If I understand correctly, it will still require an app though, unlike just entering the address in Android 9+ settings, but I hope it will still bring alternatives to Cloudflare whose 220.127.116.11 is just the easiest encrypted DNS app that I know of.
Is anyone testing this/iOS14-beta? It looks like at least NextDNS supports it.
iOS 14 has been released and I have been following especially this native encrypted DNS with curiosity.
- NextDNS supports it in their Testflight and user NextDNS on Reddit says that they are waiting for Apple’s approval for App Store release
- Cloudflare’s 18.104.22.168 has had updates recently, but hasn’t brought this in even in DNS-only mode. I accidentally found their Testflight which has the same situation while searching their forum.
While it’s early considering how iOS 14 was released stably just yesterday, so far I prefer the Android 9 approach which begins with opportunistic DNS-over-TLS (that iOS 14 is missing entirely?) and gives the user an option to enable strict DoT with any domain name the user supplies. It does suffer from DoT being more easily blockable than DoH, but it doesn’t require approval from phone OS manufacturer to use.
not sure if that would help but i use
go it from
hope that help and have a nice day
Sadly iOS 14 doesn’t have an option to select your own servers, you have to install
an app by the DNS server provider, so nic.cz needs to become an Apple Developer and publish their app that configured iOS to use their resolver an DNS profile, see Nitrohorse below, Apple adds support for encrypted DNS (DoH and DoT) | ZDNet and then the user has to go to Settings -> VPN & Network -> DNS and pick their app.
As opposed to Android where you would simply Settings -> Web & Internet -> Advanced -> Private DNS -> Hostname of private DNS provider and enter
odvr.nic.cz or whatever you want
without phone OS manufacturer deciding whether you can do that or not.
oh thanks for the info and sorry that they do not allow that option
and have a nice day
Thanks for the updates I am interested in this as well. I have been using 22.214.171.124 since it came out. But an alternative would be very welcome.
what about google intra? they are open source
Based on my limited testing it appears that you don’t need an app installed to utilize encrypted DNS; you just need to install a “Configuration Profile” (.mobileconfig file) with encrypted DNS (DoH or DoT) configured. Looks like AdGuard has some signed profiles available in a new blog post of theirs here (don’t need to install an app). You can also create your own profile (found this guide on Reddit) for a custom resolver that hasn’t provided their own profile.
Also noticing that if any VPN profile exists under the “VPN Configurations” or “Personal VPN” sections under Settings > General > VPN & Network, the Configuration Profile won’t turn on even if it’s been installed and selected. It appears to only turn on after I remove all VPN profiles.
Thank you, I am happy to hear that I am wrong about it requiring an app (while it could be easier).
How are you testing it? At least with the NextDNS Testflight it’s possible to have VPN profiles as long as there is no VPN connected judging by test.nextdns.io.
Edit: I tested the AdGuard signed profile and it did light up the map at Adguard DNS homepage saying that I am using the default profile.
Yeah, I’m seeing different behavior then—with at least one VPN profile existing under the general settings, no DNS profile works (validated on NextDNS and AdGuard’s test pages w/ their profile enabled). But when no VPN profile exists, tests show a connection. Maybe this is a bug on my end, I’m not so sure. But it’s annoying if this is the case that I’d need to remove all VPN profiles before use.
Just now I saw a difference that when there is at least one VPN profile or a VPN profile has been used previously, the setting is directly in Settings -> Network & VPN. Without a VPN profile (or used it previously) it has to be found from Settings -> General -> Network & VPN.
For some convenience/reference, I started creating DoH profiles for other providers.
I opened a PR yesterday attempting to list you.
- The site is now known as https://encrypted-dns.party/ (and the amount of profiles seems to be just growing)
- The profiles don’t overwrite each other anymore, so it’s possibly to install multiple of them and pick which one to use in settings (thanks )
- I have another take of a PR to list it as the previous one is is a bit too clumsy attempt to fit the format of apps.