diff --git a/README.cmn-CN.md b/README.cmn-CN.md
new file mode 100644
index 0000000..8a8c393
--- /dev/null
+++ b/README.cmn-CN.md
@@ -0,0 +1,174 @@
+[English](https://github.com/paulmillr/encrypted-dns/) | 简体中文 | [繁體中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-TW.md)
+
+# 加密 DNS 配置
+
+[DNS over HTTPS](https://zh.wikipedia.org/wiki/DNS_over_HTTPS) 和 [DNS over TLS](https://zh.wikipedia.org/wiki/DNS_over_TLS) 的配置描述文件。查看这篇文章以获取更多信息:[paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) 以及有关[提交新描述文件](#提交新描述文件)的信息。
+
+### 注意事项
+
+根据[谷歌这篇文章](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html)的介绍,DoH 似乎比 DoT 的性能更优。
+
+从 iOS 和 iPadOS 15.5 开始,为了简化咖啡厅、宾馆、机场等公共场所无线网络的身份认证,苹果将这些无线网络的[强制登录门户](https://zh.wikipedia.org/wiki/%E5%BC%BA%E5%88%B6%E9%97%A8%E6%88%B7)加入到了加密 DNS 排除规则中。这是个好消息,但还有一些其他问题我们无法修复,只有等苹果来解决:
+
+- 无法启用加密 DNS:[Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13)、[VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
+- 部分流量绕过加密 DNS:[终端和 App Store](https://github.com/paulmillr/encrypted-dns/issues/22)、[Chrome 浏览器](https://github.com/paulmillr/encrypted-dns/issues/19)
+
+如果你需要更进一步的隐私保护,请查看[使用 Tor 网络的加密 DNS](https://github.com/alecmuffett/dohot)。
+
+## 供应商
+
+“`审查=是`”表示描述文件不会发送某些主机“`主机名=IP`”关系的真实信息。
+
+| 名称 | 区域 | 审查 | 备注 | 安装链接 |
+| ------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------- |
+| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 数字安全集团运营 | [HTTPS][360-dns-profile-https] |
+| [AdGuard DNS 默认][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站 | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
+| [AdGuard DNS 家庭保护][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容 | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
+| [AdGuard DNS 无过滤][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 运营,无过滤 | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
+| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由个人提供 | [HTTPS][alekberg-dns-profile-https] |
+| [阿里云公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里云计算运营 | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
+| [BlahDNS CDN 过滤][blahdns] | 🇺🇸 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-cdn-filtered-profile-https] |
+| [BlahDNS CDN 无过滤][blahdns] | 🇺🇸 | 否 | 由个人提供,无过滤 | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
+| [BlahDNS 芬兰][blahdns] | 🇫🇮 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-finland-profile-https] |
+| [BlahDNS 德国][blahdns] | 🇩🇪 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-germany-profile-https] |
+| [BlahDNS 日本][blahdns] | 🇯🇵 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-japan-profile-https] |
+| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-singapore-profile-https] |
+| [BlahDNS 瑞士][blahdns] | 🇨🇭 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [TLS][blahdns-switzerland-profile-tls] |
+| [Canadian Shield 隐私][canadian-shield] | 🇨🇦 | 否 | 由加拿大互联网注册局 (CIRA) 运营 | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
+| [Canadian Shield 保护][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册局 (CIRA) 运营,拦截恶意软件和钓鱼网站 | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
+| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册局 (CIRA) 运营,拦截恶意软件、钓鱼网站和成人内容 | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
+| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 运营 | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
+| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 运营,拦截恶意软件和钓鱼网站 | [HTTPS][cloudflare-dns-security-profile-https] |
+| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 运营,拦截恶意软件、钓鱼网站和成人内容 | [HTTPS][cloudflare-dns-family-profile-https] |
+| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由腾讯云计算旗下 DNSPod 运营 | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
+| [谷歌公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌运营 | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
+| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex. 拦截广告和跟踪器 | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
+| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 运营 | [HTTPS][mullvad-dns-profile-https] |
+| [Mullvad DNS 广告过滤][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 运营,拦截广告和跟踪器 | [HTTPS][mullvad-dns-adblock-profile-https] |
+| [OpenDNS 标准][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 运营 | [HTTPS][opendns-standard-profile-https] |
+| [OpenDNS 家庭防护][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 运营,拦截恶意软件和成人内容 | [HTTPS][opendns-familyshield-profile-https] |
+| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,拦截恶意软件 | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
+| [Quad9 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,支持 ECS,拦截恶意软件 | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
+| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 运营,拦截广告、跟踪器、钓鱼网站和恶意软件 | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
+
+## 安装
+
+要使设置在 **iOS**、**iPadOS** 和 **macOS** 中所有的应用程序上生效,你需要安装配置描述文件。此文件将指引操作系统使用 DoH 或 DoT。注意:只在系统无线局域网设置中设置 DNS 服务器 IP 是不够的——你需要安装描述文件。
+
+iOS / iPadOS:使用 Safari 浏览器(其他浏览器只会下载该文件,不会弹出安装提示)打开 GitHub 上的 mobileconfig 文件,然后点击“允许”按钮,描述文件将完成下载。打开 **系统设置 => 通用 => VPN、DNS 与设备管理**,选择已下载的描述文件并点击“安装”按钮。
+
+macOS [(官方文档)](https://support.apple.com/zh-cn/guide/mac-help/mh35561/):
+
+1. 下载并保存描述文件,将其重命名为 `NAME.mobileconfig`,而不是 txt 之类的扩展名。
+2. 选取苹果菜单 >“系统设置”,点按边栏中的“隐私和安全性” ,然后点按右侧的“描述文件”。(你可能需要向下滚动。)
+ 安装期间,系统可能会要求你提供密码或其他信息。
+3. 在“已下载”部分中,连按描述文件。
+4. 检查描述文件内容,然后点按“继续”、“安装”或“注册”以安装描述文件。
+
+ 如果 Mac 上已安装了较早版本的描述文件,其设置将替换为更新版本中的设置。
+
+## 范围
+
+这条[额外选项](https://github.com/paulmillr/encrypted-dns/issues/22)似乎可以让描述文件在系统全局范围生效。如果有兴趣尝试,请将下面的内容添加到 mobileconfig 文件中:
+
+```xml
+PayloadScope
+System
+```
+
+## 签名版描述文件
+
+在 `signed` 文件夹中,存放了*稍微过时的*签名版描述文件。这些描述文件已由 [@Candygoblen123](https://github.com/Candygoblen123) 签名,因此当你安装时,界面上会有“已验证”的提示,此举还可确保这些描述文件未被篡改。但由于这些描述文件是交由第三方签名的,因此可能会稍微落后于未签名的版本。
+
+[备注]: <> (我们建议安装签名版的描述文件,因为数字签名可以确保文件在下载时没有被修改。)
+
+如要验证 DNS 解析器的 IP 和主机名,请将描述文件内容与其官方网站的文档进行比对,描述文件内部结构和属性在[苹果开发者网站](https://developer.apple.com/documentation/devicemanagement/dnssettings)上有详细讲解。如要验证签名版的描述文件,请将其下载到本地后用文本编辑器打开,因为 GitHub 会将签名版描述文件视为二进制文件而无法直接查看。
+
+## 提交新描述文件
+
+描述文件本质上是文本文件,将现有的描述文件复制一份并修改其 UUID 即可,请确保在本 README 文件中更新描述文件的相关信息。
+
+随机 UUID 除了可以通过网站在线生成,还有很多其他获取方法:
+
+- 在浏览器中按下 `F12` 打开“开发人员工具”,在控制台中运行这段代码
+
+```javascript
+crypto.randomUUID();
+```
+
+- 在 macOS / Linux 终端中运行此命令
+
+```sh
+# 适用于 macOS 和 Linux
+uuidgen
+
+# 适用于 Linux
+cat /proc/sys/kernel/random/uuid
+```
+
+- 在 Powershell 中运行此命令
+
+```powershell
+New-Guid
+```
+
+[360-dns]: https://sdns.360.net/dnsPublic.html
+[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
+[adguard-dns-default]: https://adguard-dns.io/kb/zh-CN/general/dns-providers/#default
+[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
+[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
+[adguard-dns-family]: https://adguard-dns.io/kb/zh-CN/general/dns-providers/#family-protection
+[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
+[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
+[adguard-dns-unfiltered]: https://adguard-dns.io/kb/zh-CN/general/dns-providers/#non-filtering
+[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
+[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
+[alekberg-dns]: https://alekberg.net
+[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
+[aliyun-dns]: https://www.alidns.com/
+[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
+[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
+[blahdns]: https://blahdns.com/
+[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig
+[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig
+[blahdns-finland-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig
+[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig
+[blahdns-japan-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig
+[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig
+[blahdns-switzerland-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig
+[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
+[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
+[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
+[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
+[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
+[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
+[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
+[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
+[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
+[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
+[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
+[dnspod-dns]: https://www.dnspod.cn/products/publicdns
+[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
+[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
+[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports?hl=zh-cn
+[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
+[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
+[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
+[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-doh.mobileconfig
+[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-dot.mobileconfig
+[mullvad-dns]: https://mullvad.net/zh-hans/help/dns-over-https-and-dns-over-tls/
+[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig
+[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig
+[opendns]: https://support.opendns.com/hc/articles/360038086532
+[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
+[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
+[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
+[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
+[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
+[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
+[tiarap]: https://doh.tiar.app
+[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
+[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig
diff --git a/README.cmn-TW.md b/README.cmn-TW.md
new file mode 100644
index 0000000..d4784d3
--- /dev/null
+++ b/README.cmn-TW.md
@@ -0,0 +1,174 @@
+[English](https://github.com/paulmillr/encrypted-dns/) | [简体中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-CN.md) | 繁體中文
+
+# 加密 DNS 配置
+
+[DNS over HTTPS](https://zh.wikipedia.org/zh-tw/DNS_over_HTTPS) 和 [DNS over TLS](https://zh.wikipedia.org/zh-tw/DNS_over_TLS) 的設定描述檔。查看這篇文章以獲取更多訊息:[paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) 以及有關[提交新描述檔](#提交新描述檔)的訊息。
+
+### 注意事項
+
+根據 [Google 這篇文章](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html)的介紹,DoH 似乎比 DoT 的性能更優。
+
+從 iOS 和 iPadOS 15.5 開始,為了簡化咖啡館、飯店、機場等公共場所 Wi-Fi 的身份認證,蘋果將這些 Wi-Fi 的[強制網路門戶](https://zh.wikipedia.org/zh-tw/%E5%BC%BA%E5%88%B6%E9%97%A8%E6%88%B7)加入到了加密 DNS 豁免清單中。這是個好消息,但還有一些其他問題我們無法修復,只有等蘋果來解決:
+
+- 無法啟用加密 DNS:[Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13)、[VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
+- 部分流量繞過加密 DNS:[終端機和 App Store](https://github.com/paulmillr/encrypted-dns/issues/22)、[Chrome 瀏覽器](https://github.com/paulmillr/encrypted-dns/issues/19)
+
+如果你需要更進一步的隱私保護,請查看[使用 Tor 網路的加密 DNS](https://github.com/alecmuffett/dohot)。
+
+## 供應商
+
+「`審查=是`」意味著描述檔不會發送某些主機「`主機名=IP`」關係的真實訊息。
+
+| 名稱 | 區域 | 審查 | 備註 | 安裝連結 |
+| ------------------------------------------------ | ----- | ---- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 數字安全集團運營 | [HTTPS][360-dns-profile-https] |
+| [AdGuard DNS 默認][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 運營,攔截廣告、跟蹤器和釣魚網站 | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
+| [AdGuard DNS 家庭保護][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 運營,除默認規則外,額外攔截惡意軟體和成人內容 | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
+| [AdGuard DNS 無過濾][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 運營,無攔截 | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
+| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由個人提供 | [HTTPS][alekberg-dns-profile-https] |
+| [阿里雲公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里雲計算運營 | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
+| [BlahDNS CDN 過濾][blahdns] | 🇺🇸 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-cdn-filtered-profile-https] |
+| [BlahDNS CDN 無過濾][blahdns] | 🇺🇸 | 否 | 由個人提供,無過濾 | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
+| [BlahDNS 芬蘭][blahdns] | 🇫🇮 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-finland-profile-https] |
+| [BlahDNS 德國][blahdns] | 🇩🇪 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-germany-profile-https] |
+| [BlahDNS 日本][blahdns] | 🇯🇵 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-japan-profile-https] |
+| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-singapore-profile-https] |
+| [BlahDNS 瑞士][blahdns] | 🇨🇭 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [TLS][blahdns-switzerland-profile-tls] |
+| [Canadian Shield 隱私][canadian-shield] | 🇨🇦 | 否 | 由加拿大網路註冊局 (CIRA) 運營 | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
+| [Canadian Shield 保護][canadian-shield] | 🇨🇦 | 是 | 由加拿大網路註冊局 (CIRA) 運營,攔截惡意軟體和釣魚網站 | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
+| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大網路註冊局 (CIRA) 運營,攔截惡意軟體、釣魚網站和成人內容 | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
+| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 運營 | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
+| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 運營,攔截惡意軟體和釣魚網站 | [HTTPS][cloudflare-dns-security-profile-https] |
+| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 運營,攔截惡意軟體、釣魚網站和成人內容 | [HTTPS][cloudflare-dns-family-profile-https] |
+| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由騰訊雲計算旗下 DNSPod 運營 | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
+| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由 Google 運營 | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
+| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex. 攔截廣告和跟蹤器 | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
+| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 運營 | [HTTPS][mullvad-dns-profile-https] |
+| [Mullvad DNS 廣告過濾][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 運營,攔截廣告和跟蹤器 | [HTTPS][mullvad-dns-adblock-profile-https] |
+| [OpenDNS 標準][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 運營 | [HTTPS][opendns-standard-profile-https] |
+| [OpenDNS 家庭防護][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 運營,攔截惡意軟體和成人內容 | [HTTPS][opendns-familyshield-profile-https] |
+| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會運營,攔截惡意軟體 | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
+| [Quad9 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會運營,支持 ECS,攔截惡意軟體 | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
+| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 運營,攔截廣告、跟蹤器、釣魚網站和惡意軟體 | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
+
+## 安裝
+
+要使設置在 **iOS**、**iPadOS** 和 **macOS** 中所有的應用程式上生效,你需要安裝設定描述檔。此文件將指引操作系統使用 DoH 或 DoT。注意:僅在系統 Wi-Fi 設定中設置 DNS 伺服器 IP 是不夠的——你需要安裝描述檔。
+
+iOS / iPadOS:使用 Safari 瀏覽器(其他瀏覽器只會下載該文件,不會彈出安裝提示)打開 GitHub 上的 mobileconfig 文件,然後點擊「允許」按鈕,描述檔將完成下載。打開 **系統設定 => 一般 => VPN、DNS 與裝置管理**,選擇已下載的描述檔並點擊「安裝」按鈕。
+
+macOS [(官方文檔)](https://support.apple.com/zh-tw/guide/mac-help/mh35561/):
+
+1. 下載並保存描述檔,將其重命名為 `NAME.mobileconfig`,而不是 txt 之類的副檔名。
+2. 選擇「蘋果」選單 >「系統設定」,按一下側邊欄中的「隱私權和安全性」,然後按一下右側的「描述檔」。(你可能需要向下捲動。)
+ 安裝期間,系統可能會要求你提供密碼或其他資訊。
+3. 在「已下載」區域中,按兩下描述檔。
+4. 檢視描述檔內容然後按一下「繼續」、「安裝」或「註冊」來安裝描述檔。
+
+ 若 Mac 上已安裝描述檔的較早版本,則以上版本中的設定會取代先前的設定。
+
+## 範圍
+
+這條[額外選項](https://github.com/paulmillr/encrypted-dns/issues/22)似乎可以讓描述文件在系統全域範圍生效。如果有興趣嘗試,請將下面的內容添加到 mobileconfig 文件中:
+
+```xml
+PayloadScope
+System
+```
+
+## 簽署版描述檔
+
+在 `signed` 文件夾中,存放了*稍微過時的*簽署版描述檔。這些描述檔已由 [@Candygoblen123](https://github.com/Candygoblen123) 簽署,因此當你安裝時,介面上會有「已驗證」的提示,此舉還可確保這些描述檔未被篡改。但由於這些描述檔是交由第三方簽署的,因此可能會稍微落後於未簽署的版本。
+
+[備註]: <> (我們建議安裝簽署版的描述檔,因為數位簽章可以確保文件在下載時沒有被修改。)
+
+如要驗證 DNS 解析器的 IP 和主機名,請將描述檔內容與其官方網站的文檔進行比對,描述檔內部結構和屬性在[蘋果開發人員網站](https://developer.apple.com/documentation/devicemanagement/dnssettings)上有詳細講解。如要驗證簽署版的描述檔,請將其下載到本地後用文字編輯器打開,因為 GitHub 會將簽署版描述檔視為二進位檔案而無法直接查看。
+
+## 提交新描述檔
+
+描述檔本質上是文字檔案,將現有的描述檔複製一份並修改其 UUID 即可,請確保在本 README 文件中更新描述檔的相關訊息。
+
+隨機 UUID 除了可以通過網站在線生成,還有很多其他獲取方法:
+
+- 在瀏覽器中按下 `F12` 打開“開發人員工具”,在主控台中執行這段程式碼
+
+```javascript
+crypto.randomUUID();
+```
+
+- 在 macOS / Linux 終端機中執行此指令
+
+```sh
+# 適用於 macOS 和 Linux
+uuidgen
+
+# 適用於 Linux
+cat /proc/sys/kernel/random/uuid
+```
+
+- 在 Powershell 中執行此指令
+
+```powershell
+New-Guid
+```
+
+[360-dns]: https://sdns.360.net/dnsPublic.html
+[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
+[adguard-dns-default]: https://adguard-dns.io/kb/zh-TW/general/dns-providers/#default
+[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
+[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
+[adguard-dns-family]: https://adguard-dns.io/kb/zh-TW/general/dns-providers/#family-protection
+[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
+[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
+[adguard-dns-unfiltered]: https://adguard-dns.io/kb/zh-TW/general/dns-providers/#non-filtering
+[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
+[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
+[alekberg-dns]: https://alekberg.net
+[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
+[aliyun-dns]: https://www.alidns.com/
+[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
+[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
+[blahdns]: https://blahdns.com/
+[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig
+[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig
+[blahdns-finland-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig
+[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig
+[blahdns-japan-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig
+[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig
+[blahdns-switzerland-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig
+[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
+[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
+[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
+[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
+[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
+[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
+[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
+[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
+[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
+[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
+[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
+[dnspod-dns]: https://www.dnspod.cn/products/publicdns
+[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
+[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
+[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports?hl=zh-tw
+[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
+[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
+[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
+[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-doh.mobileconfig
+[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-dot.mobileconfig
+[mullvad-dns]: https://mullvad.net/zh-hant/help/dns-over-https-and-dns-over-tls/
+[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig
+[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig
+[opendns]: https://support.opendns.com/hc/articles/360038086532
+[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
+[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
+[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
+[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
+[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
+[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
+[tiarap]: https://doh.tiar.app
+[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
+[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig
diff --git a/README.md b/README.md
index 954bf8f..33feaf5 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,14 @@
+English | [简体中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-CN.md) | [繁體中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-TW.md)
+
# encrypted-dns-configs
+
Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile).
### Caveats
DoH seems to work faster & better than DoT judging from the [Google's article](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html).
-Starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news. There are still some other issues; we can't fix them, only Apple can:
+Starting from iOS & iPadOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news. There are still some other issues; we can't fix them, only Apple can:
- eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
- Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19)
@@ -16,46 +19,75 @@ If you need even more privacy, check out [encrypted-dns over TOR](https://github
`Censorship=yes` means the profile will not send true information about `hostname=IP` relation for some hosts.
-| Name | Country | Censorship | Notes | Install button |
-|---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| AdGuard Default | 🇷🇺 | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#default) by AdGuard (Filters ads, tracking & phishing) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig) |
-| AdGuard Family | 🇷🇺 | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#family-protection) by AdGuard (Filters Default + malware & adult content) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig) |
-| AdGuard No Filter | 🇷🇺 | No | [Operated](https://adguard-dns.io/kb/general/dns-providers/#non-filtering) by AdGuard (Non-filtering) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) |
-| AliDNS | 🇨🇳 | Yes | [Operated](https://www.alidns.com/) by Alibaba in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig) |
-| Alekberg | 🇳🇱 | No | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) |
-| BlahDNS CDN Filtered | 🇺🇸 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) |
-| BlahDNS CDN Unfiltered | 🇺🇸 | No | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) |
-| BlahDNS Finland Adsblock | 🇫🇮 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig) |
-| BlahDNS Germany Adsblock | 🇩🇪 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) |
-| BlahDNS Japan Adsblock | 🇯🇵 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) |
-| BlahDNS Singapore Adsblock| 🇸🇬 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) |
-| BlahDNS Swiss Adsblock | 🇨🇭 | Yes | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) |
-| Canadian Shield Private | 🇨🇦 | No | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) |
-| Canadian Shield Protected | 🇨🇦 | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) |
-| Canadian Shield Family | 🇨🇦 | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) |
+| Name | Region | Censorship | Notes | Install (Signed - Recommended) | Install (unsigned) button |
+| ---------------------------------------------------- | ------ | ---------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------- |
+| [360 Security DNS][360-dns] | 🇨🇳 | Yes | Operated by 360 Digital Security Group | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] |
+| [AdGuard DNS Default][adguard-dns-default] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
+| [AdGuard DNS Family Protection][adguard-dns-family] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
+| [AdGuard DNS Non-filtering][adguard-dns-unfiltered] | 🇷🇺 | No | Operated by AdGuard Software Ltd. Non-filtering | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
+| [Alekberg Encrypted DNS][alekberg-dns] | 🇳🇱 | No | Independent | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] |
+| [Aliyun Public DNS][aliyun-dns] | 🇨🇳 | No | Operated by Alibaba Cloud Ltd. | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
+| [Archuser.org PubHole][archuser] | 🇺🇸 | Yes | Independent. Blocks ads, tracking, and supports OpenNIC Domains. | | [HTTPS][archuser-https], [TLS][archuser-tls]
+| [BlahDNS CDN Filtered][blahdns] | 🇺🇸 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] |
+| [BlahDNS CDN Unfiltered][blahdns] | 🇺🇸 | No | Independent. Non-filtering | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
+| [BlahDNS Finland][blahdns] | 🇫🇮 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-finland-profile-https-signed] | [HTTPS][blahdns-finland-profile-https] |
+| [BlahDNS Germany][blahdns] | 🇩🇪 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] |
+| [BlahDNS Japan][blahdns] | 🇯🇵 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-japan-profile-https-signed] | [HTTPS][blahdns-japan-profile-https] |
+| [BlahDNS Singapore][blahdns] | 🇸🇬 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] |
+| [BlahDNS Switzerland][blahdns] | 🇨🇭 | Yes | Independent. Blocks ads, tracking & malware | [TLS][blahdns-switzerland-profile-tls-signed] | [TLS][blahdns-switzerland-profile-tls] |
+| [Canadian Shield Private][canadian-shield] | 🇨🇦 | No | Operated by the Canadian Internet Registration Authority (CIRA) | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
+| [Canadian Shield Protected][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
+| [Canadian Shield Family][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
| Cleanbrowsing Family Filter | 🇺🇸 | Yes | Filters malware & adult, mixed content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig) |
| Cleanbrowsing Adult Filter | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig) |
| Cleanbrowsing Security Filter | 🇺🇸 | Yes | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig) |
-| Cloudflare | 🇺🇸 | No | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) |
-| Cloudflare Malware | 🇺🇸 | Yes | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) |
-| Cloudflare Family | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) |
-| DNSPod | 🇨🇳 | Yes | [Operated](https://www.dnspod.cn/Products/publicdns?lang=en) by DNSPod (Tencent) in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) |
-| Google | 🇺🇸 | No | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) |
-| OpenDNS | 🇺🇸 | No | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) |
-| OpenDNS Family | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) |
-| Quad9 | 🇨🇭 | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) |
-| Quad9 With ECS | 🇨🇭 | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig) |
-| Tiar.app | 🇸🇬 🇺🇸 | Yes | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) |
+| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | No | Operated by Cloudflare Inc. | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
+| [Cloudflare 1.1.1.1 Security][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware & phishing | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] |
+| [Cloudflare 1.1.1.1 Family][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware, phishing & adult content | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] |
+| [DNSPod Public DNS][dnspod-dns] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
+| [Google Public DNS][google-dns] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
+| [keweonDNS][keweondns] | 🇩🇪 | No | Operated by Aviontex. Blocks ads & tracking | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
+| [Mullvad DNS][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
+| [Mullvad DNS Adblock][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB. Blocks ads & tracking | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] |
+| [OpenDNS Standard][opendns] | 🇺🇸 | No | Operated by Cisco OpenDNS LLC | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] |
+| [OpenDNS FamilyShield][opendns] | 🇺🇸 | Yes | Operated by Cisco OpenDNS LLC. Blocks malware & adult content | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] |
+| [Quad9][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Blocks malware | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
+| [Quad9 w/ ECS][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Supports ECS. Blocks malware | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
+| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | Yes | Operated by Tiarap Inc. Blocks ads, tracking, phising & malware | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
## Installation
-To make settings work across all apps in **iOS** & **MacOS**, you’ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: it’s not enough to simply set server IPs in System Preferences — you need to install a profile.
+To make settings work across all apps in **iOS**, **iPadOS** & **macOS**, you'll need to install configuration profile. This profile would tell operating system to use DoH / DoT. Note: it's not enough to simply set server IPs in System Preferences — you need to install a profile.
-To install, simply open the file in GitHub by using Safari (other browsers will just download the file and won't ask for installation), and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the “Install” button.
+iOS / iPadOS: Open the mobileconfig file in GitHub by using Safari (other browsers will just download the file and won't ask for installation), and then click/tap on "Allow" button. The profile should download. Go to **System Settings => General => VPN, DNS & Device Management**, select downloaded profile and tap the "Install" button.
+
+macOS [(official docs)](https://support.apple.com/guide/mac-help/mh35561/):
+
+1. Download and save the profile. After save, rename it to be in format: `NAME.mobileconfig`, not NAME.txt, or so
+2. Choose Apple menu > System Settings, click Privacy and Security in the sidebar, then click Profiles on the right. (You may need to scroll down.)
+ You may be asked to supply your password or other information during installation.
+3. In the Downloaded section, double-click the profile.
+4. Review the profile contents then click Continue, Install or Enroll to install the profile.
+
+ If an earlier version of a profile is already installed on your Mac, the settings in the updated version replace the previous ones.
+
+## Scope
+
+There seems to be an [additional option](https://github.com/paulmillr/encrypted-dns/issues/22) that allows to use system-wide profiles. To try it, add this to mobileconfig file:
+
+```xml
+PayloadScope
+System
+```
## Signed Profiles
-In the signed folder, we have *slightly outdated* signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little.
+In the `signed` folder we have signed versions of the profiles in this repository. These profiles have been signed by [@Xernium](https://github.com/Xernium) so that when you install the profiles,
+they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little.
+The signature is valid until `2024-11-30`
+
+Previous signature by:
+[@Candygoblen123](https://github.com/Candygoblen123), replaced at `2023-11-29`
[comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.)
@@ -63,4 +95,135 @@ To verify resolver IPs and hostnames, compare mobileconfig files to their docume
## Contributing a new profile
-Profiles are basically text files. Copy an existing one and change its UUID, for example, by generating a new one online. Make sure you update README with new profile's info.
+Profiles are basically text files. Copy an existing one and change its UUID, make sure you update README with new profile's info.
+
+In addition to generating online, there are many other ways to generate a random UUID:
+
+- Press `F12` to open DevTools in the browser, run this code in the console
+
+```javascript
+crypto.randomUUID();
+```
+
+- Run these commands in the macOS / Linux terminal
+
+```sh
+# Works both in macOS & Linux
+uuidgen
+
+# Works in Linux
+cat /proc/sys/kernel/random/uuid
+```
+
+- Run this cmdlet in Powershell
+
+```powershell
+New-Guid
+```
+
+[360-dns]: https://sdns.360.net/dnsPublic.html
+[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
+[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default
+[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
+[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
+[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
+[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
+[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
+[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
+[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
+[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
+[alekberg-dns]: https://alekberg.net
+[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
+[aliyun-dns]: https://www.alidns.com/
+[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
+[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
+[archuser]: https://pubhole.archuser.org
+[archuser-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/archuser-https.mobileconfig
+[archuser-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/archuser-tls.mobileconfig
+[blahdns]: https://blahdns.com/
+[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig
+[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig
+[blahdns-finland-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig
+[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig
+[blahdns-japan-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig
+[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig
+[blahdns-switzerland-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig
+[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
+[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
+[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
+[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
+[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
+[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
+[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
+[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
+[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
+[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
+[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
+[dnspod-dns]: https://www.dnspod.com/products/public.dns
+[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
+[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
+[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports
+[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
+[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
+[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
+[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-doh.mobileconfig
+[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-dot.mobileconfig
+[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig
+[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig
+[opendns]: https://support.opendns.com/hc/articles/360038086532
+[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
+[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
+[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
+[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
+[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
+[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
+[tiarap]: https://doh.tiar.app
+[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
+[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig
+[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
+[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
+[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
+[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
+[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
+[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
+[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
+[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig
+[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig
+[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig
+[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-doh1.mobileconfig
+[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-doh1.mobileconfig
+[blahdns-finland-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-finland-doh.mobileconfig
+[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-doh.mobileconfig
+[blahdns-japan-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-japan-doh.mobileconfig
+[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-doh.mobileconfig
+[blahdns-switzerland-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-switzerland-dot.mobileconfig
+[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
+[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
+[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
+[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
+[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
+[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
+[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig
+[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig
+[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
+[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
+[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig
+[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig
+[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig
+[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig
+[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-doh.mobileconfig
+[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-dot.mobileconfig
+[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-doh.mobileconfig
+[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-doh.mobileconfig
+[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig
+[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
+[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig
+[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig
+[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
+[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
+[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig
+[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig
diff --git a/profiles/360-https.mobileconfig b/profiles/360-https.mobileconfig
new file mode 100644
index 0000000..5a43b35
--- /dev/null
+++ b/profiles/360-https.mobileconfig
@@ -0,0 +1,51 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ HTTPS
+ ServerAddresses
+
+ 101.226.4.6
+ 218.30.118.6
+
+ ServerURL
+ https://doh.360.cn/dns-query
+
+ PayloadDescription
+ Configures device to use 360 Public Security DNS over HTTPS
+ PayloadDisplayName
+ 360 Public Security DNS over HTTPS
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ AADC443A-E6B1-4F18-9093-CEA9B406A8FF
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds the 360 Public Security DNS over HTTPS to Big Sur and iOS 14 based systems
+ PayloadDisplayName
+ 360 Public Security DNS over HTTPS
+ PayloadIdentifier
+ com.paulmillr.apple-dns
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ 32663B5D-707C-48BD-90C5-123E84204A8C
+ PayloadVersion
+ 1
+
+
diff --git a/profiles/alekberg-https.mobileconfig b/profiles/alekberg-https.mobileconfig
index 317a583..368ee1b 100644
--- a/profiles/alekberg-https.mobileconfig
+++ b/profiles/alekberg-https.mobileconfig
@@ -32,8 +32,8 @@
HTTPS
ServerAddresses
- 51.15.124.208
- 2001:bc8:1830:2018::1
+ 89.38.131.38
+ 2a0c:b9c0:f:451d::1
ServerURL
https://dnsnl.alekberg.net/dns-query
diff --git a/profiles/archuser-https.mobileconfig b/profiles/archuser-https.mobileconfig
new file mode 100644
index 0000000..dfa282d
--- /dev/null
+++ b/profiles/archuser-https.mobileconfig
@@ -0,0 +1,53 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ HTTPS
+ ServerAddresses
+
+ 2600:3c02::f03c:94ff:fe86:115d
+ 66.228.61.140
+
+ ServerURL
+ https://doh.archuser.org/dns-query
+
+ PayloadDescription
+ Configures device to use ArchUser's DNS over HTTPs
+ PayloadDisplayName
+ Archuser.org DNS Over HTTPs
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.a7c9c22a-d313-4499-ad1b-3b4f6ed22134
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ a643c2ab-2924-465d-8f2a-b894a7b76abd
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds Archuser.org's PubHole DNS to the latest macOS and iOS systems
+ PayloadDisplayName
+ Archuser.org DNS over HTTPs
+ PayloadIdentifier
+ com.paulmillr.apple-dns
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ c87ca62d-c669-4ee9-92c4-2c3d96e9aadc
+ PayloadVersion
+ 1
+ PayloadScope
+ System
+
+
diff --git a/profiles/archuser-tls.mobileconfig b/profiles/archuser-tls.mobileconfig
new file mode 100644
index 0000000..53a8751
--- /dev/null
+++ b/profiles/archuser-tls.mobileconfig
@@ -0,0 +1,53 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ TLS
+ ServerAddresses
+
+ 2600:3c02::f03c:94ff:fe86:115d
+ 66.228.61.140
+
+ ServerName
+ doh.archuser.org
+
+ PayloadDescription
+ Configures device to use ArchUser's DNS over TLS
+ PayloadDisplayName
+ Archuser.org DNS over TLS
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.f1109887-ce9e-47bb-b751-fa2e2356691c
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ 0c93de73-7828-4d5e-83dd-1249a42ba225
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds Archuser.org's PubHole DNS to the latest macOS and iOS systems
+ PayloadDisplayName
+ ArchUser.org DNS over TLS
+ PayloadIdentifier
+ com.paulmillr.apple-dns
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ 864d8cf9-01bb-4424-a7da-93c77fbd9613
+ PayloadVersion
+ 1
+ PayloadScope
+ System
+
+
diff --git a/profiles/keweondns-doh.mobileconfig b/profiles/keweondns-doh.mobileconfig
new file mode 100644
index 0000000..a2f0c52
--- /dev/null
+++ b/profiles/keweondns-doh.mobileconfig
@@ -0,0 +1,65 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ HTTPS
+ ServerURL
+ https://dns.keweon.center/dns-query
+
+ OnDemandRules
+
+
+ Action
+ Connect
+ InterfaceTypeMatch
+ WiFi
+
+
+ Action
+ Connect
+ InterfaceTypeMatch
+ Cellular
+
+
+ Action
+ Disconnect
+
+
+ PayloadDescription
+ Configures device to use keweonDNS physical DNS Server to encrypt DNS over HTTPS
+ PayloadDisplayName
+ keweonDNS (DoH)
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.c6f63b17-0703-40dc-b075-e4061b234b24
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ c6f63b17-0703-40dc-b075-e4061b234b24
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds keweonDNS encrypted DNS configurations to Apple based systems
+ PayloadDisplayName
+ keweonDNS (DoH)
+ PayloadIdentifier
+ center.keweon.apple-dns.71955c20-57f7-4c81-8afa-711f83f92822
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ 65935AE4-E397-4789-BACE-6D73F7000CE0
+ PayloadVersion
+ 1
+
+
diff --git a/profiles/keweondns-dot.mobileconfig b/profiles/keweondns-dot.mobileconfig
new file mode 100644
index 0000000..6925bcb
--- /dev/null
+++ b/profiles/keweondns-dot.mobileconfig
@@ -0,0 +1,65 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ TLS
+ ServerName
+ dns.keweon.center
+
+ OnDemandRules
+
+
+ Action
+ Connect
+ InterfaceTypeMatch
+ WiFi
+
+
+ Action
+ Connect
+ InterfaceTypeMatch
+ Cellular
+
+
+ Action
+ Disconnect
+
+
+ PayloadDescription
+ Configures device to use keweonDNS physical DNS Server to encrypt DNS over TLS
+ PayloadDisplayName
+ keweonDNS (DoT)
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.50cac8a0-da47-4e0c-bb45-a0250a799dd1
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ 50cac8a0-da47-4e0c-bb45-a0250a799dd1
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds keweonDNS encrypted DNS configurations to Apple based systems
+ PayloadDisplayName
+ keweonDNS (DoT)
+ PayloadIdentifier
+ center.keweo.apple-dns.616cf439-7a72-4e15-883c-c08569a96560
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ B0E8A932-459A-4C05-B433-B45CE0195E5A
+ PayloadVersion
+ 1
+
+
diff --git a/profiles/mullvad-adblock-doh.mobileconfig b/profiles/mullvad-adblock-doh.mobileconfig
new file mode 100644
index 0000000..5e238e2
--- /dev/null
+++ b/profiles/mullvad-adblock-doh.mobileconfig
@@ -0,0 +1,51 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ HTTPS
+ ServerAddresses
+
+ 2a07:e340::3
+ 194.242.2.3
+
+ ServerURL
+ https://adblock.doh.mullvad.net/dns-query
+
+ PayloadDescription
+ Configures device to use Mullvad DNS over HTTPS
+ PayloadDisplayName
+ Mullvad DNS over HTTPS
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.4A06FE90-FBD6-4603-8CEC-FD1C94BF304C
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ 4A06FE90-FBD6-4603-8CEC-FD1C94BF304C
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds the Mullvad DNS with ad blocking to Big Sur and iOS 14 based systems
+ PayloadDisplayName
+ Mullvad DNS over HTTPS
+ PayloadIdentifier
+ com.paulmillr.apple-dns
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ C1B95E85-C40A-4A0F-8C80-8B44C5478171
+ PayloadVersion
+ 1
+
+
diff --git a/profiles/mullvad-doh.mobileconfig b/profiles/mullvad-doh.mobileconfig
new file mode 100644
index 0000000..cf40b5d
--- /dev/null
+++ b/profiles/mullvad-doh.mobileconfig
@@ -0,0 +1,51 @@
+
+
+
+
+ PayloadContent
+
+
+ DNSSettings
+
+ DNSProtocol
+ HTTPS
+ ServerAddresses
+
+ 2a07:e340::2
+ 194.242.2.2
+
+ ServerURL
+ https://doh.mullvad.net/dns-query
+
+ PayloadDescription
+ Configures device to use Mullvad DNS over HTTPS
+ PayloadDisplayName
+ Mullvad DNS over HTTPS
+ PayloadIdentifier
+ com.apple.dnsSettings.managed.C846E5BF-D246-45FB-A9E2-A9B30A153A8B
+ PayloadType
+ com.apple.dnsSettings.managed
+ PayloadUUID
+ C846E5BF-D246-45FB-A9E2-A9B30A153A8B
+ PayloadVersion
+ 1
+ ProhibitDisablement
+
+
+
+ PayloadDescription
+ Adds the Mullvad DNS to Big Sur and iOS 14 based systems
+ PayloadDisplayName
+ Mullvad DNS over HTTPS
+ PayloadIdentifier
+ com.paulmillr.apple-dns
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ 13001589-3D36-4CC9-B16B-622C8E744FF4
+ PayloadVersion
+ 1
+
+
diff --git a/signed/360-https.mobileconfig b/signed/360-https.mobileconfig
new file mode 100644
index 0000000..0eca43a
Binary files /dev/null and b/signed/360-https.mobileconfig differ
diff --git a/signed/adguard-default-https.mobileconfig b/signed/adguard-default-https.mobileconfig
new file mode 100644
index 0000000..e49633e
Binary files /dev/null and b/signed/adguard-default-https.mobileconfig differ
diff --git a/signed/adguard-default-tls.mobileconfig b/signed/adguard-default-tls.mobileconfig
new file mode 100644
index 0000000..43e1ff1
Binary files /dev/null and b/signed/adguard-default-tls.mobileconfig differ
diff --git a/signed/adguard-family-https.mobileconfig b/signed/adguard-family-https.mobileconfig
index 61ced3d..455cc94 100644
Binary files a/signed/adguard-family-https.mobileconfig and b/signed/adguard-family-https.mobileconfig differ
diff --git a/signed/adguard-family-tls.mobileconfig b/signed/adguard-family-tls.mobileconfig
new file mode 100644
index 0000000..b86e840
Binary files /dev/null and b/signed/adguard-family-tls.mobileconfig differ
diff --git a/signed/adguard-https.mobileconfig b/signed/adguard-https.mobileconfig
index 348d976..f5044c5 100644
Binary files a/signed/adguard-https.mobileconfig and b/signed/adguard-https.mobileconfig differ
diff --git a/signed/adguard-nofilter-https.mobileconfig b/signed/adguard-nofilter-https.mobileconfig
new file mode 100644
index 0000000..0a00420
Binary files /dev/null and b/signed/adguard-nofilter-https.mobileconfig differ
diff --git a/signed/adguard-nofilter-tls.mobileconfig b/signed/adguard-nofilter-tls.mobileconfig
new file mode 100644
index 0000000..98570cb
Binary files /dev/null and b/signed/adguard-nofilter-tls.mobileconfig differ
diff --git a/signed/alekberg-https.mobileconfig b/signed/alekberg-https.mobileconfig
index 7285d6b..a970ac9 100644
Binary files a/signed/alekberg-https.mobileconfig and b/signed/alekberg-https.mobileconfig differ
diff --git a/signed/alibaba-https.mobileconfig b/signed/alibaba-https.mobileconfig
index 2bb9273..7c2c11d 100644
Binary files a/signed/alibaba-https.mobileconfig and b/signed/alibaba-https.mobileconfig differ
diff --git a/signed/alibaba-tls.mobileconfig b/signed/alibaba-tls.mobileconfig
new file mode 100644
index 0000000..e510210
Binary files /dev/null and b/signed/alibaba-tls.mobileconfig differ
diff --git a/signed/blahdns-cdn-adblock-doh1.mobileconfig b/signed/blahdns-cdn-adblock-doh1.mobileconfig
new file mode 100644
index 0000000..83ae776
Binary files /dev/null and b/signed/blahdns-cdn-adblock-doh1.mobileconfig differ
diff --git a/signed/blahdns-cdn-unfiltered-doh1.mobileconfig b/signed/blahdns-cdn-unfiltered-doh1.mobileconfig
new file mode 100644
index 0000000..a6d3832
Binary files /dev/null and b/signed/blahdns-cdn-unfiltered-doh1.mobileconfig differ
diff --git a/signed/blahdns-finland-doh.mobileconfig b/signed/blahdns-finland-doh.mobileconfig
new file mode 100644
index 0000000..4e19fce
Binary files /dev/null and b/signed/blahdns-finland-doh.mobileconfig differ
diff --git a/signed/blahdns-germany-doh.mobileconfig b/signed/blahdns-germany-doh.mobileconfig
new file mode 100644
index 0000000..c915887
Binary files /dev/null and b/signed/blahdns-germany-doh.mobileconfig differ
diff --git a/signed/blahdns-japan-doh.mobileconfig b/signed/blahdns-japan-doh.mobileconfig
new file mode 100644
index 0000000..503b222
Binary files /dev/null and b/signed/blahdns-japan-doh.mobileconfig differ
diff --git a/signed/blahdns-singapore-doh.mobileconfig b/signed/blahdns-singapore-doh.mobileconfig
new file mode 100644
index 0000000..b98559a
Binary files /dev/null and b/signed/blahdns-singapore-doh.mobileconfig differ
diff --git a/signed/blahdns-switzerland-dot.mobileconfig b/signed/blahdns-switzerland-dot.mobileconfig
new file mode 100644
index 0000000..021d37c
Binary files /dev/null and b/signed/blahdns-switzerland-dot.mobileconfig differ
diff --git a/signed/canadianshield-family-https.mobileconfig b/signed/canadianshield-family-https.mobileconfig
index 19d15d7..a2560c2 100644
Binary files a/signed/canadianshield-family-https.mobileconfig and b/signed/canadianshield-family-https.mobileconfig differ
diff --git a/signed/canadianshield-family-tls.mobileconfig b/signed/canadianshield-family-tls.mobileconfig
index 230f0fd..8e7bf82 100644
Binary files a/signed/canadianshield-family-tls.mobileconfig and b/signed/canadianshield-family-tls.mobileconfig differ
diff --git a/signed/canadianshield-private-https.mobileconfig b/signed/canadianshield-private-https.mobileconfig
index 6580b2c..7f095b7 100644
Binary files a/signed/canadianshield-private-https.mobileconfig and b/signed/canadianshield-private-https.mobileconfig differ
diff --git a/signed/canadianshield-private-tls.mobileconfig b/signed/canadianshield-private-tls.mobileconfig
index 1fb38fc..f7d8a8e 100644
Binary files a/signed/canadianshield-private-tls.mobileconfig and b/signed/canadianshield-private-tls.mobileconfig differ
diff --git a/signed/canadianshield-protected-https.mobileconfig b/signed/canadianshield-protected-https.mobileconfig
index ab37a19..a36eefd 100644
Binary files a/signed/canadianshield-protected-https.mobileconfig and b/signed/canadianshield-protected-https.mobileconfig differ
diff --git a/signed/canadianshield-protected-tls.mobileconfig b/signed/canadianshield-protected-tls.mobileconfig
index 4e7153f..40df1b1 100644
Binary files a/signed/canadianshield-protected-tls.mobileconfig and b/signed/canadianshield-protected-tls.mobileconfig differ
diff --git a/signed/cloudflare-family-https.mobileconfig b/signed/cloudflare-family-https.mobileconfig
index 640f3b1..21fd7ec 100644
Binary files a/signed/cloudflare-family-https.mobileconfig and b/signed/cloudflare-family-https.mobileconfig differ
diff --git a/signed/cloudflare-https.mobileconfig b/signed/cloudflare-https.mobileconfig
index 4e82a1a..0b0cefd 100644
Binary files a/signed/cloudflare-https.mobileconfig and b/signed/cloudflare-https.mobileconfig differ
diff --git a/signed/cloudflare-malware-https.mobileconfig b/signed/cloudflare-malware-https.mobileconfig
index a5338e0..abf03d1 100644
Binary files a/signed/cloudflare-malware-https.mobileconfig and b/signed/cloudflare-malware-https.mobileconfig differ
diff --git a/signed/cloudflare-tls.mobileconfig b/signed/cloudflare-tls.mobileconfig
index 9ca63cb..7ea72c9 100644
Binary files a/signed/cloudflare-tls.mobileconfig and b/signed/cloudflare-tls.mobileconfig differ
diff --git a/signed/dnspod-https.mobileconfig b/signed/dnspod-https.mobileconfig
index a43265a..3d60008 100644
Binary files a/signed/dnspod-https.mobileconfig and b/signed/dnspod-https.mobileconfig differ
diff --git a/signed/dnspod-tls.mobileconfig b/signed/dnspod-tls.mobileconfig
new file mode 100644
index 0000000..0ddb9b5
Binary files /dev/null and b/signed/dnspod-tls.mobileconfig differ
diff --git a/signed/google-https.mobileconfig b/signed/google-https.mobileconfig
index fff61ab..9546588 100644
Binary files a/signed/google-https.mobileconfig and b/signed/google-https.mobileconfig differ
diff --git a/signed/google-tls.mobileconfig b/signed/google-tls.mobileconfig
index de79f4f..97a1459 100644
Binary files a/signed/google-tls.mobileconfig and b/signed/google-tls.mobileconfig differ
diff --git a/signed/keweondns-doh.mobileconfig b/signed/keweondns-doh.mobileconfig
new file mode 100644
index 0000000..4353289
Binary files /dev/null and b/signed/keweondns-doh.mobileconfig differ
diff --git a/signed/keweondns-dot.mobileconfig b/signed/keweondns-dot.mobileconfig
new file mode 100644
index 0000000..163c76f
Binary files /dev/null and b/signed/keweondns-dot.mobileconfig differ
diff --git a/signed/mullvad-adblock-doh.mobileconfig b/signed/mullvad-adblock-doh.mobileconfig
new file mode 100644
index 0000000..ed76bfd
Binary files /dev/null and b/signed/mullvad-adblock-doh.mobileconfig differ
diff --git a/signed/mullvad-doh.mobileconfig b/signed/mullvad-doh.mobileconfig
new file mode 100644
index 0000000..721cd46
Binary files /dev/null and b/signed/mullvad-doh.mobileconfig differ
diff --git a/signed/opendns-family-https.mobileconfig b/signed/opendns-family-https.mobileconfig
new file mode 100644
index 0000000..94e3456
Binary files /dev/null and b/signed/opendns-family-https.mobileconfig differ
diff --git a/signed/opendns-familyshield.mobileconfig b/signed/opendns-familyshield.mobileconfig
deleted file mode 100644
index b67e264..0000000
Binary files a/signed/opendns-familyshield.mobileconfig and /dev/null differ
diff --git a/signed/opendns-https.mobileconfig b/signed/opendns-https.mobileconfig
index 09de316..fe9af58 100644
Binary files a/signed/opendns-https.mobileconfig and b/signed/opendns-https.mobileconfig differ
diff --git a/signed/quad9-ECS-https.mobileconfig b/signed/quad9-ECS-https.mobileconfig
new file mode 100644
index 0000000..14294ab
Binary files /dev/null and b/signed/quad9-ECS-https.mobileconfig differ
diff --git a/signed/quad9-ECS-tls.mobileconfig b/signed/quad9-ECS-tls.mobileconfig
new file mode 100644
index 0000000..7f66a8f
Binary files /dev/null and b/signed/quad9-ECS-tls.mobileconfig differ
diff --git a/signed/quad9-https.mobileconfig b/signed/quad9-https.mobileconfig
index a9afd47..04c2acb 100644
Binary files a/signed/quad9-https.mobileconfig and b/signed/quad9-https.mobileconfig differ
diff --git a/signed/quad9-tls.mobileconfig b/signed/quad9-tls.mobileconfig
index 1fee1ac..9f6f424 100644
Binary files a/signed/quad9-tls.mobileconfig and b/signed/quad9-tls.mobileconfig differ
diff --git a/signed/tiarapp-https.mobileconfig b/signed/tiarapp-https.mobileconfig
index 6d595af..e17b054 100644
Binary files a/signed/tiarapp-https.mobileconfig and b/signed/tiarapp-https.mobileconfig differ
diff --git a/signed/tiarapp-tls.mobileconfig b/signed/tiarapp-tls.mobileconfig
index ab164b2..11ab112 100644
Binary files a/signed/tiarapp-tls.mobileconfig and b/signed/tiarapp-tls.mobileconfig differ