Apple adds support for encrypted DNS (DoH and DoT) | ZDNet

If I understand correctly, it will still require an app though, unlike just entering the address in Android 9+ settings, but I hope it will still bring alternatives to Cloudflare whose 1.1.1.1 is just the easiest encrypted DNS app that I know of.

Is anyone testing this/iOS14-beta? It looks like at least NextDNS supports it.

1 Like

iOS 14 has been released and I have been following especially this native encrypted DNS with curiosity.

So far:

While it’s early considering how iOS 14 was released stably just yesterday, so far I prefer the Android 9 approach which begins with opportunistic DNS-over-TLS (that iOS 14 is missing entirely?) and gives the user an option to enable strict DoT with any domain name the user supplies. It does suffer from DoT being more easily blockable than DoH, but it doesn’t require approval from phone OS manufacturer to use.

2 Likes

not sure if that would help but i use
https://www.nic.cz/odvr/
go it from

hope that help and have a nice day :slight_smile:

Sadly iOS 14 doesn’t have an option to select your own servers, you have to install an app by the DNS server provider, so nic.cz needs to become an Apple Developer and publish their app that configured iOS to use their resolver an DNS profile, see Nitrohorse below, Apple adds support for encrypted DNS (DoH and DoT) | ZDNet and then the user has to go to Settings -> VPN & Network -> DNS and pick their app.

As opposed to Android where you would simply Settings -> Web & Internet -> Advanced -> Private DNS -> Hostname of private DNS provider and enter odvr.nic.cz or whatever you want without phone OS manufacturer deciding whether you can do that or not.

1 Like

oh thanks for the info and sorry that they do not allow that option

and have a nice day :slight_smile:

1 Like

Thanks for the updates I am interested in this as well. I have been using 1.1.1.1 since it came out. But an alternative would be very welcome.

what about google intra? they are open source

Based on my limited testing it appears that you don’t need an app installed to utilize encrypted DNS; you just need to install a “Configuration Profile” (.mobileconfig file) with encrypted DNS (DoH or DoT) configured. Looks like AdGuard has some signed profiles available in a new blog post of theirs here (don’t need to install an app). You can also create your own profile (found this guide on Reddit) for a custom resolver that hasn’t provided their own profile.

Also noticing that if any VPN profile exists under the “VPN Configurations” or “Personal VPN” sections under Settings > General > VPN & Network, the Configuration Profile won’t turn on even if it’s been installed and selected. It appears to only turn on after I remove all VPN profiles.

1 Like

Thank you, I am happy to hear that I am wrong about it requiring an app (while it could be easier).

How are you testing it? At least with the NextDNS Testflight it’s possible to have VPN profiles as long as there is no VPN connected judging by test.nextdns.io.


Edit: I tested the AdGuard signed profile and it did light up the map at Adguard DNS homepage saying that I am using the default profile.


They are Android-only and thus won’t help iOS users and their privacy policy links to Google’s which is why it has been previously considered as ineligible for listing at PrivacyTools.io, however there is Nebulo (also Android-only) which does the same (and more) without that issue.

Yeah, I’m seeing different behavior then—with at least one VPN profile existing under the general settings, no DNS profile works (validated on NextDNS and AdGuard’s test pages w/ their profile enabled). But when no VPN profile exists, tests show a connection. Maybe this is a bug on my end, I’m not so sure. But it’s annoying if this is the case that I’d need to remove all VPN profiles before use.

1 Like

Just now I saw a difference that when there is at least one VPN profile or a VPN profile has been used previously, the setting is directly in Settings -> Network & VPN. Without a VPN profile (or used it previously) it has to be found from Settings -> General -> Network & VPN.

1 Like

For some convenience/reference, I started creating DoH profiles for other providers.

Source: https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs

2 Likes

I opened a PR yesterday attempting to list you.

1 Like

News:

  • The site is now known as https://encrypted-dns.party/ (and the amount of profiles seems to be just growing)
  • The profiles don’t overwrite each other anymore, so it’s possibly to install multiple of them and pick which one to use in settings (thanks :purple_heart:)
  • I have another take of a PR to list it as the previous one is is a bit too clumsy attempt to fit the format of apps.
1 Like