I have a complex Tailscale-based network setup that includes blocking all Google hostnames. Unfortunately RCS on iOS doesn’t work when sending photos.
I’ve scoured AT&T’s website and App Privacy Report on iOS (which doesn’t show DNS names for Messages, Phone apps) but I do know they switched to Google as their RCS provider at one point.
I’d like to set up a Tailscale App Connector using hostnames, but if they’re using IP addresses I can work with those as well (subnet routing).
You must log in or register to comment.
This article has helped me tremendously over the last couple years resolving host and port issues. Unsure if RCS relations are in here but still could be a useful resource for you, especially after checking your logs. Apple Enterprise Networks
RCS is a whole can of worms. It’s presented like a carrier services (and carriers are in the mix, though often just for authentication), but it’s really a Google service. With Android, RCS connects directly to google’s mothership.
I believe on iOS those go to Apple’s servers which “peers” with google. Maybe search the RCS endpoint for Apple and see what comes up?
Sooo Google is getting a taste of all MMS pics now?
Good point, I’ll be on the lookout for that.
Probably easier to just unblock Google, send some messages, then look at your filter logs to see where they are going.
Guarantee you’ll run into issues when you hop towers or networks though.
What shows up on your block log when you try?
I’m blocking primarily with my self-hosted, non-logging DNS server (Unbound).
I might just use my travel router to MITM myself while Tailscale is disabled on the iPhone to glean more information that way.
Non-logging? Unbound supports logging.
It sure does, but I don’t log my family and friends’ queries so I’ll probably MITM myself using a travel router.
Throw up a pihole container and it’ll show you what is being queried pretty easily right on the dashboard.
