Introduction
DNS over TLS (DoT) and DNS over HTTPS (DoH) are now supported natively in iOS versions 14 and higher. Using a .mobileconfig profile removes the need for a separate app, like DNSCloak, to use encrypted DNS.
Please follow the steps below to install the Quad9 DNS Profile. Requires iOS 14 or later.
Choosing DNS over TLS or DNS over HTTPS
DoT is recommended if the device will mainly connect to networks you control, or on corporate networks where DoT is allowed.
DoH is recommended if the device will frequently connect to guest Wi-Fi, and/or networks you do not administrate, as DoH is not as commonly blocked on firewalls.
Before You Start
The App Store, as well as the dig and nslookup commands in Terminal do not use encrypted DNS. This is by-design.
The following will disable the use of DNS over TLS and/or DNS over HTTPS:
- iCloud Relay
- Little Snitch
- Enabled VPN
- Apple Private Relay
Once this profile is installed, if you connect to a network which blocks DNS over TLS or DNS over HTTPS, you may have to remove the profile or disconnect from that network to regain DNS resolution. This solution does not allow for unencrypted "fallback" behavior.
Instructions
- Download one of the profiles here directly using Safari on your iOS device;
- DNS over TLS - 9.9.9.9 (DNSSEC, Threat-Blocking) (Expires Feb 1st, 2024)
- DNS over HTTPS - 9.9.9.9 (DNSSEC, Threat-Blocking) (Expires Feb 1st, 2024)
- DNS over TLS - 9.9.9.10 (No DNSSEC, no Threat-Blocking) (Expires Feb 1st, 2024)
- DNS over HTTPS - 9.9.9.10 (No DNSSEC, no Threat-Blocking) (Expires Feb 1st, 2024)
- DNS over TLS - 9.9.9.11 (DNSSEC, Threat-Blocking, with ECS) (Expires Feb 1st, 2024)
- DNS over HTTPS - 9.9.9.11 (DNSSEC, Threat-Blocking, with ECS) (Expires Feb 1st, 2024)
- DNS over TLS - 9.9.9.12 (No DNSSEC, no Threat-Blocking, with ECS) (Expires Feb 1st, 2024)
- DNS over HTTPS - 9.9.9.12 (No DNSSEC, no Threat-Blocking, with ECS) (Expires Feb 1st, 2024)
- Navigate to your Downloads folder and select to the profile you just downloaded.
- Open Settings > Profile Downloaded and select the Quad9 profile you opened.
- Click Install
- Enter your phone's passcode
You will receive a warning message warning that your network traffic may be filtered or monitored by the DNS server. While Quad9’s profile can protect your device by filtering potentially malicious traffic, none of your traffic will be logged by Quad9. Please refer to our Privacy Policy for more information
- Select Install, then Install again.
- The profile is now installed. Select Done
Step 6 - Confirmation
To confirm the installation was successful, visit https://on.quad9.net
That’s it! Your iOS device is now configured to use the Quad9 DNS profile.
Comments
0 comments
Please sign in to leave a comment.