How to Enable Encrypted DNS on iPhone iOS 14 # How to Enable Encrypted DNS on iPhone iOS 14 #

How to Enable Encrypted DNS on iPhone iOS 14 #

Published: 3 years ago

6 minute read Gunning Fog Index: 8.5

Content by Rodney

In this post, we have a look at how to enable encrypted DNS on iPhone. You can use this as a measure to improve your online privacy. First, we will look at what DNS is and why it is important for online privacy as well as security. We then set up encrypted DNS for iOS. Note, this is a new feature introduced in iOS14, so make sure your phone is up-to-date before starting. We will also have a quick look at how to set up private DNS on Android.

What is DNS #

DNS is a system which your mobile device uses to locate the online resources you need. Basically, to get our website rodneylab.com, your phone or computer requires a numeric IP address. The global Domain Name System (DNS) translates website names to a numeric IP address (the IP address returned will be something like 167.99.137.12). This translation is essential for you to connect to the site. It is akin to requiring a new contact’s phone number to be able to What’s App them — their name is not enough information to be able to connect.

DNS is an old technology (DNS has been in use since 1985 ) designed for a very different internet to the modern web. As such, your device sends DNS requests unencrypted, by default. This may mean anyone connected to your Wi-Fi access point, as well as your service provider, ISP, and others may be able to sniff out your DNS requests.

Why is encrypted DNS important for online privacy? #

With unencrypted DNS anyone on your network, as well as your service provider is able to see what sites you are visiting as well as potentially, even, sell this data to third parties. Even though the information you send to the website itself is encrypted using https, just having access to a list of the sites you are visiting could prove invaluable to a number of types of bad actor. Even though malicious actors may just know what sites you visit without knowing what information is sent, this information is still information you should guard carefully. For example, knowing you visited the sites of stores in your local town before leaving the house could prove invaluable to a stalker.

According to EFF Encrypted DNS could help close the biggest privacy gap on the internet . There is also a security implication. Malicious hackers could reroute your DNS traffic. As an example, they might send you to a clone of your bank’s website when you think you are accessing the real thing. Encrypting DNS is an extra step you can take to help mitigate this risk.

Note that although someone snooping on your connection may still be able to see the IP addresses you visit (e.g. they sniff out you typed the domain name rodneylab.com in Safari, but they might see you visited the IP address 167.99.137.12). Encrypted DNS is still an improvement though, as often a single IP address can translate to a number of domain names — keeping the snooper on their toes.

I have an Android Phone, is Private DNS supported? #

Setting up private DNS on Android is very easy, in fact much easier than for iPhone.

Open Settings and then go to Connections.
Select More connection settings.
Select Private DNS.
You can use the automatic setting, or choose a custom provider. Many people pick Cloudflare for speed. Set the Private DNS provider hostname to 1dot1dot1dot1.cloudflare-dns.com to use Cloudflare encrypted DNS.

Easiest way to set up Encrypted DNS on iPhone #

Using a secure DNS app is the easiest way to get encrypted DNS on an iPhone. You might try the Cloudflare 1.1.1.1 app . Unfortunately, if, as is recommended for privacy and security reasons, you are already using a VPN app (e.g. Private Internet Access , ProtonVPN or NordVPN ), this is not an option. The good news is that provided your VPN app has secure encrypted DNS configured, you can stay private online. It is still worth setting up encrypted DNS outlined in the steps below for protection whenever the VPN connection drops out.

I am not much of a tech person, is there something easier to do to improve my online privacy? #

The following step requires a little technical ability. If you are not comfortable performing the steps, do not worry! Here is a comparatively easier alternative you can use to set your DNS servers to private ones. You can set these on your device, on your router, or both. On your device, you need to find the DNS settings and set the primary and secondary DNS servers. Often the default setting is not secure. Change the default value to use Cloudflare’s (1.1.1.1 & 1.0.0.1), Comodo (8.26.56.26 or 8.20.247.20) or Quad9’s (9.9.9.9 & 149.112.112.112) servers. Note, you are not using an encrypted service. However, it gives you a bit more control, improving your privacy a little.

How to Enable Encrypted DNS on iPhone #

There are a few steps to follow here. Firstly, we will need to start by creating a DNS profile on a computer running macOS. This profile will contain the DNS settings in a format which we are able to upload to the iPhone. Once uploaded, we just need to enable the new settings on the iPhone. We will use Cloudflare here, tough you can swap out Cloudflare details for another service (there are alternative Encrypted DNS profiles on this GitHub repo ).

How to Enable Encrypted DNS on iPhone: Create an iPhone profile #

On your computer, open a text editor (e.g. TextEdit, Sublime Code or Visual Studio Code). If using TextEdit, you need to make sure the file format is plain text (select Make Plain Text from the Format menu).

Create a new file in your text editor and paste in the following content:

Content to paste into new file.

xml

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>Name</key>
        <string>Cloudflare DNS over TLS</string>
        <key>PayloadDescription</key>
        <string>Configures device to use Cloudflare Encrypted DNS over TLS</string>
        <key>PayloadDisplayName</key>
        <string>Cloudflare DNS</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.dnsSettings.managed.AFCA1444-5AEB-44CD-B23D-5D1B3ADCD1EE</string>
        <key>PayloadType</key>
        <string>com.apple.dnsSettings.managed</string>
        <key>PayloadUUID</key>
        <string>A6F9CB2D-F00E-4C3A-90EB-E19E5B872C4F</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>DNSSettings</key>
        <dict>
          <key>DNSProtocol</key>
          <string>TLS</string>
          <key>ServerAddresses</key>
          <array>
            <string>2606:4700:4700::1111</string>
            <string>2606:4700:4700::1001</string>
            <string>1.1.1.1</string>
            <string>1.0.0.1</string>
          </array>
          <key>ServerName</key>
          <string>cloudflare-dns.com</string>
        </dict>
      </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Adds the Cloudflare DNS to Big Sur and iOS 14 based systems</string>
    <key>PayloadDisplayName</key>
    <string>Cloudflare DNS over TLS</string>
    <key>PayloadIdentifier</key>
    <string>r.macOSBeta.0BD60CF6-64B5-4D16-BEA4-7294E93BDD4C</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>01DA864C-C3AF-4039-A8D0-A00D982B1569</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
  </dict>
</plist>

Profile from reddit r/MacOSBeta by DustiiWolf post .

Save the file as cloudflare-dns.mobileconfig. Make sure the file extension is .mobileconfig before continuing. Change it in Finder if necessary.

How to Enable Encrypted DNS on iPhone: Upload the Profile to your iPhone #

Transfer the file to your phone, you can email it to yourself, use iCloud or any other method you prefer.
Open the file on your phone. Once open, you will see a message which says Profile Downloaded.
Open Settings and select Profile Downloaded
Tap Install in the top-right corner and follow on-screen instructions. The phone will display a warning that the profile is unsigned.

How to Enable Encrypted DNS on iPhone: Enable and Test your new Settings #

To start using encrypted DNS, in Settings, select VPN & Network. You should see DNS near the bottom. Tap this and from the list select Cloudflare DNS. These are the settings from your freshly installed profile.
Test you have Secure DNS by going to www.cloudflare.com/ssl/encrypted-sni/ . You should have a green check mark next to Secure DNS once the test has run. You can also check at 1.1.1.1/help. Here you should have Yes next to Using DNS over TLS (DoT) as well as connectivity to 1.1.1.1 and 1.0.0.1. If you have IPv6 enabled over your connection, you will also see yes next to the other two IP addresses. Note that if you are using a VPN app, it may override these settings, while the VPN is active.
Sit back and enjoying browsing with encrypted DNS.

How to Enable Encrypted DNS on macOS #

That’s it! There are a few steps, but it is all definitely worth the effort as an extra measure to protect your online privacy. If you have a Mac running the latest version of macOS, you can also use the profile you created for your computer. Just double-click the profile file and follow instructions. This will give you encrypted DNS on your computer too.

Feedback #

I hope you found this article on how to enable encrypted DNS on iPhone useful. Keen to hear your suggestions. Do you have an easier way to set up iPhone encrypted DNS? What other tips do you have for improving iPhone privacy? Let me know via @askRodney on Twitter, askRodney on Telegram or see other ways to get in touch with Rodney Lab. If you have found this post useful and can afford even a small contribution, please consider supporting me through Buy me a Coffee.

We post regularly on online privacy and security hacks, as well as website development. Subscribe to the newsletter to keep up-to-date with our latest projects.