I have a complex Tailscale-based network setup that includes blocking all Google hostnames. Unfortunately RCS on iOS doesn’t work when sending photos.
I’ve scoured AT&T’s website and App Privacy Report on iOS (which doesn’t show DNS names for Messages, Phone apps) but I do know they switched to Google as their RCS provider at one point.
I’d like to set up a Tailscale App Connector using hostnames, but if they’re using IP addresses I can work with those as well (subnet routing).
Update: Resolved by allowlisting rcs-copper-us.googleapis.com specifically, but I also added all of telephony.goog to unblock rcs.telephony.goog. A simple tcpdump got me the DNS requests for those domains.
RCS is a whole can of worms. It’s presented like a carrier services (and carriers are in the mix, though often just for authentication), but it’s really a Google service. With Android, RCS connects directly to google’s mothership.
I believe on iOS those go to Apple’s servers which “peers” with google. Maybe search the RCS endpoint for Apple and see what comes up?
Sooo Google is getting a taste of all MMS pics now?
What shows up on your block log when you try?
I’m blocking primarily with my self-hosted, non-logging DNS server (Unbound).
I might just use my travel router to MITM myself while Tailscale is disabled on the iPhone to glean more information that way.
Non-logging? Unbound supports logging.
It sure does, but I don’t log my family and friends’ queries so I’ll probably MITM myself using a travel router.
Throw up a pihole container and it’ll show you what is being queried pretty easily right on the dashboard.
I resolved the issue and edited the post.
