Is it normal for youtube(actually tiktok) to try bypass DNS now?

[allebone]

I have noticed on my firewall that today when one of my kids were playing on their ipads, (apparently watching youtube in safari - was not able to confirm this for sure but he is only 10 years old) that in my firewall logs, attempts to 8.8.8.8 from the Ipad over port 443 was attempted in bursts of 3 packets, then a delay of a few seconds, and then another burst of traffic etc multiple times for about 2 minutes.

Currently my firewall blocks traffic to known public DNS servers, so this was prevented and flagged on my firewall. I would imagine a DOH query occurred in an attempt to bypass by DNS filtering I use on my internal network at home. Is it possible that accessing youtube via safari could have done this, and that a webpage or advert attempted to bypass my DNS servers in order to circumvent the ad blocking I use? Or do you think something else caused this?

Kind regards
Peter

[allebone]

Just an update to this I have managed to locate the app that does this on the ipad. Its TikTok - I guess to a 10 year old youtube/tiktok is the same thing basically. It looks like it does DOH by default and cant be changed so it will simply attempt to connect out and bypass any dns filtering you have in place.

[road hazard]

I've been attempting to determine why adverts are being served by the YouTube applications on my TV and fire tab. I attempted to block QUIK over UDP/443 after seeing a lot of it. The information in this post could be the reason why nothing I try seems to function with www.socialfollowersfree.com. You might try blocking all Google DNS servers through HTTP. My redirects have not been effective because it is impossible to divert this kind of traffic. Tiktok won't be able to get around geoblocking on your perimeter firewall and a solid NAC running on your network.

Blocking YouTube ads with firewalls like *sense/Sophos/Untangle/etc is impossible. If you want to 100% remove ads from YouTube videos on your SmartTV running the Android OS (or Android devices like the Shield, Fire tablet, etc.,) use this: https://smarttubenext.github.io/

For PCs, install the uBlock Origin browser plugin and on things like the iPad, use the 'Brave' web browser.

If you use SmartTubeNext, please consider donating to the guy and supporting his work.

[meyergru]

If you are as big as Google, you do not even have to use DNS at all.

In case you are wondering how, take a close look at the TLS certificate that youtube.com presents to you. You will find that the certificate is a) issued by Google's own CA and b) that it is also valid for several other Google-owned domains. Also, modern browsers do not lookup DNS any more when they have an open connection whose certificate already covers the new site. This is indeed the case because all of those domains are being served by the same CDN.

That means if there is a hyperlink going from youtube.com to some Google ad APIs, the content is served via the same HTTP/2 or HTTP/3 connection without ever resolving DNS. Since the traffic is also encrypted, your firewall does not have any chance to intercept.