iCloud Private Relay on iOS automatically enforces its own DNS in Safari, even when manually setting up dns0.eu using a configuration profile.

However, for every DNS query, iOS will first make a query to dns0.eu to check if the domain should be blocked, and respect this (but ignore the answers and do the real DNS query to iCloud Private Relay DNS).

We believe that DNS should be part of the traffic and that iCloud Private Relay should simply tunnel the traffic to the manually-set DNS provider.

If you also believe this, please suggest the expected behavior to Apple via their Feedback Assistant.


There is unfortunately no workaround for this issue, aside from disabling iCloud Private Relay.