The real eye-opener is when you start redirecting DNS 53 requests to your own DNS server and block DoT/DoQ/DoH – so many devices/apps just trying to reach out to their hardcoded DNS servers for tracking/ad targeting.
Unsurprisingly, Google and Facebook IoT junk is the worst. They both hardcode their own DNS, and I've caught Google devices ignoring the DNS IP from DHCP (not the gateway) and attempting to resolve from the gateway (with external blocked)
briHass|2 years ago