diff --git a/.github/funding.yml b/.github/funding.yml new file mode 100644 index 0000000..43f16ab --- /dev/null +++ b/.github/funding.yml @@ -0,0 +1,2 @@ +github: paulmillr +# custom: https://paulmillr.com/funding/ \ No newline at end of file diff --git a/README.md b/README.md index b03e547..f8c17db 100644 --- a/README.md +++ b/README.md @@ -1,41 +1,66 @@ # encrypted-dns-configs -Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). +Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile). -Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) +### Caveats + +DoH seems to work faster & better than DoT judging from the [Google's article](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html). + +Starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news. There are still some other issues; we can't fix them, only Apple can: + +- eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18) +- Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19) + +If you need even more privacy, check out [encrypted-dns over TOR](https://github.com/alecmuffett/dohot). ## Providers +`Censorship=yes` means the profile will not send true information about `hostname=IP` relation for some hosts. + | Name | Country | Censorship | Notes | Install button | |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | -| AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | -| Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | ๐ŸŸข | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | -| Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐ŸŸข | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | -| Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | -| Canadian Shield Family | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) | +| AdGuard Default | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#default) by AdGuard (Filters ads, tracking & phishing) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig) | +| AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#family-protection) by AdGuard (Filters Default + malware & adult content) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig) | +| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | No | [Operated](https://adguard-dns.io/kb/general/dns-providers/#non-filtering) by AdGuard (Non-filtering) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) | +| AliDNS | ๐Ÿ‡จ๐Ÿ‡ณ | Yes | [Operated](https://www.alidns.com/) by Alibaba in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig) | +| Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | No | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | +| BlahDNS CDN Filtered | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) | +| BlahDNS CDN Unfiltered | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) | +| BlahDNS Finland Adsblock | ๐Ÿ‡ซ๐Ÿ‡ฎ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig) | +| BlahDNS Germany Adsblock | ๐Ÿ‡ฉ๐Ÿ‡ช | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) | +| BlahDNS Japan Adsblock | ๐Ÿ‡ฏ๐Ÿ‡ต | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) | +| BlahDNS Singapore Adsblock| ๐Ÿ‡ธ๐Ÿ‡ฌ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) | +| BlahDNS Swiss Adsblock | ๐Ÿ‡จ๐Ÿ‡ญ | Yes | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) | +| Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | No | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | +| Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | +| Canadian Shield Family | ๐Ÿ‡จ๐Ÿ‡ฆ | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) | | Cleanbrowsing Family Filter | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult, mixed content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig) | | Cleanbrowsing Adult Filter | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig) | | Cleanbrowsing Security Filter | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig) | -| Cloudflare | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) | -| Cloudflare Malware | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) | -| Cloudflare Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) | -| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | ๐Ÿ”ด | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig) | -| Google | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | -| OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | -| OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | -| Quad9 | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | -| Tiar.app | ๐Ÿ‡ธ๐Ÿ‡ฌ ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) | +| Cloudflare | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) | +| Cloudflare Malware | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) | +| Cloudflare Family | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) | +| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | Yes | [Operated](https://www.dnspod.cn/Products/publicdns?lang=en) by DNSPod (Tencent) in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) | +| Google | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | +| OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | +| OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | +| Quad9 | ๐Ÿ‡จ๐Ÿ‡ญ | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | +| Quad9 With ECS | ๐Ÿ‡จ๐Ÿ‡ญ | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig) | +| Tiar.app | ๐Ÿ‡ธ๐Ÿ‡ฌ ๐Ÿ‡บ๐Ÿ‡ธ | Yes | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) | ## Installation -To make settings work across all apps in **iOS 14** & **MacOS Big Sur**, youโ€™ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: itโ€™s not enough to simply set server IPs in System Preferences โ€” you need to install a profile. +To make settings work across all apps in **iOS** & **MacOS**, youโ€™ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: itโ€™s not enough to simply set server IPs in System Preferences โ€” you need to install a profile. -To install, simply open the file in GitHib, and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. +To install, simply open the file in GitHub by using Safari (other browsers will just download the file and won't ask for installation), and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. ## Signed Profiles -In the signed folder, we have signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little. +In the signed folder, we have *slightly outdated* signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little. [comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.) To verify resolver IPs and hostnames, compare mobileconfig files to their documentation URLs. Internal workings of the profiles are described on [developer.apple.com](https://developer.apple.com/documentation/devicemanagement/dnssettings). In order to verify signed mobileconfigs, you will need to download them to your computer and open them in a text editor, because signing profiles makes GitHub think that they are binary files. + +## Contributing a new profile + +Profiles are basically text files. Copy an existing one and change its UUID, for example, by generating a new one online. Make sure you update README with new profile's info. diff --git a/profiles/adguard-https.mobileconfig b/profiles/adguard-default-https.mobileconfig similarity index 100% rename from profiles/adguard-https.mobileconfig rename to profiles/adguard-default-https.mobileconfig diff --git a/profiles/adguard-default-tls.mobileconfig b/profiles/adguard-default-tls.mobileconfig new file mode 100644 index 0000000..9960bc1 --- /dev/null +++ b/profiles/adguard-default-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2a10:50c0::ad1:ff + 2a10:50c0::ad2:ff + 94.140.14.14 + 94.140.15.15 + + ServerName + dns.adguard.com + + PayloadDescription + Configures device to use Adguard Default Encrypted DNS over TLS + PayloadDisplayName + Adguard Default DNS over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.e17cf1fa-0f0f-48a9-a68b-395804ed1850 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 28b90644-fc1e-409a-81e7-939598fee661 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Adguard Default DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + Adguard Default DNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 54A8F485-C9E3-4475-B651-3656DF781F4F + PayloadVersion + 1 + + diff --git a/profiles/adguard-family-tls.mobileconfig b/profiles/adguard-family-tls.mobileconfig new file mode 100644 index 0000000..db648b2 --- /dev/null +++ b/profiles/adguard-family-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2a10:50c0::bad1:ff + 2a10:50c0::bad2:ff + 94.140.14.15 + 94.140.15.16 + + ServerName + dns-family.adguard.com + + PayloadDescription + Configures device to use AdGuard Family Protection Encrypted DNS over TLS + PayloadDisplayName + AdGuard Family Protection DNS over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.56f69d61-c1d2-422b-989a-adeeb1b6ddc0 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 1cda01f8-b05b-4b0d-8675-44eeb5290564 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the AdGuard Family Protection DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + AdGuard Family Protection DNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + FF00A616-63CE-4078-8786-800A1F357A9C + PayloadVersion + 1 + + diff --git a/profiles/adguard-nofilter-https.mobileconfig b/profiles/adguard-nofilter-https.mobileconfig new file mode 100644 index 0000000..686e67b --- /dev/null +++ b/profiles/adguard-nofilter-https.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2a10:50c0::1:ff + 2a10:50c0::2:ff + 94.140.14.140 + 94.140.14.141 + + ServerURL + https://dns-unfiltered.adguard.com/dns-query + + PayloadDescription + Configures device to use Adguard No Filter Encrypted DNS over TLS + PayloadDisplayName + Adguard No Filter over HTTPS + PayloadIdentifier + com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 35d5c8a0-afa6-4b36-a9fe-099a997b44ad + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Adguard No Filter to Big Sur and iOS 14 based systems + PayloadDisplayName + Adguard No Filter over HTTPS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + A4475135-633A-4F15-A79B-BE15093DC97A + PayloadVersion + 1 + + diff --git a/profiles/adguard-nofilter-tls.mobileconfig b/profiles/adguard-nofilter-tls.mobileconfig new file mode 100644 index 0000000..0bfb7e6 --- /dev/null +++ b/profiles/adguard-nofilter-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2a10:50c0::1:ff + 2a10:50c0::2:ff + 94.140.14.140 + 94.140.14.141 + + ServerName + dns-unfiltered.adguard.com + + PayloadDescription + Configures device to use Adguard No Filter Encrypted DNS over TLS + PayloadDisplayName + Adguard No Filter over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.C498EC0C-EF6C-44F0-BFB7-0000658B99AC + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 065AB183-5E34-4794-9BEB-B5327CF61F27 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Adguard No Filter to Big Sur and iOS 14 based systems + PayloadDisplayName + Adguard No Filter over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 030E6D6F-69A2-4515-9D77-99342CB9AE76 + PayloadVersion + 1 + + diff --git a/profiles/alibaba-tls.mobileconfig b/profiles/alibaba-tls.mobileconfig new file mode 100644 index 0000000..72635dd --- /dev/null +++ b/profiles/alibaba-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2400:3200::1 + 2400:3200:baba::1 + 223.5.5.5 + 223.6.6.6 + + ServerName + dns.alidns.com + + PayloadDescription + Configures device to use AliDNS Encrypted DNS over TLS + PayloadDisplayName + AliDNS DNS over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 35d5c8a0-afa6-4b36-a9fe-099a997b44ad + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the AliDNS to Big Sur and iOS 14 based systems + PayloadDisplayName + AliDNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 6C7F342C-930C-49D7-8FFF-750F38CE39DD + PayloadVersion + 1 + + diff --git a/profiles/blahdns-cdn-adblock-doh1.mobileconfig b/profiles/blahdns-cdn-adblock-doh1.mobileconfig new file mode 100644 index 0000000..b541373 --- /dev/null +++ b/profiles/blahdns-cdn-adblock-doh1.mobileconfig @@ -0,0 +1,50 @@ + + + + + PayloadDisplayName + BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (CDN / Adblock / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + f48cc7b9-702c-4854-b70d-8bc7670122b2 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + 6733d4c7-e68f-4c2e-93c2-2c7ee6f30330 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerURL + https://doh1.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 4062c3f9-1314-4f8f-9c77-fd7de27f7564 + PayloadUUID + f31114d1-c0a9-4dd9-b69c-c3b966f66efd + PayloadDisplayName + BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig new file mode 100644 index 0000000..874cf2d --- /dev/null +++ b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig @@ -0,0 +1,50 @@ + + + + + PayloadDisplayName + BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 18ad0337-95f9-4486-a06a-471fd266302f + PayloadScope + User + PayloadType + Configuration + PayloadUUID + e9eb7fc8-c387-4812-b462-534aa8ad4e6b + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerURL + https://doh1.blahdns.com/uncensor + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 6d68da6a-7266-4881-9e8a-905d0144ffe3 + PayloadUUID + 3b2c493e-ba1e-4649-a355-0a02ad3a0a38 + PayloadDisplayName + BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-finland-doh.mobileconfig b/profiles/blahdns-finland-doh.mobileconfig new file mode 100644 index 0000000..a05bfa9 --- /dev/null +++ b/profiles/blahdns-finland-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Finland) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Finland) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + a7db5914-98f4-4e74-bba1-0a8f372951b0 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + 17eda01f-d01b-4de0-af05-ab1f9c07659d + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 95.216.212.177 + 2a01:4f9:c010:43ce::1 + + ServerURL + https://doh-fi.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + ba4a6e83-fd37-420e-a8aa-b211c5ab19ea + PayloadUUID + 381f7e88-72c5-4269-81bb-00f48e4d13c1 + PayloadDisplayName + BlahDNS (Finland) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-germany-doh.mobileconfig b/profiles/blahdns-germany-doh.mobileconfig new file mode 100644 index 0000000..d63ed00 --- /dev/null +++ b/profiles/blahdns-germany-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Germany) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Germany) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 7ceea522-fa35-4244-8ea7-bda4249042e4 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + e6030f10-0a65-4674-9a5b-d15821f50893 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 78.46.244.143 + 2a01:4f8:c17:ec67::1 + + ServerURL + https://doh-de.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 5ea517ba-7d0b-4a15-8370-62cbe2db0cef + PayloadUUID + 4a7897a7-a8c4-499b-b0ec-2dd4ec7dd268 + PayloadDisplayName + BlahDNS (Germany) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-japan-doh.mobileconfig b/profiles/blahdns-japan-doh.mobileconfig new file mode 100644 index 0000000..1a7e57b --- /dev/null +++ b/profiles/blahdns-japan-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Japan) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Japan) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 41e87916-faaf-42f5-9378-a236e57fca50 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + 3ac76bbe-dc66-4078-adc7-c172cd904b1b + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 139.162.112.47 + 2400:8902::f03c:92ff:fe27:344b + + ServerURL + https://doh-jp.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 51b4aa71-c669-4b9d-8897-3c6cd05f683c + PayloadUUID + 22713002-14e1-4024-8a7a-65ddf0596a13 + PayloadDisplayName + BlahDNS (Japan) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-singapore-doh.mobileconfig b/profiles/blahdns-singapore-doh.mobileconfig new file mode 100644 index 0000000..93f3371 --- /dev/null +++ b/profiles/blahdns-singapore-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Singapore) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Singapore) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 2d165223-6bd3-434e-9c19-de0dfde431ca + PayloadScope + User + PayloadType + Configuration + PayloadUUID + c8634ed8-44b2-4ee9-a535-2fd7543f12c7 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 192.53.175.149 + 2400:8901::f03c:92ff:fe27:870a + + ServerURL + https://doh-sg.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + e22232ff-8464-4d89-b24f-6ea9b4321231 + PayloadUUID + bef58883-0fd0-45a0-85df-e2a658feb31a + PayloadDisplayName + BlahDNS (Singapore) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-switzerland-dot.mobileconfig b/profiles/blahdns-switzerland-dot.mobileconfig new file mode 100644 index 0000000..da76d42 --- /dev/null +++ b/profiles/blahdns-switzerland-dot.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Switzerland) DNS over TLS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Switzerland) DNS over TLS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 3ad2f21d-c5d2-4b0a-8d33-2d9425c89d49 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + dfe58b36-d5ca-4e7e-9ea2-b8912749dee4 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 45.91.92.121 + 2a0e:dc0:6:23::2 + + ServerName + dot-ch.blahdns.com + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 7744a781-a3f8-4120-9fbf-022bfd233b37 + PayloadUUID + 94d7a50d-b74c-4743-8796-d024c4910bdf + PayloadDisplayName + BlahDNS (Switzerland) DNS over TLS + PayloadVersion + 1 + + + + diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-https.mobileconfig index 8cc1196..d1ea9cf 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-https.mobileconfig @@ -11,8 +11,8 @@ HTTPS ServerAddresses - 162.14.21.56 - 162.14.21.178 + 1.12.12.12 + 120.53.53.53 ServerURL https://doh.pub/dns-query diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig new file mode 100644 index 0000000..cb4e5aa --- /dev/null +++ b/profiles/dnspod-tls.mobileconfig @@ -0,0 +1,51 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 1.12.12.12 + 120.53.53.53 + + ServerName + dot.pub + + PayloadDescription + Configures device to use DNSPod Encrypted DNS over TLS + PayloadDisplayName + DNSPod over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.C498EC0C-EF6C-44F0-BFB7-0000658B99AC + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 065AB183-5E34-4794-9BEB-B5327CF61F27 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the DNSPod to Big Sur and iOS 14 based systems + PayloadDisplayName + DNSPod over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 3FFF1FEC-04EB-4D2B-94AB-602EE3261D1D + PayloadVersion + 1 + + diff --git a/profiles/quad9-ECS-https.mobileconfig b/profiles/quad9-ECS-https.mobileconfig new file mode 100644 index 0000000..59b9bf0 --- /dev/null +++ b/profiles/quad9-ECS-https.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2620:fe::fe:11 + 2620:fe::11 + 9.9.9.11 + 149.112.112.11 + + ServerURL + https://dns11.quad9.net/dns-query + + PayloadDescription + Configures device to use Quad9 Encrypted DNS over HTTPS with ECS + PayloadDisplayName + Quad9 DNS over HTTPS with ECS + PayloadIdentifier + com.apple.dnsSettings.managed.1a93b54b-8541-4536-8302-c08159ca9184 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + ffee2c6b-9cff-4c2a-892c-e03788bcbd64 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + Quad9 with ECS Encrypted DNS over HTTPS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 088A5DC0-0E1F-4699-A56D-A709078D7603 + PayloadVersion + 1 + + diff --git a/profiles/quad9-ECS-tls.mobileconfig b/profiles/quad9-ECS-tls.mobileconfig new file mode 100644 index 0000000..3c5cb46 --- /dev/null +++ b/profiles/quad9-ECS-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2620:fe::fe:11 + 2620:fe::11 + 9.9.9.11 + 149.112.112.11 + + ServerName + dns11.quad9.net + + PayloadDescription + Configures device to use Quad9 with ECS Encrypted DNS over HTTPS + PayloadDisplayName + Quad9 DNS over TLS with ECS + PayloadIdentifier + com.apple.dnsSettings.managed.1a93b54b-8541-4536-8302-c08159ca9184 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + ffee2c6b-9cff-4c2a-892c-e03788bcbd64 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + Quad9 with ECS Encrypted DNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 36F1938F-2141-4EF1-BA24-05D12CEF440B + PayloadVersion + 1 + +