CalvinBackup/encrypted-dns
1
0
Fork 0
mirror of https://github.com/paulmillr/encrypted-dns.git synced 2026-02-12 17:22:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README

Browse Source 
- Improved README doc
- Localized README doc in Mandarin Chinese (CN & TW)
This commit is contained in:
bartender
2023-04-28 04:06:01 +08:00
parent 3c9f4dc887
commit 214d612b4a
3 changed files with 468 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
README.cmn-CN.md Normal file
View File

@@ -0,0 +1,170 @@
[English](https://github.com/paulmillr/encrypted-dns/) | 简体中文 | [繁體中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-TW.md)
# 加密 DNS 配置
[DNS over HTTPS](https://zh.wikipedia.org/wiki/DNS_over_HTTPS) 和 [DNS over TLS](https://zh.wikipedia.org/wiki/DNS_over_TLS) 的配置描述文件。查看这篇文章以获取更多信息:[paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) 以及有关[提交新描述文件](#提交新描述文件)的信息。
### 注意事项
根据[谷歌这篇文章](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html)的介绍DoH 似乎比 DoT 的性能更优。
从 iOS 和 iPadOS 15.5 开始,为了简化咖啡厅、宾馆、机场等公共场所无线网络的身份认证,苹果将这些无线网络的[强制登录门户](https://zh.wikipedia.org/wiki/%E5%BC%BA%E5%88%B6%E9%97%A8%E6%88%B7)加入到了加密 DNS 排除规则中。这是个好消息,但还有一些其他问题我们无法修复,只有等苹果来解决:
- 无法启用加密 DNS[Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13)、[VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
- 部分流量绕过加密 DNS[终端和 App Store](https://github.com/paulmillr/encrypted-dns/issues/22)、[Chrome 浏览器](https://github.com/paulmillr/encrypted-dns/issues/19)
如果你需要更进一步的隐私保护,请查看[使用 Tor 网络的加密 DNS](https://github.com/alecmuffett/dohot)。
## 供应商
`审查=是`”表示描述文件不会发送某些主机“`主机名=IP`”关系的真实信息。
| 名称 | 区域 | 审查 | 备注 | 安装链接 |
| ------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------- |
| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 数字安全集团运营 | [HTTPS][360-dns-profile-https] |
| [AdGuard DNS 默认][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站 | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
| [AdGuard DNS 家庭保护][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容 | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
| [AdGuard DNS 无过滤][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 运营,无过滤 | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由个人提供 | [HTTPS][alekberg-dns-profile-https] |
| [阿里云公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里云计算运营 | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
| [BlahDNS CDN 过滤][blahdns] | 🇺🇸 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-cdn-filtered-profile-https] |
| [BlahDNS CDN 无过滤][blahdns] | 🇺🇸 | 否 | 由个人提供,无过滤 | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
| [BlahDNS 芬兰][blahdns] | 🇫🇮 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-finland-profile-https] |
| [BlahDNS 德国][blahdns] | 🇩🇪 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-germany-profile-https] |
| [BlahDNS 日本][blahdns] | 🇯🇵 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-japan-profile-https] |
| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-singapore-profile-https] |
| [BlahDNS 瑞士][blahdns] | 🇨🇭 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [TLS][blahdns-switzerland-profile-tls] |
| [Canadian Shield 隐私][canadian-shield] | 🇨🇦 | 否 | 由加拿大互联网注册局 (CIRA) 运营 | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
| [Canadian Shield 保护][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册局 (CIRA) 运营,拦截恶意软件和钓鱼网站 | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册局 (CIRA) 运营,拦截恶意软件、钓鱼网站和成人内容 | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 运营 | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 运营,拦截恶意软件和钓鱼网站 | [HTTPS][cloudflare-dns-security-profile-https] |
| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 运营,拦截恶意软件、钓鱼网站和成人内容 | [HTTPS][cloudflare-dns-family-profile-https] |
| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由腾讯云计算旗下 DNSPod 运营 | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
| [谷歌公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌运营 | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 运营 | [HTTPS][mullvad-dns-profile-https] |
| [Mullvad DNS 广告过滤][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 运营,拦截广告和跟踪器 | [HTTPS][mullvad-dns-adblock-profile-https] |
| [OpenDNS 标准][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 运营 | [HTTPS][opendns-standard-profile-https] |
| [OpenDNS 家庭防护][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 运营,拦截恶意软件和成人内容 | [HTTPS][opendns-familyshield-profile-https] |
| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,拦截恶意软件 | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
| [Quad9 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,支持 ECS拦截恶意软件 | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 运营,拦截广告、跟踪器、钓鱼网站和恶意软件 | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
## 安装
要使设置在 **iOS**、**iPadOS** 和 **macOS** 中所有的应用程序上生效,你需要安装配置描述文件。此文件将指引操作系统使用 DoH 或 DoT。注意只在系统无线局域网设置中设置 DNS 服务器 IP 是不够的——你需要安装描述文件。
iOS / iPadOS使用 Safari 浏览器(其他浏览器只会下载该文件,不会弹出安装提示)打开 GitHub 上的 mobileconfig 文件,然后点击“允许”按钮,描述文件将完成下载。打开 **系统设置 => 通用 => VPN、DNS 与设备管理**,选择已下载的描述文件并点击“安装”按钮。
macOS [(官方文档)](https://support.apple.com/zh-cn/guide/mac-help/mh35561/)
1. 下载并保存描述文件,将其重命名为 `NAME.mobileconfig`,而不是 txt 之类的扩展名。
2. 选取苹果菜单 >“系统设置”,点按边栏中的“隐私和安全性” ,然后点按右侧的“描述文件”。(你可能需要向下滚动。)
安装期间,系统可能会要求你提供密码或其他信息。
3. 在“已下载”部分中,连按描述文件。
4. 检查描述文件内容,然后点按“继续”、“安装”或“注册”以安装描述文件。
如果 Mac 上已安装了较早版本的描述文件,其设置将替换为更新版本中的设置。
## 范围
这条[额外选项](https://github.com/paulmillr/encrypted-dns/issues/22)似乎可以让描述文件在系统全局范围生效。如果有兴趣尝试,请将下面的内容添加到 mobileconfig 文件中:
```xml
<key>PayloadScope</key>
<string>System</string>
```
## 签名版描述文件
`signed` 文件夹中,存放了*稍微过时的*签名版描述文件。这些描述文件已由 [@Candygoblen123](https://github.com/Candygoblen123) 签名,因此当你安装时,界面上会有“已验证”的提示,此举还可确保这些描述文件未被篡改。但由于这些描述文件是交由第三方签名的,因此可能会稍微落后于未签名的版本。
[备注]: <> (我们建议安装签名版的描述文件,因为数字签名可以确保文件在下载时没有被修改。)
如要验证 DNS 解析器的 IP 和主机名,请将描述文件内容与其官方网站的文档进行比对,描述文件内部结构和属性在[苹果开发者网站](https://developer.apple.com/documentation/devicemanagement/dnssettings)上有详细讲解。如要验证签名版的描述文件,请将其下载到本地后用文本编辑器打开,因为 GitHub 会将签名版描述文件视为二进制文件而无法直接查看。
## 提交新描述文件
描述文件本质上是文本文件,将现有的描述文件复制一份并修改其 UUID 即可,请确保在本 README 文件中更新描述文件的相关信息。
随机 UUID 除了可以通过网站在线生成,还有很多其他获取方法:
- 在浏览器中按下 `F12` 打开“开发人员工具”,在控制台中运行这段代码
```javascript
crypto.randomUUID();
```
- 在 macOS / Linux 终端中运行此命令
```sh
# 适用于 macOS 和 Linux
uuidgen
# 适用于 Linux
cat /proc/sys/kernel/random/uuid
```
- 在 Powershell 中运行此命令
```powershell
New-Guid
```
[360-dns]: https://sdns.360.net/dnsPublic.html
[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
[adguard-dns-default]: https://adguard-dns.io/kb/zh-CN/general/dns-providers/#default
[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
[adguard-dns-family]: https://adguard-dns.io/kb/zh-CN/general/dns-providers/#family-protection
[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
[adguard-dns-unfiltered]: https://adguard-dns.io/kb/zh-CN/general/dns-providers/#non-filtering
[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
[alekberg-dns]: https://alekberg.net
[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
[aliyun-dns]: https://www.alidns.com/
[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
[blahdns]: https://blahdns.com/
[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig
[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig
[blahdns-finland-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig
[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig
[blahdns-japan-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig
[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig
[blahdns-switzerland-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig
[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
[dnspod-dns]: https://www.dnspod.cn/products/publicdns
[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports?hl=zh-cn
[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
[mullvad-dns]: https://mullvad.net/zh-hans/help/dns-over-https-and-dns-over-tls/
[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig
[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig
[opendns]: https://support.opendns.com/hc/articles/360038086532
[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
[tiarap]: https://doh.tiar.app
[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig

170
README.cmn-TW.md Normal file
View File

@@ -0,0 +1,170 @@
[English](https://github.com/paulmillr/encrypted-dns/) | [简体中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-CN.md) | 繁體中文
# 加密 DNS 配置
[DNS over HTTPS](https://zh.wikipedia.org/zh-tw/DNS_over_HTTPS) 和 [DNS over TLS](https://zh.wikipedia.org/zh-tw/DNS_over_TLS) 的設定描述檔。查看這篇文章以獲取更多訊息:[paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) 以及有關[提交新描述檔](#提交新描述檔)的訊息。
### 注意事項
根據 [Google 這篇文章](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html)的介紹DoH 似乎比 DoT 的性能更優。
從 iOS 和 iPadOS 15.5 開始,為了簡化咖啡館、飯店、機場等公共場所 Wi-Fi 的身份認證,蘋果將這些 Wi-Fi 的[強制網路門戶](https://zh.wikipedia.org/zh-tw/%E5%BC%BA%E5%88%B6%E9%97%A8%E6%88%B7)加入到了加密 DNS 豁免清單中。這是個好消息,但還有一些其他問題我們無法修復,只有等蘋果來解決:
- 無法啟用加密 DNS[Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13)、[VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
- 部分流量繞過加密 DNS[終端機和 App Store](https://github.com/paulmillr/encrypted-dns/issues/22)、[Chrome 瀏覽器](https://github.com/paulmillr/encrypted-dns/issues/19)
如果你需要更進一步的隱私保護,請查看[使用 Tor 網路的加密 DNS](https://github.com/alecmuffett/dohot)。
## 供應商
`審查=是`」意味著描述檔不會發送某些主機「`主機名=IP`」關係的真實訊息。
| 名稱 | 區域 | 審查 | 備註 | 安裝連結 |
| ------------------------------------------------ | ----- | ---- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 數字安全集團運營 | [HTTPS][360-dns-profile-https] |
| [AdGuard DNS 默認][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 運營,攔截廣告、跟蹤器和釣魚網站 | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
| [AdGuard DNS 家庭保護][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 運營,除默認規則外,額外攔截惡意軟體和成人內容 | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
| [AdGuard DNS 無過濾][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 運營,無攔截 | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由個人提供 | [HTTPS][alekberg-dns-profile-https] |
| [阿里雲公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里雲計算運營 | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
| [BlahDNS CDN 過濾][blahdns] | 🇺🇸 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-cdn-filtered-profile-https] |
| [BlahDNS CDN 無過濾][blahdns] | 🇺🇸 | 否 | 由個人提供,無過濾 | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
| [BlahDNS 芬蘭][blahdns] | 🇫🇮 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-finland-profile-https] |
| [BlahDNS 德國][blahdns] | 🇩🇪 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-germany-profile-https] |
| [BlahDNS 日本][blahdns] | 🇯🇵 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-japan-profile-https] |
| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [HTTPS][blahdns-singapore-profile-https] |
| [BlahDNS 瑞士][blahdns] | 🇨🇭 | 是 | 由個人提供,攔截廣告、跟蹤器和惡意軟體 | [TLS][blahdns-switzerland-profile-tls] |
| [Canadian Shield 隱私][canadian-shield] | 🇨🇦 | 否 | 由加拿大網路註冊局 (CIRA) 運營 | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
| [Canadian Shield 保護][canadian-shield] | 🇨🇦 | 是 | 由加拿大網路註冊局 (CIRA) 運營,攔截惡意軟體和釣魚網站 | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大網路註冊局 (CIRA) 運營,攔截惡意軟體、釣魚網站和成人內容 | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 運營 | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 運營,攔截惡意軟體和釣魚網站 | [HTTPS][cloudflare-dns-security-profile-https] |
| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 運營,攔截惡意軟體、釣魚網站和成人內容 | [HTTPS][cloudflare-dns-family-profile-https] |
| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由騰訊雲計算旗下 DNSPod 運營 | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由 Google 運營 | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 運營 | [HTTPS][mullvad-dns-profile-https] |
| [Mullvad DNS 廣告過濾][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN 運營,攔截廣告和跟蹤器 | [HTTPS][mullvad-dns-adblock-profile-https] |
| [OpenDNS 標準][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 運營 | [HTTPS][opendns-standard-profile-https] |
| [OpenDNS 家庭防護][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 運營,攔截惡意軟體和成人內容 | [HTTPS][opendns-familyshield-profile-https] |
| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會運營,攔截惡意軟體 | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
| [Quad9 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會運營,支持 ECS攔截惡意軟體 | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 運營,攔截廣告、跟蹤器、釣魚網站和惡意軟體 | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
## 安裝
要使設置在 **iOS**、**iPadOS** 和 **macOS** 中所有的應用程式上生效,你需要安裝設定描述檔。此文件將指引操作系統使用 DoH 或 DoT。注意僅在系統 Wi-Fi 設定中設置 DNS 伺服器 IP 是不夠的——你需要安裝描述檔。
iOS / iPadOS使用 Safari 瀏覽器(其他瀏覽器只會下載該文件,不會彈出安裝提示)打開 GitHub 上的 mobileconfig 文件,然後點擊「允許」按鈕,描述檔將完成下載。打開 **系統設定 => 一般 => VPN、DNS 與裝置管理**,選擇已下載的描述檔並點擊「安裝」按鈕。
macOS [(官方文檔)](https://support.apple.com/zh-tw/guide/mac-help/mh35561/)
1. 下載並保存描述檔,將其重命名為 `NAME.mobileconfig`,而不是 txt 之類的副檔名。
2. 選擇「蘋果」選單 >「系統設定」,按一下側邊欄中的「隱私權和安全性」,然後按一下右側的「描述檔」。(你可能需要向下捲動。)
安裝期間,系統可能會要求你提供密碼或其他資訊。
3. 在「已下載」區域中,按兩下描述檔。
4. 檢視描述檔內容然後按一下「繼續」、「安裝」或「註冊」來安裝描述檔。
若 Mac 上已安裝描述檔的較早版本,則以上版本中的設定會取代先前的設定。
## 範圍
這條[額外選項](https://github.com/paulmillr/encrypted-dns/issues/22)似乎可以讓描述文件在系統全域範圍生效。如果有興趣嘗試,請將下面的內容添加到 mobileconfig 文件中:
```xml
<key>PayloadScope</key>
<string>System</string>
```
## 簽署版描述檔
`signed` 文件夾中,存放了*稍微過時的*簽署版描述檔。這些描述檔已由 [@Candygoblen123](https://github.com/Candygoblen123) 簽署,因此當你安裝時,介面上會有「已驗證」的提示,此舉還可確保這些描述檔未被篡改。但由於這些描述檔是交由第三方簽署的,因此可能會稍微落後於未簽署的版本。
[備註]: <> (我們建議安裝簽署版的描述檔,因為數位簽章可以確保文件在下載時沒有被修改。)
如要驗證 DNS 解析器的 IP 和主機名,請將描述檔內容與其官方網站的文檔進行比對,描述檔內部結構和屬性在[蘋果開發人員網站](https://developer.apple.com/documentation/devicemanagement/dnssettings)上有詳細講解。如要驗證簽署版的描述檔,請將其下載到本地後用文字編輯器打開,因為 GitHub 會將簽署版描述檔視為二進位檔案而無法直接查看。
## 提交新描述檔
描述檔本質上是文字檔案,將現有的描述檔複製一份並修改其 UUID 即可,請確保在本 README 文件中更新描述檔的相關訊息。
隨機 UUID 除了可以通過網站在線生成,還有很多其他獲取方法:
- 在瀏覽器中按下 `F12` 打開“開發人員工具”,在主控台中執行這段程式碼
```javascript
crypto.randomUUID();
```
- 在 macOS / Linux 終端機中執行此指令
```sh
# 適用於 macOS 和 Linux
uuidgen
# 適用於 Linux
cat /proc/sys/kernel/random/uuid
```
- 在 Powershell 中執行此指令
```powershell
New-Guid
```
[360-dns]: https://sdns.360.net/dnsPublic.html
[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
[adguard-dns-default]: https://adguard-dns.io/kb/zh-TW/general/dns-providers/#default
[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
[adguard-dns-family]: https://adguard-dns.io/kb/zh-TW/general/dns-providers/#family-protection
[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
[adguard-dns-unfiltered]: https://adguard-dns.io/kb/zh-TW/general/dns-providers/#non-filtering
[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
[alekberg-dns]: https://alekberg.net
[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
[aliyun-dns]: https://www.alidns.com/
[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
[blahdns]: https://blahdns.com/
[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig
[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig
[blahdns-finland-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig
[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig
[blahdns-japan-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig
[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig
[blahdns-switzerland-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig
[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
[dnspod-dns]: https://www.dnspod.cn/products/publicdns
[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports?hl=zh-tw
[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
[mullvad-dns]: https://mullvad.net/zh-hant/help/dns-over-https-and-dns-over-tls/
[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig
[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig
[opendns]: https://support.opendns.com/hc/articles/360038086532
[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
[tiarap]: https://doh.tiar.app
[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig

169
README.md
View File

@@ -1,11 +1,14 @@
English | [简体中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-CN.md) | [繁體中文](https://github.com/paulmillr/encrypted-dns/blob/master/README.cmn-TW.md)
# encrypted-dns-configs
Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile).
### Caveats
DoH seems to work faster & better than DoT judging from the [Google's article](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html).
Starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news. There are still some other issues; we can't fix them, only Apple can:
Starting from iOS & iPadOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news. There are still some other issues; we can't fix them, only Apple can:
- eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
- Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19)
@@ -16,63 +19,65 @@ If you need even more privacy, check out [encrypted-dns over TOR](https://github
`Censorship=yes` means the profile will not send true information about `hostname=IP` relation for some hosts.
| Name | Country | Censorship | Notes | Install button |
|---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 360 Public Security DNS | 🇨🇳 | Yes | [Operated](https://sdns.360.net/dnsPublic.html) by 360 Safe | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig) |
| AdGuard Default | 🇷🇺 | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#default) by AdGuard (Filters ads, tracking & phishing) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig) |
| AdGuard Family | 🇷🇺 | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#family-protection) by AdGuard (Filters Default + malware & adult content) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig) |
| AdGuard No Filter | 🇷🇺 | No | [Operated](https://adguard-dns.io/kb/general/dns-providers/#non-filtering) by AdGuard (Non-filtering) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) |
| AliDNS | 🇨🇳 | Yes | [Operated](https://www.alidns.com/) by Alibaba in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig) |
| Alekberg | 🇳🇱 | No | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) |
| BlahDNS CDN Filtered | 🇺🇸 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) |
| BlahDNS CDN Unfiltered | 🇺🇸 | No | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) |
| BlahDNS Finland Adsblock | 🇫🇮 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig) |
| BlahDNS Germany Adsblock | 🇩🇪 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) |
| BlahDNS Japan Adsblock | 🇯🇵 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) |
| BlahDNS Singapore Adsblock| 🇸🇬 | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) |
| BlahDNS Swiss Adsblock | 🇨🇭 | Yes | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) |
| Canadian Shield Private | 🇨🇦 | No | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) |
| Canadian Shield Protected | 🇨🇦 | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) |
| Canadian Shield Family | 🇨🇦 | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) |
| Cloudflare | 🇺🇸 | No | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) |
| Cloudflare Malware | 🇺🇸 | Yes | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) |
| Cloudflare Family | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) |
| DNSPod | 🇨🇳 | Yes | [Operated](https://www.dnspod.cn/Products/publicdns?lang=en) by DNSPod (Tencent) in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) |
| Google | 🇺🇸 | No | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) |
| Mullvad | 🇸🇪 | Yes | [Operated](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/) by Mullvad VPN AB | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig) |
| Mullvad with ad blocking | 🇸🇪 | Yes | [Operated](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/) by Mullvad VPN AB | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig) |
| OpenDNS | 🇺🇸 | No | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) |
| OpenDNS Family | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) |
| Quad9 | 🇨🇭 | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) |
| Quad9 With ECS | 🇨🇭 | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig) |
| Tiar.app | 🇸🇬 🇺🇸 | Yes | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) |
| Name | Region | Censorship | Notes | Install button |
| ---------------------------------------------------- | ------ | ---------- | --------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| [360 Security DNS][360-dns] | 🇨🇳 | Yes | Operated by 360 Digital Security Group | [HTTPS][360-dns-profile-https] |
| [AdGuard DNS Default][adguard-dns-default] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
| [AdGuard DNS Family Protection][adguard-dns-family] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
| [AdGuard DNS Non-filtering][adguard-dns-unfiltered] | 🇷🇺 | No | Operated by AdGuard Software Ltd. Non-filtering | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
| [Alekberg Encrypted DNS][alekberg-dns] | 🇳🇱 | No | Independent | [HTTPS][alekberg-dns-profile-https] |
| [Aliyun Public DNS][aliyun-dns] | 🇨🇳 | No | Operated by Alibaba Cloud Ltd. | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
| [BlahDNS CDN Filtered][blahdns] | 🇺🇸 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-cdn-filtered-profile-https] |
| [BlahDNS CDN Unfiltered][blahdns] | 🇺🇸 | No | Independent. Non-filtering | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
| [BlahDNS Finland][blahdns] | 🇫🇮 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-finland-profile-https] |
| [BlahDNS Germany][blahdns] | 🇩🇪 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-germany-profile-https] |
| [BlahDNS Japan][blahdns] | 🇯🇵 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-japan-profile-https] |
| [BlahDNS Singapore][blahdns] | 🇸🇬 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-singapore-profile-https] |
| [BlahDNS Switzerland][blahdns] | 🇨🇭 | Yes | Independent. Blocks ads, tracking & malware | [TLS][blahdns-switzerland-profile-tls] |
| [Canadian Shield Private][canadian-shield] | 🇨🇦 | No | Operated by the Canadian Internet Registration Authority (CIRA) | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
| [Canadian Shield Protected][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
| [Canadian Shield Family][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | No | Operated by Cloudflare Inc. | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
| [Cloudflare 1.1.1.1 Security][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware & phishing | [HTTPS][cloudflare-dns-security-profile-https] |
| [Cloudflare 1.1.1.1 Family][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware, phishing & adult content | [HTTPS][cloudflare-dns-family-profile-https] |
| [DNSPod Public DNS][dnspod-dns] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
| [Google Public DNS][google-dns] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
| [Mullvad DNS][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-dns-profile-https] |
| [Mullvad DNS Adblock][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB. Blocks ads & tracking | [HTTPS][mullvad-dns-adblock-profile-https] |
| [OpenDNS Standard][opendns] | 🇺🇸 | No | Operated by Cisco OpenDNS LLC | [HTTPS][opendns-standard-profile-https] |
| [OpenDNS FamilyShield][opendns] | 🇺🇸 | Yes | Operated by Cisco OpenDNS LLC. Blocks malware & adult content | [HTTPS][opendns-familyshield-profile-https] |
| [Quad9][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Blocks malware | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
| [Quad9 w/ ECS][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Supports ECS. Blocks malware | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | Yes | Operated by Tiarap Inc. Blocks ads, tracking, phising & malware | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
## Installation
To make settings work across all apps in **iOS** & **MacOS**, youll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: its not enough to simply set server IPs in System Preferences — you need to install a profile.
To make settings work across all apps in **iOS**, **iPadOS** & **macOS**, you'll need to install configuration profile. This profile would tell operating system to use DoH / DoT. Note: it's not enough to simply set server IPs in System Preferences — you need to install a profile.
iOS: Open the mobileconfig file in GitHub by using Safari (other browsers will just download the file and won't ask for installation), and then click/tap on install button. The profile should download. Go to **System Settings => General => VPN, DNS & Device Management**, select downloaded profile and tap the Install button.
iOS / iPadOS: Open the mobileconfig file in GitHub by using Safari (other browsers will just download the file and won't ask for installation), and then click/tap on "Allow" button. The profile should download. Go to **System Settings => General => VPN, DNS & Device Management**, select downloaded profile and tap the "Install" button.
macOS [(official docs)](https://support.apple.com/guide/mac-help/mh35561/):
macOS [(official docs)](https://support.apple.com/guide/mac-help/configuration-profiles-standardize-settings-mh35561/13.0/mac/13.0):
1. Download and save the profile. After save, rename it to be in format: `NAME.mobileconfig`, not NAME.txt, or so
2. Choose Apple menu > System Settings, click Privacy and Security in the sidebar, then click Profiles on the right. You may need to scroll down.
You may be asked to supply your password or other information during installation.
2. Choose Apple menu > System Settings, click Privacy and Security in the sidebar, then click Profiles on the right. (You may need to scroll down.)
You may be asked to supply your password or other information during installation.
3. In the Downloaded section, double-click the profile.
4. Review the profile contents then click Continue, Install or Enroll to install the profile. If an earlier version of a profile is already installed on your Mac, the settings in the updated version replace the previous ones.
4. Review the profile contents then click Continue, Install or Enroll to install the profile.
If an earlier version of a profile is already installed on your Mac, the settings in the updated version replace the previous ones.
## Scope
There seems to be an [additional option](https://github.com/paulmillr/encrypted-dns/issues/22) that allows to use system-wide profiles. To try it, add this to mobileconfig file:
```
```xml
<key>PayloadScope</key>
<string>System</string>
```
## Signed Profiles
In the signed folder, we have *slightly outdated* signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little.
In the `signed` folder, we have _slightly outdated_ signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little.
[comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.)
@@ -80,4 +85,86 @@ To verify resolver IPs and hostnames, compare mobileconfig files to their docume
## Contributing a new profile
Profiles are basically text files. Copy an existing one and change its UUID, for example, by generating a new one online. Make sure you update README with new profile's info.
Profiles are basically text files. Copy an existing one and change its UUID, make sure you update README with new profile's info.
In addition to generating online, there are many other ways to generate a random UUID:
- Press `F12` to open DevTools in the browser, run this code in the console
```javascript
crypto.randomUUID();
```
- Run these commands in the macOS / Linux terminal
```sh
# Works both in macOS & Linux
uuidgen
# Works in Linux
cat /proc/sys/kernel/random/uuid
```
- Run this cmdlet in Powershell
```powershell
New-Guid
```
[360-dns]: https://sdns.360.net/dnsPublic.html
[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default
[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
[alekberg-dns]: https://alekberg.net
[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
[aliyun-dns]: https://www.alidns.com/
[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
[blahdns]: https://blahdns.com/
[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig
[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig
[blahdns-finland-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig
[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig
[blahdns-japan-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig
[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig
[blahdns-switzerland-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig
[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
[dnspod-dns]: https://www.dnspod.com/products/public.dns
[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports
[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-doh.mobileconfig
[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-doh.mobileconfig
[opendns]: https://support.opendns.com/hc/articles/360038086532
[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
[tiarap]: https://doh.tiar.app
[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig