Unexpected delays in Safari browser due to DNS
I've been using AGH for nearly two years and sometimes experience weird delays with Apple Safari web browser, both on MacOS and mobile platforms. The AGH logs don't show the problem. Troubleshooting using nslookup or dig won't show the problem.
After two years, I finally discovered the root cause of the problem. A simple misconfiguration of Apple Safari will sneakily bypass your chosen DNS server.
There's an advanced setting in Safari called "used advanced tracking and fingerprinting protection" By default this setting is used only in Private Browsing mode. I had changed it to be used in All Browsing.
What does this setting do? It causes Safari to use Apple's own DNS servers over an encrypted channel, bypassing AGH.
More here: https://cleanbrowsing.org/support/troubleshooting/apple-screen-time
(The article is slightly dated, but the problem still exists in MacOS 26, iOS 26 an iPadOS 26.
I discovered the problem quite by accident. I clicked on a link that I absolutely knew should have been blocked by AGH. It was blocked in Vivaldi browser and blocked in DuckDuckGo browser, but it opened right up in Safari. After some troubleshooting and further investigation, I found the above article and sure enough that explained so many anomalies that were driving me crazy. After disabling that option, the problems have vanished.
I hope this helps someone else.