Ljg4OC0uNjQ4IDU2Ljk5MS0zMS42OTkgNzguMzQ3LTYyLjg5OCAyNC42OTQtMzYuMDg0IDM0Ljg2Mi03MS4wMTkgMzUuNDYyLTcyLjgxMi0uNzc1LS4zNTQtNjguMDMxLTI2LjExOS02OC43MDUtMTAzLjU2OHpNMzMxLjI4IDgxLjc2MUMzNDkuMTQ5IDYwLjA4MiAzNjEuMjEgMzAuMDA1IDM1Ny45MiAwYy0yNS43MzkgMS4wNDgtNTYuOTM4IDE3LjE0NS03NS40MDUgMzguNzc1LTE2LjU3IDE5LjE4OC0zMS4wNzUgNDkuODEzLTI3LjE4OCA3OS4yMTggMjguNzM0IDIuMjQyIDU4LjA2NS0xNC42MDIgNzUuOTUzLTM2LjIzMnoiIC8+PC9zdmc+",
            "rules": [
                "||mask-canary.icloud.com^$dnsrewrite=NXDOMAIN;;",
                "||mask-h2.icloud.com^$dnsrewrite=NXDOMAIN;;",
                "||mask.icloud.com^$dnsrewrite=NXDOMAIN;;"
            ]
        }

Further documentation is available at:

  1. Unblock edgesuite.net (apple actually only needs *.apple.com.edgesuite.net)
fkonradmain commented 5 months ago

If we unblock edgesuite.net, apple then requests amp-api-edge.apps.apple.com.edgesuite.net and after that the app store finally works.

So we might consider allowing only the apple subdomains, as documented above.

fkonradmain commented 5 months ago

Apple also requests play.itunes.apple.com.edgesuite.net