Prevent DNSCloak app from bypassing AdguardHome

[chatbuddy21]

I have setup AdguardHome on my local network. It works perfectly fine. However when the client installs and uses DNSCloak app on their iphone/ipad they can now bypass Adguardhome. I will not see anymore DNS requests from that device. It seems the app uses DNScrypt. Is this something we can block on AdguardHome? I have already blocked port 53 and 853 and known public DNS on the Asus router to prevent clients from using their own DNS.

DNSCloak
https://apps.apple.com/us/app/dnscloak-secure-dns-client/id1452162351

[hagezi]

Hi @chatbuddy21,

no, DNSCloak cannot be "blocked" at DNS level.

To prevent other bypass possibilities like DoH/VPN/TOR/Proxy, you can use an appropriate blocklist, e.g.:
https://github.com/hagezi/dns-blocklists#dohvpntorproxy-bypass---prevent-methods-to-bypass-your-dns

To ensure the bootstrap is your DNS server you must redirect or block standard DNS outbound (UDP 53) and block all DNS over TLS (TCP 853) outbound.

Cheers,
Gerd