In this post we take a look at how to enable encrypted DNS on iPhone. You can use this as a measure to improve your online privacy. First we will look at what DNS is and why it is important for online privacy as well as security. We then set up encrypted DNS for iOS. Note this is a new feature introduced in iOS14 so make sure you phone is up-to-date before starting. We will also have a quick look at how to set up private DNS on Android.
DNS is a system which your mobile device uses to locate the online resources you need. Basically
to get our website rodneylab.com, your
phone or computer needs a numeric IP address. The global Domain Name System (DNS) translates web
site names to a numeric IP address (the IP address returned will be something like
22.214.171.124). This translation is essential for you to connect to the site. It is akin to needing a new
contact’s phone number to be able to What’s App them — their name is not enough
information to be able to connect.
DNS is an old technology (DNS has been in use since 1985 ) designed for a very different internet to the modern web. As such your device sends DNS requests unencrypted, by default. This may mean anyone connected to your wifi access point, as well as your service provider, ISP and others may be able to sniff out your DNS requests.
With unencrypted DNS anyone on your network, as well as your service provider is able to see what sites you are visiting as well as potentially, even, sell this data to third parties. Even though the information you send to the website itself is encrypted using https, just having access to a list of the sites you are visiting could prove invaluable to a number of types of bad actor. Even though malicious actors may just know what sites you visit without knowing what information is sent, this information is still information you should guard carefully. For example knowing you visited the sites of stores in your local town before leaving the house could prove invaluable to a stalker.
According to EFF Encrypted DNS could help close the biggest privacy gap on the internet . There is also a security implication. Malicious hackers could reroute your DNS traffic. As an example, they might send you to a clone of your bank’s website when you think you are accessing the real thing. Encrypting DNS is an extra step you can take to help mitigate this risk.
Note that although someone snooping on your connection may still be able to see the IP addresses
you visit (e.g they sniff out you typed the domain name rodneylab.com in Safari but they might see
you visited the IP address
126.96.36.199). Encrypted DNS is still
an improvement though as often a single IP address can translate to a number of domain names
— keeping the snooper on their toes.
Setting up private DNS on Android is very easy, in fact much easier than for iPhone.
- Open Settings and then go to Connections.
- Select More connection settings.
- Select Private DNS.
You can use the automatic setting, or choose a custom provider. Many people choose Cloudflare
for speed. Set the Private DNS provider hostname to
1dot1dot1dot1.cloudflare-dns.comto use Cloudflare encrypted DNS.
Using a secure DNS app is the easiest way to get encrypted DNS on an iPhone. You might try the Cloudflare 188.8.131.52 app . Unfortunately, if, as is recommended for privacy and security reasons, you are already using a VPN app (e.g. Private Internet Access , ProtonVPN or NordVPN ), this is not an option. The good news is that provided your VPN app has secure encrypted DNS configured, you can stay private online. It is still worth setting up encrypted DNS outlined in the steps below for protection whenever the VPN connection drops out.
The following step requires a little technical ability. If you are not comfortable performing the
steps do not worry! Here is a comparatively easier alternative you can use to set your DNS servers
to private ones. You can set these on your device, on your router or both. On your device you need
to find the DNS settings and set the primary and secondary DNS servers. Often the default setting
is not secure. Change the default value to use Cloudflare’s (
184.108.40.206), Comodo (
220.127.116.11) or Quad9’s (
18.104.22.168) servers. Note you are not using an encrypted
service. However, it gives you a bit more control, improving your privacy a little.
There are a few steps to follow here. Firstly, we will need to start by creating a DNS profile on a computer running macOS. This profile will contain the DNS settings in a format which we are able to upload to the iPhone. Once uploaded we just need to enable the new settings on the iPhone. We will use Cloudflare here, tough you can swap out Cloudflare details for another service (there are alternative Encrypted DNS profiles on this GitHub repo ).
- On your computer, open a text editor (e.g. TextEdit, Sublime Code or Visual Studio Code). If using TextEdit you need to make sure the file format is plain text (select Make Plain Text from the Format menu).
Create a new file in your text editor and paste in the following content:
Profile from reddit r/MacOSBeta by DustiiWolf post .
Save the file as
cloudflare-dns.mobileconfig. Make sure the file extension is
.mobileconfigbefore continuing. Change it in Finder if necessary.
- Transfer the file to your phone, you can email it to yourself, use iCloud or any other method you prefer.
- Open the file on your phone. Once open, you will see a message which says Profile Downloaded.
- Open Settings and select Profile Downloaded
- Tap Install in the top-right corner and follow on-screen instructions. The phone will display a warning that the profile is unsigned.
- To start using encrypted DNS, in Settings, select VPN & Network. You should see DNS near the bottom. Tap this and from the list select Cloudflare DNS. These are the settings from your freshly installed profile.
Test you have Secure DNS by going to
www.cloudflare.com/ssl/encrypted-sni/ . You should have a green check mark next to Secure DNS once the test has run. You can also
check at 22.214.171.124/help. Here you should have Yes next to Using DNS over TLS (DoT) as well as connectivity
126.96.36.199. If you have IPv6 enabled over your connection, you will also see yes next to the other two IP addresses. Note that if you are using a VPN app it may override these settings while the VPN is active.
- Sit back and enjoying browsing with encrypted DNS.
That’s it! There’s a few steps, but it is all definitely worth the effort as an extra measure to protect your online privacy. If you have a Mac running the latest version of macOS, you can also use the profile you created for your computer. Just double-click the profile file and follow instructions. This will give you encrypted DNS on your computer too.
I hope you found this article on how to enable encrypted dns on iPhone useful. Keen to hear your suggestions. Do you have an easier way to set up iPhone encrypted DNS? What other tips do you have for improving iPhone privacy? Let me know via @askRodney on Twitter, askRodney on Telegram or see other ways to get in touch with Rodney Lab. If you have found this post useful and can afford even a small contribution, please consider supporting me through Buy me a Coffee.
We post regularly on online privacy and security hacks, as well as website development. Subscribe to the newsletter to keep up-to-date with our latest projects.