[kuschku]

Some ISPs started integrating pi-hole functionality into their ISP routers, and that actually went to court.

On Android, some of the most popular apps are fake-VPNs which just register your own device as VPN with itself so they can filter ads.

This isn't about the pi-hole, this is about ad blocking becoming "too easy". You can always block DoH. But no ISP can include such a blocker by default easily anymore.

[jannes]

Wait, how do you block DoH without blocking other HTTPS traffic?

Do you have to block every known DoH server? Looking at Google's DoH certificate they list quite a few hostnames and IPs as Subject Alt Names:

    dns.google
    *.dns.google.com
    8888.google
    dns.google.com
    dns64.dns.google
    2001:4860:4860::64
    2001:4860:4860::6464
    2001:4860:4860::8844
    2001:4860:4860::8888
    8.8.4.4
    8.8.8.8

Issued by Google Trust Services...