I put in a configuration profile from NextDNS on my macOS machine to encrypt and monitor DNS queries and set my Ethernet DNS servers to localhost (:: and 127.0.0.1) to make sure nothing can bypass it, however it seems that macOS will repeatedly make unencrypted DNS queries for mask-api.icloud.com (over port 53) anyway. (I can see the unencrypted lookup makes an attempt to localhost by way of Wireshark.) (Notice: mask-api.icloud.com is blocked by way of NextDNS.)
Additional, these A and AAAA queries for mask-api.icloud.com are paired with inexplicable PTR queries for lb._dns-sd._udp.0.0.168.192.in-addr.arpa and 0.0.168.192.in-addr.arpa.
I’m questioning if this conduct is taken into account regular, an Apple bug, or an indication of malware and if there’s some approach to disable the undesired queries in macOS. (Notice: Personal Relay is off since I don’t use an iCloud account on macOS and the “restrict monitoring” function can be off for the Ethernet connection.)
(Additionally regarding is that if this conduct is in iOS too, then it’s presumably not really potential to dam iCloud masking or encrypt all DNS requests on a cellular community by way of a configuration profile since iOS doesn’t appear to offer some other approach to management cellular community DNS servers (i.e., I can’t blackhole the requests to localhost).)