I’m not going to accuse them of user error but I’m having trouble imagining how a browser without a tunneling engine could bypass that.
It would need a false endpoint before the user and the send all the otherwise blocked traffic through on a single channel and at that point everything is completely compromised.
It could just have enabled DNS over HTTPS in the settings, hence not having used the user set up DNS at all.
Except for getting the IP of the DNS that they then connected via HTTPS.
Librewolf uses Quad9 by default IIRC.
Honestly, it may have nothing to do with the browser.
For instance at&t’s newest fiber gateway (bgw320-500/505, 3-4 years old at this point) has a known issue that bypasses pihole for all Wi-Fi devices. Such that only hardwired devices can utilize its DNS services. Even with the pihole acting as DHCP server
I’m not going to accuse them of user error but I’m having trouble imagining how a browser without a tunneling engine could bypass that.
It would need a false endpoint before the user and the send all the otherwise blocked traffic through on a single channel and at that point everything is completely compromised.
It could just have enabled DNS over HTTPS in the settings, hence not having used the user set up DNS at all.
Except for getting the IP of the DNS that they then connected via HTTPS.
Librewolf uses Quad9 by default IIRC.
Honestly, it may have nothing to do with the browser.
For instance at&t’s newest fiber gateway (bgw320-500/505, 3-4 years old at this point) has a known issue that bypasses pihole for all Wi-Fi devices. Such that only hardwired devices can utilize its DNS services. Even with the pihole acting as DHCP server