paulmillr / encrypted-dns Goto Github PK
View Code? Open in Web Editor NEWDNS over HTTPS config profiles for iOS & macOS
Home Page: https://paulmillr.com/posts/encrypted-dns/
License: The Unlicense
DNS over HTTPS config profiles for iOS & macOS
Home Page: https://paulmillr.com/posts/encrypted-dns/
License: The Unlicense
We're having reports that opendns doesn't work while cloudflare does.
All IP addresses and URL query match the official docs. Not sure how to debug this
https://support.opendns.com/hc/en-us/articles/360038086532-Using-DNS-over-HTTPS-DoH-with-OpenDNS
Hello,
Is it possible to mix DNS configurations in one single mobileconfig ?
For example, can I define a Cloudflare + Quad9 DoH for redundancy purposes ?
Thanks.
Hello, this request might be slightly offtopic, but I am pulling out my hair with iOS 14 encrypted DNS and maybe someone her ecan help me. So the question is if it is possible to extend your profiles with a second, local and most importantly NON ENCRYPTED DNS server? Problem is that iOS 14 seems to totally ignore such unencrypted servers if there an encrypted one (here: Cloudflare) is available. So the idea is to construct a mobileconfig which instructs iOS to use this second DNS as well, but only for certain domains. Is this possible at all?
I create this issue to correct Quad9 (now in Swiss) and add ECS version
Pull Request come in 5 minutes.
Is there a way for the https over dns to bypass certain links? Seems the certain captive.apple.com hotpot login pages do not load when dns over https is active. However - once logged in - I found that I can reactivate https over dns and continue browsing over the hotspot. Just can’t use to connect on the hotspot landing page.
In readme.md
, the link to AdGuard No Filter TLS actually points to adguard-nofilter-https.mobileconfig
, but it should point to adguard-nofilter-tls.mobileconfig
Hello,
can you please advise what does censorship imply? This is not clear to me.
Thanks,
Dan
Primary DNS: 1.1.1.2
Secondary DNS: 1.0.0.2
https://security.cloudflare-dns.com/dns-query
My home WIFI have a ad-blocked DNS powered by pi-hole. But this profile force the DNS all the time. Is it possible to make it exclude certain SSID, to use the DNS from DHCP. And use the profile setting for those WIFI not on the list and cellular.
https://emm.how/t/ios-14-changes-in-configuration-profiles/1285
https://thomas-witt.com/auto-connect-your-ios-device-to-a-vpn-when-joining-an-unknown-wifi-d1df8100c4ba
OnDemand key seems do something similar, but how to combine with the DNS profile?
In Mac, Safari uses the encrypted dns, all other apps like terminal and App Store use the unencrypted dns server from network settings.
Could you please create a profile that uses system-wide encrypted dns?
DoH: https://doh.pub/dns-query
DoT: dns.pub
I used your main config for Cloudflare
and I tried to change the IP's for Cloudflare team instead of Cloudflare public IPs.
I installed the profile on iOS 14.5, query are resolved but somehow not filtered
(I have a block list on Cloudflare for team and I can access blocked domain)
im not sure what Im missing
With Encrypted DNS, the middlemen will only see 91.198.174.192 — which is an IP of wikipedia.org. Hold on, there’s a nice detail. Ipinfo.org tells us there are at least 19 domain names associated with this IP! In fact, you could be visiting invoker.com — which has the same IP today. The ISP would not know the difference.
The ISP will be able to (with a bit more difficulty) see the TLS ALPN SNI hostname sent plaintext, which all major browsers and some clients will send, however it is still correct the DNS itself would not be susceptible.
When this profile is enabled on my mac, this configuration file in /etc/resolver/docker is not working:
#/etc/resolver/docker
nameserver 127.0.0.1
port 19322
Are there any change can I make in the profile to make it works?
Please add AdGaurd and AdGuard Family DNS-over-TLS profiles: https://kb.adguard.com/en/dns/setup-guide
Seems like a bug
Hello,
First of all thanks for your contribution.
I installed the profile. Is there a way to check if DNS encryption is working? I am asking that also because I have noticed a warning next to the WiFi network name:
this network is blocking DNS encrypted traffic
Thanks for helping,
Dan
iOS 14.3 on iPhone 8
When I installed a new DoH config the existed one disappeared. I want to know whether the system support only ONE DoH setting? Thank you.
This line:
https://github.com/paulmillr/encrypted-dns/blob/master/cloudflare-https.mobileconfig#L23
... should probably say Configures device to use Cloudflare Encrypted DNS over HTTPS
, not TLS
.
severaddress is wrong
Hi,
any idea if this could work in iPadOS, and not just iOS?
There is no Profile section under Settings/General in iPadOS 14.3
thanks
Because their profiles suck, don’t even import and don’t have support for DOH/DOT.
Thankfully macOS can just add the VPN profile from the macOS app and connect from Network setting without the app after but I don’t think iOS is as lucky.
Plus would be cool if I could edit the profile myself and choose preferred DNS server since their 2nd backup one is usually like 2x as fast or more — though I don’t know if that would work with their custom ID DNS profile for dashboard/filters and whatnot.
After removing the description file, there is still a dns over https item in the network settings
Please add AdGuard DNS Non-filtering: https://kb.adguard.com/en/general/dns-providers#non-filtering
Hello author, I would like to ask how to get the signature, I also want to get DNS, purr purr.
Hi,
would be nice to have DoH config files for Anycast and Unicast servers provided by UncensoredDNS. There are also specific DoT servers too.
the tls profile working perfect
the doh is not !
iphone x 14.3
The IP addresses in canadianshield-protected-https.mobileconfig currently end in 10 when they should all end in 20 per the instructions on the Canadian Shield website.
I checked all the other mobileconfig files for Canadian Shield, and they have the right IP addresses.
Thanks for posting these mobileconfig files for us Canadians!
Please add Yandex DNS: https://kb.adguard.com/en/general/dns-providers#yandex-dns
After connecting to VPN then disconnect, DNS profile will not work until system restart. This happens in both Mac & iOS.
Thanks for making these
Can you add profiles for the Cleanbrowsing servers?
https://cleanbrowsing.org/filters/
I was going to make a PR, but I see the mobileconfig files have some fields like UUIDs in them.
Do you have a script or something you use to generate profiles ?
Thanks,
In blog post Firefox is mentioned but not Chrome.
It might then come as a surprise to some users that Chrome will exempt itself from global settings on macOS (of course) and will use its own DNS-over-https. If someone would like to setup DoH on Chrome this is how to do it:
Go to Settings-> Privacy and Security --> Security and scroll down to Use Secure DNS. Check this option and select predefined server (Google, Cloudflare) or use your own.
Chrome 87 on Big Sur 11.0.1
Hello @paulmillr
It can be interesting to add a warning, that iCloud private relay redirect DNS query AND only DNS query of Safari (for now).
So for those who use it they must continue to install profile for DNS query of other APP and Warning them if they use it with profile of DNS who do Adblock the Adblock capability will not work on safari.
First of all, thank you very much for the description file. It is recommended to add Tencent DOH and DOT. The DOH address is https://doh.pub/dns-query, and the DOT address is dns.pub or doh.pub
hi,
I saw that the readme file don't have DNSPod's Public DNS website address, there is https://dns.pub
and we do also have DoT service, url is dot.pub
thanks
This is my first time trying to download something from GitHub on iOS so maybe I'm just missing something easy. I tried to follow the instructions but didn't see any "raw" button to download. I will attach a video screenshare to show what I did...https://user-images.githubusercontent.com/13949350/124803075-44ba3900-df1e-11eb-9157-246a92bcc7fc.MOV
The signed ones are signed by Andrew Glaze; who is that?
The script published for adding OpenDNS servers to iOS 14.x devices only supports the OpenDNS Home servers. For OpenDNS Family Shield users the following OpenDNS IP addresses must be configured on the iOS 14.x devices.
Please visit https://en.wikipedia.org/wiki/OpenDNS or https://support.opendns.com/hc/en-us/articles/227988127-Getting-started-About-using-OpenDNS for more information.
https://developer.apple.com/documentation/devicemanagement/dnssettings/dnssettings
If no ServerAddresses
are provided, the hostname will be used to determine the server addresses. This key must be present only if the DNSProtocol is TLS.
The ServerName
string used is cloudflare-dns.com
which is in the X509v3 Subject Alternative Name of the certificate, but resolves to web servers for Cloudflare's DNS. The ServerName
should probably be one.one.one.one
which resolves to the actual DNS servers.
Unfortunately I need to create a profile for an Inhouse (non-public) DoH proxy. Creating the profile was quite easy by modifying the google profile provided here, but I stuck at the point that I need to run the DoH proxyy on another port than 443.
Can I define the port somewhere in profile?
Hi!
Really appreciate the work here; encrypted DNS is awesome. FYI if you want to use any profiles I already created over at https://encrypted-dns.party / https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs, please feel free.
error message sorry
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.