iCloud Private Relay

I am using Cloudflare Teams Gateway on my servers and noticed, that my DNS requests were answered by iCloud Private Relay.

I am unable to find any information related. Could anyone advise on this?

2 Likes

How did you track that down? Apple’s new private relay uses Cloudflare, so I’m curious what lookup returned that.

Any dns leak test. Also every test I am getting answers from different IP, but in Cloudlfares range.

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

Screenshot 2021-09-03 at 17-08-53 DNS Leak Tests

1 Like

That’s interesting that they resolved it back to iCloud Private Relay. I don’t think that’s entirely accurate. That’s definitely squarely within Cloudflare’s IP address range.

I wonder where they got their data.

1 Like

I am so confused. I have two locations set on Cloudflare Teams - one being home network, other all other servers with different policies, but from all devices (Even Phone with 1.1.1.1 App) I get the same resolvers.

1 Like

Are you running any of the current MacOS/iOs/iPadOS betas?

A quick scan shows those addresses as being within the iCloud Private Relay (IPR) address ranges. Cloudflare is one of the providers involved in IPR, but I’m not sure if the egress address are dedicated to that purpose.

https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/

2 Likes

No, nothing to do with them. Maybe some works/tests are being done on Cloudflare’s side.

1 Like

I too now see DNS leak tests showing icloud relay message instead of the normal cloudflare. The Ip addresses domain lookup shows cloudflare. I’m wondering why my DNS is now going to be sent to Apple?? Because as far as I’ve heard this new icloud relay is for apple users wanting more privacy via their device and if they have a icloud+ account. If you go look into this proxy service, it says it sends information to Apple…So now I’m questioning the whole Cloudflare DNS record keeping. Actually if you look into the company cloudflare hired for 3rd party testing, it’s the same company that helped during the start of cloudflare. So basically buddies.

2 Likes

Apple are using multiple providers as part of the Architecture of Private Relay. I suspect that some IP lookup database has taken the list of iCloud egress IPs, and listed them as exclusively iCloud. They are more likely shared for egress from Cloudflares network.

The situation is similar to Acme Inc. saying that their email comes through Microsofts network, and then people assuming that Acme Inc. can access any other Microsoft customers email.

iCloud Private Relay sends all data to and from user devices through Apples network and a second network. The intent is that no single entity can view your browsing activity.

https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/

2 Likes

Here’s the egress list: https://mask-api.icloud.com/egress-ip-ranges.csv

The tech behind iCloud Private Relay:

Within hours of Private Relay being announced, however, it became evident that Cloudflare is at least one of Apple’s partners in powering Private Relay when app researcher Jane Manchun Wong took to Twitter to confirm she obtained IP issued by cloudlfare while using the currently available developer version of Private Relay. Wong’s tweet was followed by a wave of other users noting the same results, drawing comparisons between Private Relay and proxy app Cloudflare Warp. Cloudflare was a primary partner in Apple’s push to standardize the potentially game-changing element of Private Relay – its in-browser use of something called Oblivious DNS-over-HTTPS (ODoH).

Full article with answers for Cloudflare and Apple users with all references here: https://www.cnet.com/tech/services-and-software

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.