I originally started recording this on Twitter (see links) as I wasn't convinced I was seeing what I thought I was.
Raising this issue as have had opportunity to collect more data.
Jigsaw is Google's sister company, and Intra is an App which allows you to intercept DNS lookups and send them via DNS-over-HTTPS (DoH) instead. It works by acting as though it were a VPN, and then intercepting any packets on UDP 53
In early May, I noticed my home pi-hole interface was showing lookups from my phone, which runs Intra in order to send queries out to my DoH server on the net (https://www.bentasker.co.uk/documentation/linux/407-building-and-running-your-own-dns-over-https-server
The behaviour stopped shortly after I noticed it though - presumably (https://twitter.com/bentasker/status/1129696578867011584
) because I'd interacted with the phone and woken something up?
On Saturday whilst on someone else's Wifi I got a BT NXDOMAIN interception page (https://twitter.com/bentasker/status/1132288203023704064
) which should never happen.
This morning I've taken captures, and found queries hitting port 53 with no corresponding queries hitting my DoH server (despite the Intra Icon being in my notification panel).
Will update the comment in a minute with copies of notes/comments from earlier in the Twitter thread