pihole often doesn’t help, as many IoT devices either use their own DNS servers and ignore the one provided by your network, and sometimes even skip DNS completely and just connect to hardcoded IPs directly. Even blocking DNS at the firewall/router is getting more difficult with increasing use of DNS over HTTPS and custom DNS server IPs that aren’t in public lists. (I block all known DNS server IPs at my firewall, forcing any device to use my own DNS servers, but even that is not always completely effective)
It’s usually best to isolate IoT devices on VLANs with no internet access (blocked at the router/firewall) Although there are now even devices that can autonomously connect to external WiFi networks like Amazon Sidewalk, to gain internet access and bypassing any restrictions you might try to place on them…
pihole often doesn’t help, as many IoT devices either use their own DNS servers and ignore the one provided by your network, and sometimes even skip DNS completely and just connect to hardcoded IPs directly. Even blocking DNS at the firewall/router is getting more difficult with increasing use of DNS over HTTPS and custom DNS server IPs that aren’t in public lists. (I block all known DNS server IPs at my firewall, forcing any device to use my own DNS servers, but even that is not always completely effective)
It’s usually best to isolate IoT devices on VLANs with no internet access (blocked at the router/firewall) Although there are now even devices that can autonomously connect to external WiFi networks like Amazon Sidewalk, to gain internet access and bypassing any restrictions you might try to place on them…