Piholes just replace DNS results, so a device using hard coded DNS servers allows it to bypass that. This leads to people redirecting all port 53 traffic to the Pihole, which leads to devices/apps doing DNS over HTTPS, at which point it’s game over unless you can get your self-signed cert onto the device.
but surely these devices are set up to use DHCP and receive home users' DNS servers? giving them static IPs would not work. I suppose it depends on a) if these devices are somehow set up to receive just an IP address over DHCP and use their own hardcoded DNS servers and b) whether the home DHCP server / router would honour this and not enforce its own DNS servers along with the IP address
They’ll be using DHCP, but even when not doing anything nefarious you’re better off using known DNS servers when deploying appliances on random networks because consumer ISPs have a habit of ignoring TTLs and redirecting DNS results when you’re reaching bandwidth quotas and the like.
then the DHCP can assign PiHole as the DNS resolver, and if the requested domain isn't in its block list then it will be forwarded to google, cloudflare, etc.
