From 174af6b3bbe734a891e366b449fa4f1435ffbe9a Mon Sep 17 00:00:00 2001 From: M B Date: Sat, 28 Aug 2021 21:09:36 +0200 Subject: [PATCH 01/28] Update README.md Correct the Flags of quad9 know in Swiss. Add Quad9 with ECS --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a2b12f..1551008 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,8 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: | Google | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | | OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | | OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | -| Quad9 | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | +| Quad9 | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | +| Quad9 With ECS | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | | Tiar.app | ๐Ÿ‡ธ๐Ÿ‡ฌ ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) | ## Installation From 92373106661f79677be1ed933c16ad415a88cb68 Mon Sep 17 00:00:00 2001 From: M B Date: Sat, 28 Aug 2021 21:13:55 +0200 Subject: [PATCH 02/28] Add files via upload Add Quad9 profile with ECS --- profiles/quad9-ECS-https.mobileconfig | 53 +++++++++++++++++++++++++++ profiles/quad9-ECS-tls.mobileconfig | 53 +++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 profiles/quad9-ECS-https.mobileconfig create mode 100644 profiles/quad9-ECS-tls.mobileconfig diff --git a/profiles/quad9-ECS-https.mobileconfig b/profiles/quad9-ECS-https.mobileconfig new file mode 100644 index 0000000..59b9bf0 --- /dev/null +++ b/profiles/quad9-ECS-https.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2620:fe::fe:11 + 2620:fe::11 + 9.9.9.11 + 149.112.112.11 + + ServerURL + https://dns11.quad9.net/dns-query + + PayloadDescription + Configures device to use Quad9 Encrypted DNS over HTTPS with ECS + PayloadDisplayName + Quad9 DNS over HTTPS with ECS + PayloadIdentifier + com.apple.dnsSettings.managed.1a93b54b-8541-4536-8302-c08159ca9184 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + ffee2c6b-9cff-4c2a-892c-e03788bcbd64 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + Quad9 with ECS Encrypted DNS over HTTPS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 088A5DC0-0E1F-4699-A56D-A709078D7603 + PayloadVersion + 1 + + diff --git a/profiles/quad9-ECS-tls.mobileconfig b/profiles/quad9-ECS-tls.mobileconfig new file mode 100644 index 0000000..3c5cb46 --- /dev/null +++ b/profiles/quad9-ECS-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2620:fe::fe:11 + 2620:fe::11 + 9.9.9.11 + 149.112.112.11 + + ServerName + dns11.quad9.net + + PayloadDescription + Configures device to use Quad9 with ECS Encrypted DNS over HTTPS + PayloadDisplayName + Quad9 DNS over TLS with ECS + PayloadIdentifier + com.apple.dnsSettings.managed.1a93b54b-8541-4536-8302-c08159ca9184 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + ffee2c6b-9cff-4c2a-892c-e03788bcbd64 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + Quad9 with ECS Encrypted DNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 36F1938F-2141-4EF1-BA24-05D12CEF440B + PayloadVersion + 1 + + From 7f777443da379bddef08ba21345733ded54fd2fb Mon Sep 17 00:00:00 2001 From: M B Date: Sat, 28 Aug 2021 21:15:19 +0200 Subject: [PATCH 03/28] Update README.md add profile --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1551008..07d3b66 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: | OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | | OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | | Quad9 | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | -| Quad9 With ECS | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | +| Quad9 With ECS | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig) | | Tiar.app | ๐Ÿ‡ธ๐Ÿ‡ฌ ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) | ## Installation From 23e852f0e2ec94a6022345dfd43d2fbb3a4b94e3 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Mon, 30 Aug 2021 17:14:26 +0300 Subject: [PATCH 04/28] README: add known issues --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 07d3b66..08aae33 100644 --- a/README.md +++ b/README.md @@ -37,3 +37,12 @@ In the signed folder, we have signed versions of the profiles in this repository [comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.) To verify resolver IPs and hostnames, compare mobileconfig files to their documentation URLs. Internal workings of the profiles are described on [developer.apple.com](https://developer.apple.com/documentation/devicemanagement/dnssettings). In order to verify signed mobileconfigs, you will need to download them to your computer and open them in a text editor, because signing profiles makes GitHub think that they are binary files. + +## Known issues + +We can't fix the issues, only Apple can: + +- [Little Snitch / Lulu disable Encrypted DNS](https://github.com/paulmillr/encrypted-dns/issues/13) +- [Some traffic e.g. Terminal / App Store is except from EDNS](https://github.com/paulmillr/encrypted-dns/issues/22) +- [Chrome is except from EDNS](https://github.com/paulmillr/encrypted-dns/issues/19) +- [VPN disable EDNS](https://github.com/paulmillr/encrypted-dns/issues/18) From e87c15d3e59542adf4d707a9ec980b451db5b0b9 Mon Sep 17 00:00:00 2001 From: MB Date: Wed, 1 Sep 2021 01:11:30 +0200 Subject: [PATCH 05/28] DNSPOD & ADGUARD (#60) * add dns pod pls * dnspod ils * Add Adguard no filters * Adguard No filter * Correction * Update dnspod-https.mobileconfig --- README.md | 5 +- profiles/adguard-nofilter-https.mobileconfig | 53 ++++++++++++++++++++ profiles/adguard-nofilter-tls.mobileconfig | 53 ++++++++++++++++++++ profiles/dnspod-https.mobileconfig | 4 +- profiles/dnspod-tls.mobileconfig | 51 +++++++++++++++++++ 5 files changed, 162 insertions(+), 4 deletions(-) create mode 100644 profiles/adguard-nofilter-https.mobileconfig create mode 100644 profiles/adguard-nofilter-tls.mobileconfig create mode 100644 profiles/dnspod-tls.mobileconfig diff --git a/README.md b/README.md index 08aae33..31c2629 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,9 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: | Name | Country | Censorship | Notes | Install button | |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | +| AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | | AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | +| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig) | | Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | ๐ŸŸข | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | | Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐ŸŸข | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | | Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | @@ -16,7 +17,7 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: | Cloudflare | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) | | Cloudflare Malware | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) | | Cloudflare Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) | -| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | ๐Ÿ”ด | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig) | +| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | ๐Ÿ”ด | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) | | Google | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | | OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | | OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | diff --git a/profiles/adguard-nofilter-https.mobileconfig b/profiles/adguard-nofilter-https.mobileconfig new file mode 100644 index 0000000..686e67b --- /dev/null +++ b/profiles/adguard-nofilter-https.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2a10:50c0::1:ff + 2a10:50c0::2:ff + 94.140.14.140 + 94.140.14.141 + + ServerURL + https://dns-unfiltered.adguard.com/dns-query + + PayloadDescription + Configures device to use Adguard No Filter Encrypted DNS over TLS + PayloadDisplayName + Adguard No Filter over HTTPS + PayloadIdentifier + com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 35d5c8a0-afa6-4b36-a9fe-099a997b44ad + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Adguard No Filter to Big Sur and iOS 14 based systems + PayloadDisplayName + Adguard No Filter over HTTPS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + A4475135-633A-4F15-A79B-BE15093DC97A + PayloadVersion + 1 + + diff --git a/profiles/adguard-nofilter-tls.mobileconfig b/profiles/adguard-nofilter-tls.mobileconfig new file mode 100644 index 0000000..0bfb7e6 --- /dev/null +++ b/profiles/adguard-nofilter-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2a10:50c0::1:ff + 2a10:50c0::2:ff + 94.140.14.140 + 94.140.14.141 + + ServerName + dns-unfiltered.adguard.com + + PayloadDescription + Configures device to use Adguard No Filter Encrypted DNS over TLS + PayloadDisplayName + Adguard No Filter over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.C498EC0C-EF6C-44F0-BFB7-0000658B99AC + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 065AB183-5E34-4794-9BEB-B5327CF61F27 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Adguard No Filter to Big Sur and iOS 14 based systems + PayloadDisplayName + Adguard No Filter over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 030E6D6F-69A2-4515-9D77-99342CB9AE76 + PayloadVersion + 1 + + diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-https.mobileconfig index 8cc1196..b99a04e 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-https.mobileconfig @@ -11,8 +11,8 @@ HTTPS ServerAddresses - 162.14.21.56 - 162.14.21.178 + 119.29.29.29 + 119.28.28.28 ServerURL https://doh.pub/dns-query diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig new file mode 100644 index 0000000..1f3c184 --- /dev/null +++ b/profiles/dnspod-tls.mobileconfig @@ -0,0 +1,51 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 119.29.29.29 + 119.28.28.28 + + ServerName + dot.pub + + PayloadDescription + Configures device to use DNSPod Encrypted DNS over TLS + PayloadDisplayName + DNSPod over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.C498EC0C-EF6C-44F0-BFB7-0000658B99AC + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 065AB183-5E34-4794-9BEB-B5327CF61F27 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the DNSPod to Big Sur and iOS 14 based systems + PayloadDisplayName + DNSPod over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 030E6D6F-69A2-4515-9D77-99342CB9AE76 + PayloadVersion + 1 + + From 5b1a8c1f22ce31d50ec4a5432fc5c29762fbcc3d Mon Sep 17 00:00:00 2001 From: MB Date: Thu, 23 Sep 2021 05:34:17 +0200 Subject: [PATCH 06/28] Add BlahDNS (#66) --- README.md | 7 +++ .../blahdns-cdn-adblock-doh1.mobileconfig | 50 +++++++++++++++++ .../blahdns-cdn-unfiltered-doh1.mobileconfig | 50 +++++++++++++++++ profiles/blahdns-finland-doh.mobileconfig | 55 +++++++++++++++++++ profiles/blahdns-germany-doh.mobileconfig | 55 +++++++++++++++++++ profiles/blahdns-japan-doh.mobileconfig | 55 +++++++++++++++++++ profiles/blahdns-singapore-doh.mobileconfig | 55 +++++++++++++++++++ profiles/blahdns-switzerland-dot.mobileconfig | 55 +++++++++++++++++++ 8 files changed, 382 insertions(+) create mode 100644 profiles/blahdns-cdn-adblock-doh1.mobileconfig create mode 100644 profiles/blahdns-cdn-unfiltered-doh1.mobileconfig create mode 100644 profiles/blahdns-finland-doh.mobileconfig create mode 100644 profiles/blahdns-germany-doh.mobileconfig create mode 100644 profiles/blahdns-japan-doh.mobileconfig create mode 100644 profiles/blahdns-singapore-doh.mobileconfig create mode 100644 profiles/blahdns-switzerland-dot.mobileconfig diff --git a/README.md b/README.md index 31c2629..5898add 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,13 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: | AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | | AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig) | | Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | ๐ŸŸข | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | +| BlahDNS CDN Filtered | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) | +| BlahDNS CDN Unfiltered | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) | +| BlahDNS Finland Adsblock | ๐Ÿ‡ซ๐Ÿ‡ฎ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig) | +| BlahDNS Germany Adsblock | ๐Ÿ‡ฉ๐Ÿ‡ช | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) | +| BlahDNS Japan Adsblock | ๐Ÿ‡ฏ๐Ÿ‡ต | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) | +| BlahDNS Singapore Adsblock| ๐Ÿ‡ธ๐Ÿ‡ฌ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) | +| BlahDNS Swiss Adsblock | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) | | Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐ŸŸข | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | | Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | | Canadian Shield Family | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) | diff --git a/profiles/blahdns-cdn-adblock-doh1.mobileconfig b/profiles/blahdns-cdn-adblock-doh1.mobileconfig new file mode 100644 index 0000000..b541373 --- /dev/null +++ b/profiles/blahdns-cdn-adblock-doh1.mobileconfig @@ -0,0 +1,50 @@ + + + + + PayloadDisplayName + BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (CDN / Adblock / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + f48cc7b9-702c-4854-b70d-8bc7670122b2 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + 6733d4c7-e68f-4c2e-93c2-2c7ee6f30330 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerURL + https://doh1.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 4062c3f9-1314-4f8f-9c77-fd7de27f7564 + PayloadUUID + f31114d1-c0a9-4dd9-b69c-c3b966f66efd + PayloadDisplayName + BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig new file mode 100644 index 0000000..874cf2d --- /dev/null +++ b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig @@ -0,0 +1,50 @@ + + + + + PayloadDisplayName + BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 18ad0337-95f9-4486-a06a-471fd266302f + PayloadScope + User + PayloadType + Configuration + PayloadUUID + e9eb7fc8-c387-4812-b462-534aa8ad4e6b + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerURL + https://doh1.blahdns.com/uncensor + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 6d68da6a-7266-4881-9e8a-905d0144ffe3 + PayloadUUID + 3b2c493e-ba1e-4649-a355-0a02ad3a0a38 + PayloadDisplayName + BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-finland-doh.mobileconfig b/profiles/blahdns-finland-doh.mobileconfig new file mode 100644 index 0000000..a05bfa9 --- /dev/null +++ b/profiles/blahdns-finland-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Finland) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Finland) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + a7db5914-98f4-4e74-bba1-0a8f372951b0 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + 17eda01f-d01b-4de0-af05-ab1f9c07659d + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 95.216.212.177 + 2a01:4f9:c010:43ce::1 + + ServerURL + https://doh-fi.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + ba4a6e83-fd37-420e-a8aa-b211c5ab19ea + PayloadUUID + 381f7e88-72c5-4269-81bb-00f48e4d13c1 + PayloadDisplayName + BlahDNS (Finland) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-germany-doh.mobileconfig b/profiles/blahdns-germany-doh.mobileconfig new file mode 100644 index 0000000..d63ed00 --- /dev/null +++ b/profiles/blahdns-germany-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Germany) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Germany) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 7ceea522-fa35-4244-8ea7-bda4249042e4 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + e6030f10-0a65-4674-9a5b-d15821f50893 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 78.46.244.143 + 2a01:4f8:c17:ec67::1 + + ServerURL + https://doh-de.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 5ea517ba-7d0b-4a15-8370-62cbe2db0cef + PayloadUUID + 4a7897a7-a8c4-499b-b0ec-2dd4ec7dd268 + PayloadDisplayName + BlahDNS (Germany) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-japan-doh.mobileconfig b/profiles/blahdns-japan-doh.mobileconfig new file mode 100644 index 0000000..1a7e57b --- /dev/null +++ b/profiles/blahdns-japan-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Japan) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Japan) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 41e87916-faaf-42f5-9378-a236e57fca50 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + 3ac76bbe-dc66-4078-adc7-c172cd904b1b + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 139.162.112.47 + 2400:8902::f03c:92ff:fe27:344b + + ServerURL + https://doh-jp.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 51b4aa71-c669-4b9d-8897-3c6cd05f683c + PayloadUUID + 22713002-14e1-4024-8a7a-65ddf0596a13 + PayloadDisplayName + BlahDNS (Japan) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-singapore-doh.mobileconfig b/profiles/blahdns-singapore-doh.mobileconfig new file mode 100644 index 0000000..93f3371 --- /dev/null +++ b/profiles/blahdns-singapore-doh.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Singapore) DNS over HTTPS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Singapore) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 2d165223-6bd3-434e-9c19-de0dfde431ca + PayloadScope + User + PayloadType + Configuration + PayloadUUID + c8634ed8-44b2-4ee9-a535-2fd7543f12c7 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 192.53.175.149 + 2400:8901::f03c:92ff:fe27:870a + + ServerURL + https://doh-sg.blahdns.com/dns-query + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + e22232ff-8464-4d89-b24f-6ea9b4321231 + PayloadUUID + bef58883-0fd0-45a0-85df-e2a658feb31a + PayloadDisplayName + BlahDNS (Singapore) DNS over HTTPS + PayloadVersion + 1 + + + + diff --git a/profiles/blahdns-switzerland-dot.mobileconfig b/profiles/blahdns-switzerland-dot.mobileconfig new file mode 100644 index 0000000..da76d42 --- /dev/null +++ b/profiles/blahdns-switzerland-dot.mobileconfig @@ -0,0 +1,55 @@ + + + + + PayloadDisplayName + BlahDNS (Switzerland) DNS over TLS + PayloadOrganization + BlahDNS + PayloadDescription + This profile enables BlahDNS (Switzerland) DNS over TLS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + ConsentText + + default + Privacy policy: +https://blahdns.com + + PayloadIdentifier + 3ad2f21d-c5d2-4b0a-8d33-2d9425c89d49 + PayloadScope + User + PayloadType + Configuration + PayloadUUID + dfe58b36-d5ca-4e7e-9ea2-b8912749dee4 + PayloadVersion + 1 + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 45.91.92.121 + 2a0e:dc0:6:23::2 + + ServerName + dot-ch.blahdns.com + + PayloadType + com.apple.dnsSettings.managed + PayloadIdentifier + 7744a781-a3f8-4120-9fbf-022bfd233b37 + PayloadUUID + 94d7a50d-b74c-4743-8796-d024c4910bdf + PayloadDisplayName + BlahDNS (Switzerland) DNS over TLS + PayloadVersion + 1 + + + + From 3bd09c916bf96533a126da9afcaae716bcfa1323 Mon Sep 17 00:00:00 2001 From: MB Date: Fri, 24 Sep 2021 04:46:40 +0200 Subject: [PATCH 07/28] Correct DNSPOD (#67) --- profiles/dnspod-https.mobileconfig | 4 ++-- profiles/dnspod-tls.mobileconfig | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-https.mobileconfig index b99a04e..c3150d7 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-https.mobileconfig @@ -11,8 +11,8 @@ HTTPS ServerAddresses - 119.29.29.29 - 119.28.28.28 + 162.14.21.178 + 162.14.21.56 ServerURL https://doh.pub/dns-query diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig index 1f3c184..f624f32 100644 --- a/profiles/dnspod-tls.mobileconfig +++ b/profiles/dnspod-tls.mobileconfig @@ -11,8 +11,8 @@ TLS ServerAddresses - 119.29.29.29 - 119.28.28.28 + 162.14.21.178 + 162.14.21.56 ServerName dot.pub From 88d6ef1db47b87669e62796fc1d16eb44d15b948 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ante=20Dra=C5=BEi=C4=87?= <96959476+dretva@users.noreply.github.com> Date: Sat, 16 Apr 2022 05:00:05 +0200 Subject: [PATCH 08/28] Update URL for the AdGuard "Non-filtering" TLS profile HTTPS and TLS profiles currently point to the same URL. Latter should be updated to point to the TLS profile URL. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5898add..9ad6ca2 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | | AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | -| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig) | +| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) | | Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | ๐ŸŸข | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | | BlahDNS CDN Filtered | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) | | BlahDNS CDN Unfiltered | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) | From 5d50c495ee1fc7a743dbb48c7f00f2f43e1ba936 Mon Sep 17 00:00:00 2001 From: michaeldavie Date: Sat, 16 Apr 2022 13:21:31 -0400 Subject: [PATCH 09/28] Correct BlahDNS flag --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5898add..f1e3b39 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: | BlahDNS Germany Adsblock | ๐Ÿ‡ฉ๐Ÿ‡ช | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) | | BlahDNS Japan Adsblock | ๐Ÿ‡ฏ๐Ÿ‡ต | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) | | BlahDNS Singapore Adsblock| ๐Ÿ‡ธ๐Ÿ‡ฌ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) | -| BlahDNS Swiss Adsblock | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) | +| BlahDNS Swiss Adsblock | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) | | Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐ŸŸข | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | | Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | | Canadian Shield Family | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) | From 10d6ddef6e880cb81f4f6b83c4a4ba53e934b863 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Mon, 18 Apr 2022 23:00:31 +0200 Subject: [PATCH 10/28] Update README.md --- README.md | 50 ++++++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 08747ce..ddeeb28 100644 --- a/README.md +++ b/README.md @@ -5,32 +5,34 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: ## Providers +"Censorship=yes" means the profile will not send true information about hostname=IP relation for some hosts. + | Name | Country | Censorship | Notes | Install button | |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | -| AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | ๐Ÿ”ด | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | -| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) | -| Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | ๐ŸŸข | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | -| BlahDNS CDN Filtered | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) | -| BlahDNS CDN Unfiltered | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) | -| BlahDNS Finland Adsblock | ๐Ÿ‡ซ๐Ÿ‡ฎ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig) | -| BlahDNS Germany Adsblock | ๐Ÿ‡ฉ๐Ÿ‡ช | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) | -| BlahDNS Japan Adsblock | ๐Ÿ‡ฏ๐Ÿ‡ต | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) | -| BlahDNS Singapore Adsblock| ๐Ÿ‡ธ๐Ÿ‡ฌ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) | -| BlahDNS Swiss Adsblock | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) | -| Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐ŸŸข | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | -| Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | -| Canadian Shield Family | ๐Ÿ‡จ๐Ÿ‡ฆ | ๐Ÿ”ด | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) | -| Cloudflare | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) | -| Cloudflare Malware | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) | -| Cloudflare Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) | -| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | ๐Ÿ”ด | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) | -| Google | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | -| OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | ๐ŸŸข | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | -| OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | -| Quad9 | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | -| Quad9 With ECS | ๐Ÿ‡จ๐Ÿ‡ญ | ๐Ÿ”ด | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig) | -| Tiar.app | ๐Ÿ‡ธ๐Ÿ‡ฌ ๐Ÿ‡บ๐Ÿ‡ธ | ๐Ÿ”ด | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) | +| AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | Yes ๐Ÿ”ด | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | +| AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | +| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | No ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) | +| Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | No | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | +| BlahDNS CDN Filtered | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) | +| BlahDNS CDN Unfiltered | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) | +| BlahDNS Finland Adsblock | ๐Ÿ‡ซ๐Ÿ‡ฎ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-finland-doh.mobileconfig) | +| BlahDNS Germany Adsblock | ๐Ÿ‡ฉ๐Ÿ‡ช | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-doh.mobileconfig) | +| BlahDNS Japan Adsblock | ๐Ÿ‡ฏ๐Ÿ‡ต | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-japan-doh.mobileconfig) | +| BlahDNS Singapore Adsblock| ๐Ÿ‡ธ๐Ÿ‡ฌ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-doh.mobileconfig) | +| BlahDNS Swiss Adsblock | ๐Ÿ‡จ๐Ÿ‡ญ | Yes | [Independent](https://blahdns.com/) | [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-switzerland-dot.mobileconfig) | +| Canadian Shield Private | ๐Ÿ‡จ๐Ÿ‡ฆ | No | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig) | +| Canadian Shield Protected | ๐Ÿ‡จ๐Ÿ‡ฆ | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig) | +| Canadian Shield Family | ๐Ÿ‡จ๐Ÿ‡ฆ | Yes | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig) | +| Cloudflare | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) | +| Cloudflare Malware | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) | +| Cloudflare Family | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) | +| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | Yes | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) | +| Google | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | +| OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | +| OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | +| Quad9 | ๐Ÿ‡จ๐Ÿ‡ญ | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig) | +| Quad9 With ECS | ๐Ÿ‡จ๐Ÿ‡ญ | Yes | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig) | +| Tiar.app | ๐Ÿ‡ธ๐Ÿ‡ฌ ๐Ÿ‡บ๐Ÿ‡ธ | Yes | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig) | ## Installation From febf5bcf8065cd2f0d2e6b8c8bad0654e71795bd Mon Sep 17 00:00:00 2001 From: michaeldavie Date: Thu, 21 Apr 2022 17:48:20 -0400 Subject: [PATCH 11/28] Add on-demand rules --- profiles/adguard-family-https.mobileconfig | 15 +++++++++++++++ profiles/adguard-https.mobileconfig | 15 +++++++++++++++ profiles/adguard-nofilter-https.mobileconfig | 15 +++++++++++++++ profiles/adguard-nofilter-tls.mobileconfig | 15 +++++++++++++++ profiles/alekberg-https.mobileconfig | 15 +++++++++++++++ profiles/alibaba-https.mobileconfig | 15 +++++++++++++++ profiles/blahdns-cdn-adblock-doh1.mobileconfig | 15 +++++++++++++++ profiles/blahdns-cdn-unfiltered-doh1.mobileconfig | 15 +++++++++++++++ profiles/blahdns-finland-doh.mobileconfig | 15 +++++++++++++++ profiles/blahdns-germany-doh.mobileconfig | 15 +++++++++++++++ profiles/blahdns-japan-doh.mobileconfig | 15 +++++++++++++++ profiles/blahdns-singapore-doh.mobileconfig | 15 +++++++++++++++ profiles/blahdns-switzerland-dot.mobileconfig | 15 +++++++++++++++ profiles/canadianshield-family-https.mobileconfig | 15 +++++++++++++++ profiles/canadianshield-family-tls.mobileconfig | 15 +++++++++++++++ .../canadianshield-private-https.mobileconfig | 15 +++++++++++++++ profiles/canadianshield-private-tls.mobileconfig | 15 +++++++++++++++ .../canadianshield-protected-https.mobileconfig | 15 +++++++++++++++ .../canadianshield-protected-tls.mobileconfig | 15 +++++++++++++++ profiles/cloudflare-family-https.mobileconfig | 15 +++++++++++++++ profiles/cloudflare-https.mobileconfig | 15 +++++++++++++++ profiles/cloudflare-malware-https.mobileconfig | 15 +++++++++++++++ profiles/cloudflare-tls.mobileconfig | 15 +++++++++++++++ profiles/dnspod-https.mobileconfig | 15 +++++++++++++++ profiles/dnspod-tls.mobileconfig | 15 +++++++++++++++ profiles/google-https.mobileconfig | 15 +++++++++++++++ profiles/google-tls.mobileconfig | 15 +++++++++++++++ profiles/opendns-family-https.mobileconfig | 15 +++++++++++++++ profiles/opendns-https.mobileconfig | 15 +++++++++++++++ profiles/quad9-ECS-https.mobileconfig | 15 +++++++++++++++ profiles/quad9-ECS-tls.mobileconfig | 15 +++++++++++++++ profiles/quad9-https.mobileconfig | 15 +++++++++++++++ profiles/quad9-tls.mobileconfig | 15 +++++++++++++++ profiles/tiarapp-https.mobileconfig | 15 +++++++++++++++ profiles/tiarapp-tls.mobileconfig | 15 +++++++++++++++ 35 files changed, 525 insertions(+) diff --git a/profiles/adguard-family-https.mobileconfig b/profiles/adguard-family-https.mobileconfig index e1df849..27e3d2b 100644 --- a/profiles/adguard-family-https.mobileconfig +++ b/profiles/adguard-family-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns-family.adguard.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use AdGuard Family Protection Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/adguard-https.mobileconfig b/profiles/adguard-https.mobileconfig index 8750e16..21224a5 100644 --- a/profiles/adguard-https.mobileconfig +++ b/profiles/adguard-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns.adguard.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Adguard Default Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/adguard-nofilter-https.mobileconfig b/profiles/adguard-nofilter-https.mobileconfig index 686e67b..3566f0a 100644 --- a/profiles/adguard-nofilter-https.mobileconfig +++ b/profiles/adguard-nofilter-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns-unfiltered.adguard.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Adguard No Filter Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/adguard-nofilter-tls.mobileconfig b/profiles/adguard-nofilter-tls.mobileconfig index 0bfb7e6..6bc13aa 100644 --- a/profiles/adguard-nofilter-tls.mobileconfig +++ b/profiles/adguard-nofilter-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName dns-unfiltered.adguard.com + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Adguard No Filter Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/alekberg-https.mobileconfig b/profiles/alekberg-https.mobileconfig index 317a583..d8bd2e7 100644 --- a/profiles/alekberg-https.mobileconfig +++ b/profiles/alekberg-https.mobileconfig @@ -38,6 +38,21 @@ ServerURL https://dnsnl.alekberg.net/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/alibaba-https.mobileconfig b/profiles/alibaba-https.mobileconfig index 7881614..0b65f9b 100644 --- a/profiles/alibaba-https.mobileconfig +++ b/profiles/alibaba-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns.alidns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use AliDNS Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/blahdns-cdn-adblock-doh1.mobileconfig b/profiles/blahdns-cdn-adblock-doh1.mobileconfig index b541373..5ed1ca8 100644 --- a/profiles/blahdns-cdn-adblock-doh1.mobileconfig +++ b/profiles/blahdns-cdn-adblock-doh1.mobileconfig @@ -34,6 +34,21 @@ https://blahdns.com ServerURL https://doh1.blahdns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig index 874cf2d..027caf1 100644 --- a/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig +++ b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig @@ -34,6 +34,21 @@ https://blahdns.com ServerURL https://doh1.blahdns.com/uncensor + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-finland-doh.mobileconfig b/profiles/blahdns-finland-doh.mobileconfig index a05bfa9..4e7cece 100644 --- a/profiles/blahdns-finland-doh.mobileconfig +++ b/profiles/blahdns-finland-doh.mobileconfig @@ -39,6 +39,21 @@ https://blahdns.com ServerURL https://doh-fi.blahdns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-germany-doh.mobileconfig b/profiles/blahdns-germany-doh.mobileconfig index d63ed00..55a8c6b 100644 --- a/profiles/blahdns-germany-doh.mobileconfig +++ b/profiles/blahdns-germany-doh.mobileconfig @@ -39,6 +39,21 @@ https://blahdns.com ServerURL https://doh-de.blahdns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-japan-doh.mobileconfig b/profiles/blahdns-japan-doh.mobileconfig index 1a7e57b..c948e4e 100644 --- a/profiles/blahdns-japan-doh.mobileconfig +++ b/profiles/blahdns-japan-doh.mobileconfig @@ -39,6 +39,21 @@ https://blahdns.com ServerURL https://doh-jp.blahdns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-singapore-doh.mobileconfig b/profiles/blahdns-singapore-doh.mobileconfig index 93f3371..6b5fc52 100644 --- a/profiles/blahdns-singapore-doh.mobileconfig +++ b/profiles/blahdns-singapore-doh.mobileconfig @@ -39,6 +39,21 @@ https://blahdns.com ServerURL https://doh-sg.blahdns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-switzerland-dot.mobileconfig b/profiles/blahdns-switzerland-dot.mobileconfig index da76d42..8376873 100644 --- a/profiles/blahdns-switzerland-dot.mobileconfig +++ b/profiles/blahdns-switzerland-dot.mobileconfig @@ -39,6 +39,21 @@ https://blahdns.com ServerName dot-ch.blahdns.com + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/canadianshield-family-https.mobileconfig b/profiles/canadianshield-family-https.mobileconfig index c4660cc..40e6bf4 100644 --- a/profiles/canadianshield-family-https.mobileconfig +++ b/profiles/canadianshield-family-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://family.canadianshield.cira.ca/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Canadian Shield Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/canadianshield-family-tls.mobileconfig b/profiles/canadianshield-family-tls.mobileconfig index 225d4ad..b901204 100644 --- a/profiles/canadianshield-family-tls.mobileconfig +++ b/profiles/canadianshield-family-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName family.canadianshield.cira.ca + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Canadian Shield Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/canadianshield-private-https.mobileconfig b/profiles/canadianshield-private-https.mobileconfig index 1efa22c..4402004 100644 --- a/profiles/canadianshield-private-https.mobileconfig +++ b/profiles/canadianshield-private-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://private.canadianshield.cira.ca/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Canadian Shield Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/canadianshield-private-tls.mobileconfig b/profiles/canadianshield-private-tls.mobileconfig index 5824efc..c102a49 100644 --- a/profiles/canadianshield-private-tls.mobileconfig +++ b/profiles/canadianshield-private-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName private.canadianshield.cira.ca + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Canadian Shield Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/canadianshield-protected-https.mobileconfig b/profiles/canadianshield-protected-https.mobileconfig index b588857..39a92d8 100644 --- a/profiles/canadianshield-protected-https.mobileconfig +++ b/profiles/canadianshield-protected-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://protected.canadianshield.cira.ca/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Canadian Shield Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/canadianshield-protected-tls.mobileconfig b/profiles/canadianshield-protected-tls.mobileconfig index 74ce303..114ee7a 100644 --- a/profiles/canadianshield-protected-tls.mobileconfig +++ b/profiles/canadianshield-protected-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName protected.canadianshield.cira.ca + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Canadian Shield Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/cloudflare-family-https.mobileconfig b/profiles/cloudflare-family-https.mobileconfig index 961a669..6be512b 100644 --- a/profiles/cloudflare-family-https.mobileconfig +++ b/profiles/cloudflare-family-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://family.cloudflare-dns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Cloudflare Family Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/cloudflare-https.mobileconfig b/profiles/cloudflare-https.mobileconfig index 84443e9..6761dd8 100644 --- a/profiles/cloudflare-https.mobileconfig +++ b/profiles/cloudflare-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://cloudflare-dns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Cloudflare Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/cloudflare-malware-https.mobileconfig b/profiles/cloudflare-malware-https.mobileconfig index 0dd1d85..8e04363 100644 --- a/profiles/cloudflare-malware-https.mobileconfig +++ b/profiles/cloudflare-malware-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://security.cloudflare-dns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Cloudflare no Malware Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/cloudflare-tls.mobileconfig b/profiles/cloudflare-tls.mobileconfig index 04a3542..762c533 100644 --- a/profiles/cloudflare-tls.mobileconfig +++ b/profiles/cloudflare-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName one.one.one.one + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Cloudflare Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-https.mobileconfig index c3150d7..36b85a6 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-https.mobileconfig @@ -17,6 +17,21 @@ ServerURL https://doh.pub/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use DNSPod Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig index f624f32..7e0ef5e 100644 --- a/profiles/dnspod-tls.mobileconfig +++ b/profiles/dnspod-tls.mobileconfig @@ -17,6 +17,21 @@ ServerName dot.pub + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use DNSPod Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/google-https.mobileconfig b/profiles/google-https.mobileconfig index 4ec31a5..f3851d7 100644 --- a/profiles/google-https.mobileconfig +++ b/profiles/google-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns.google/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Google Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/google-tls.mobileconfig b/profiles/google-tls.mobileconfig index e78f02b..1265d13 100644 --- a/profiles/google-tls.mobileconfig +++ b/profiles/google-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName dns.google + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Google Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/opendns-family-https.mobileconfig b/profiles/opendns-family-https.mobileconfig index 18346d6..34f40a1 100644 --- a/profiles/opendns-family-https.mobileconfig +++ b/profiles/opendns-family-https.mobileconfig @@ -12,6 +12,21 @@ ServerURL https://doh.familyshield.opendns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use OpenDNS Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/opendns-https.mobileconfig b/profiles/opendns-https.mobileconfig index 5320fdb..04d4592 100644 --- a/profiles/opendns-https.mobileconfig +++ b/profiles/opendns-https.mobileconfig @@ -12,6 +12,21 @@ ServerURL https://doh.opendns.com/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use OpenDNS Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/quad9-ECS-https.mobileconfig b/profiles/quad9-ECS-https.mobileconfig index 59b9bf0..247cc35 100644 --- a/profiles/quad9-ECS-https.mobileconfig +++ b/profiles/quad9-ECS-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns11.quad9.net/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS with ECS PayloadDisplayName diff --git a/profiles/quad9-ECS-tls.mobileconfig b/profiles/quad9-ECS-tls.mobileconfig index 3c5cb46..76bb13e 100644 --- a/profiles/quad9-ECS-tls.mobileconfig +++ b/profiles/quad9-ECS-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName dns11.quad9.net + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Quad9 with ECS Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/quad9-https.mobileconfig b/profiles/quad9-https.mobileconfig index e7f894e..b364372 100644 --- a/profiles/quad9-https.mobileconfig +++ b/profiles/quad9-https.mobileconfig @@ -19,6 +19,21 @@ ServerURL https://dns.quad9.net/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/quad9-tls.mobileconfig b/profiles/quad9-tls.mobileconfig index 7dc7674..9c332fe 100644 --- a/profiles/quad9-tls.mobileconfig +++ b/profiles/quad9-tls.mobileconfig @@ -19,6 +19,21 @@ ServerName dns.quad9.net + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/tiarapp-https.mobileconfig b/profiles/tiarapp-https.mobileconfig index d610145..128f105 100644 --- a/profiles/tiarapp-https.mobileconfig +++ b/profiles/tiarapp-https.mobileconfig @@ -12,6 +12,21 @@ ServerURL https://doh.tiar.app/dns-query + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Tiarap Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/tiarapp-tls.mobileconfig b/profiles/tiarapp-tls.mobileconfig index bf68b54..63e3d4c 100644 --- a/profiles/tiarapp-tls.mobileconfig +++ b/profiles/tiarapp-tls.mobileconfig @@ -12,6 +12,21 @@ ServerName dot.tiar.app + OnDemandRules + + + Action + Connect + InterfaceTypeMatch + Cellular + + + Action + Connect + URLStringProbe + http://captive.apple.com/hotspot-detect.html + + PayloadDescription Configures device to use Tiarap Encrypted DNS over TLS PayloadDisplayName From 1b8936b962371c5cac112057adc934886eb79a53 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Fri, 13 May 2022 03:52:14 +0400 Subject: [PATCH 12/28] Captive detection. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ddeeb28..e7bb602 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: "Censorship=yes" means the profile will not send true information about hostname=IP relation for some hosts. +All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hotspot-detect.html` in order for hotel/cafe networks to work properly. + | Name | Country | Censorship | Notes | Install button | |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | Yes ๐Ÿ”ด | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | From aa0da5d097a8b21dc2e8d1f8b3deb52d2c44d6ae Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Fri, 13 May 2022 03:52:46 +0400 Subject: [PATCH 13/28] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e7bb602..2b39e14 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https: ## Providers -"Censorship=yes" means the profile will not send true information about hostname=IP relation for some hosts. +`Censorship=yes` means the profile will not send true information about `hostname=IP` relation for some hosts. All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hotspot-detect.html` in order for hotel/cafe networks to work properly. From 30077d405b77e5f6187dbedc1c6d401b6ca9d27c Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Fri, 13 May 2022 03:53:28 +0400 Subject: [PATCH 14/28] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b39e14..fea9d1d 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ To install, simply open the file in GitHib, and then click/tap on install button ## Signed Profiles -In the signed folder, we have signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little. +In the signed folder, we have *slightly outdated* signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little. [comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.) From 855b797deed54b7cc2d1b5e4865d9b234c3250f9 Mon Sep 17 00:00:00 2001 From: schalkms <30376729+schalkms@users.noreply.github.com> Date: Sun, 22 May 2022 16:35:32 +0200 Subject: [PATCH 15/28] Fix typo in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fea9d1d..4b2d46b 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hots To make settings work across all apps in **iOS 14** & **MacOS Big Sur**, youโ€™ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: itโ€™s not enough to simply set server IPs in System Preferences โ€” you need to install a profile. -To install, simply open the file in GitHib, and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. +To install, simply open the file in GitHub, and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. ## Signed Profiles From c0ccfdb0b74e879d380b78fcef38ea6ed287c684 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sun, 5 Jun 2022 12:52:14 +0400 Subject: [PATCH 16/28] Revert "Add on-demand rules" --- profiles/adguard-family-https.mobileconfig | 15 --------------- profiles/adguard-https.mobileconfig | 15 --------------- profiles/adguard-nofilter-https.mobileconfig | 15 --------------- profiles/adguard-nofilter-tls.mobileconfig | 15 --------------- profiles/alekberg-https.mobileconfig | 15 --------------- profiles/alibaba-https.mobileconfig | 15 --------------- profiles/blahdns-cdn-adblock-doh1.mobileconfig | 15 --------------- profiles/blahdns-cdn-unfiltered-doh1.mobileconfig | 15 --------------- profiles/blahdns-finland-doh.mobileconfig | 15 --------------- profiles/blahdns-germany-doh.mobileconfig | 15 --------------- profiles/blahdns-japan-doh.mobileconfig | 15 --------------- profiles/blahdns-singapore-doh.mobileconfig | 15 --------------- profiles/blahdns-switzerland-dot.mobileconfig | 15 --------------- profiles/canadianshield-family-https.mobileconfig | 15 --------------- profiles/canadianshield-family-tls.mobileconfig | 15 --------------- .../canadianshield-private-https.mobileconfig | 15 --------------- profiles/canadianshield-private-tls.mobileconfig | 15 --------------- .../canadianshield-protected-https.mobileconfig | 15 --------------- .../canadianshield-protected-tls.mobileconfig | 15 --------------- profiles/cloudflare-family-https.mobileconfig | 15 --------------- profiles/cloudflare-https.mobileconfig | 15 --------------- profiles/cloudflare-malware-https.mobileconfig | 15 --------------- profiles/cloudflare-tls.mobileconfig | 15 --------------- profiles/dnspod-https.mobileconfig | 15 --------------- profiles/dnspod-tls.mobileconfig | 15 --------------- profiles/google-https.mobileconfig | 15 --------------- profiles/google-tls.mobileconfig | 15 --------------- profiles/opendns-family-https.mobileconfig | 15 --------------- profiles/opendns-https.mobileconfig | 15 --------------- profiles/quad9-ECS-https.mobileconfig | 15 --------------- profiles/quad9-ECS-tls.mobileconfig | 15 --------------- profiles/quad9-https.mobileconfig | 15 --------------- profiles/quad9-tls.mobileconfig | 15 --------------- profiles/tiarapp-https.mobileconfig | 15 --------------- profiles/tiarapp-tls.mobileconfig | 15 --------------- 35 files changed, 525 deletions(-) diff --git a/profiles/adguard-family-https.mobileconfig b/profiles/adguard-family-https.mobileconfig index 27e3d2b..e1df849 100644 --- a/profiles/adguard-family-https.mobileconfig +++ b/profiles/adguard-family-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns-family.adguard.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use AdGuard Family Protection Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/adguard-https.mobileconfig b/profiles/adguard-https.mobileconfig index 21224a5..8750e16 100644 --- a/profiles/adguard-https.mobileconfig +++ b/profiles/adguard-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns.adguard.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Adguard Default Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/adguard-nofilter-https.mobileconfig b/profiles/adguard-nofilter-https.mobileconfig index 3566f0a..686e67b 100644 --- a/profiles/adguard-nofilter-https.mobileconfig +++ b/profiles/adguard-nofilter-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns-unfiltered.adguard.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Adguard No Filter Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/adguard-nofilter-tls.mobileconfig b/profiles/adguard-nofilter-tls.mobileconfig index 6bc13aa..0bfb7e6 100644 --- a/profiles/adguard-nofilter-tls.mobileconfig +++ b/profiles/adguard-nofilter-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName dns-unfiltered.adguard.com - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Adguard No Filter Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/alekberg-https.mobileconfig b/profiles/alekberg-https.mobileconfig index d8bd2e7..317a583 100644 --- a/profiles/alekberg-https.mobileconfig +++ b/profiles/alekberg-https.mobileconfig @@ -38,21 +38,6 @@ ServerURL https://dnsnl.alekberg.net/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/alibaba-https.mobileconfig b/profiles/alibaba-https.mobileconfig index 0b65f9b..7881614 100644 --- a/profiles/alibaba-https.mobileconfig +++ b/profiles/alibaba-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns.alidns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use AliDNS Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/blahdns-cdn-adblock-doh1.mobileconfig b/profiles/blahdns-cdn-adblock-doh1.mobileconfig index 5ed1ca8..b541373 100644 --- a/profiles/blahdns-cdn-adblock-doh1.mobileconfig +++ b/profiles/blahdns-cdn-adblock-doh1.mobileconfig @@ -34,21 +34,6 @@ https://blahdns.com ServerURL https://doh1.blahdns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig index 027caf1..874cf2d 100644 --- a/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig +++ b/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig @@ -34,21 +34,6 @@ https://blahdns.com ServerURL https://doh1.blahdns.com/uncensor - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-finland-doh.mobileconfig b/profiles/blahdns-finland-doh.mobileconfig index 4e7cece..a05bfa9 100644 --- a/profiles/blahdns-finland-doh.mobileconfig +++ b/profiles/blahdns-finland-doh.mobileconfig @@ -39,21 +39,6 @@ https://blahdns.com ServerURL https://doh-fi.blahdns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-germany-doh.mobileconfig b/profiles/blahdns-germany-doh.mobileconfig index 55a8c6b..d63ed00 100644 --- a/profiles/blahdns-germany-doh.mobileconfig +++ b/profiles/blahdns-germany-doh.mobileconfig @@ -39,21 +39,6 @@ https://blahdns.com ServerURL https://doh-de.blahdns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-japan-doh.mobileconfig b/profiles/blahdns-japan-doh.mobileconfig index c948e4e..1a7e57b 100644 --- a/profiles/blahdns-japan-doh.mobileconfig +++ b/profiles/blahdns-japan-doh.mobileconfig @@ -39,21 +39,6 @@ https://blahdns.com ServerURL https://doh-jp.blahdns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-singapore-doh.mobileconfig b/profiles/blahdns-singapore-doh.mobileconfig index 6b5fc52..93f3371 100644 --- a/profiles/blahdns-singapore-doh.mobileconfig +++ b/profiles/blahdns-singapore-doh.mobileconfig @@ -39,21 +39,6 @@ https://blahdns.com ServerURL https://doh-sg.blahdns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/blahdns-switzerland-dot.mobileconfig b/profiles/blahdns-switzerland-dot.mobileconfig index 8376873..da76d42 100644 --- a/profiles/blahdns-switzerland-dot.mobileconfig +++ b/profiles/blahdns-switzerland-dot.mobileconfig @@ -39,21 +39,6 @@ https://blahdns.com ServerName dot-ch.blahdns.com - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadType com.apple.dnsSettings.managed PayloadIdentifier diff --git a/profiles/canadianshield-family-https.mobileconfig b/profiles/canadianshield-family-https.mobileconfig index 40e6bf4..c4660cc 100644 --- a/profiles/canadianshield-family-https.mobileconfig +++ b/profiles/canadianshield-family-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://family.canadianshield.cira.ca/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Canadian Shield Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/canadianshield-family-tls.mobileconfig b/profiles/canadianshield-family-tls.mobileconfig index b901204..225d4ad 100644 --- a/profiles/canadianshield-family-tls.mobileconfig +++ b/profiles/canadianshield-family-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName family.canadianshield.cira.ca - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Canadian Shield Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/canadianshield-private-https.mobileconfig b/profiles/canadianshield-private-https.mobileconfig index 4402004..1efa22c 100644 --- a/profiles/canadianshield-private-https.mobileconfig +++ b/profiles/canadianshield-private-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://private.canadianshield.cira.ca/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Canadian Shield Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/canadianshield-private-tls.mobileconfig b/profiles/canadianshield-private-tls.mobileconfig index c102a49..5824efc 100644 --- a/profiles/canadianshield-private-tls.mobileconfig +++ b/profiles/canadianshield-private-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName private.canadianshield.cira.ca - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Canadian Shield Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/canadianshield-protected-https.mobileconfig b/profiles/canadianshield-protected-https.mobileconfig index 39a92d8..b588857 100644 --- a/profiles/canadianshield-protected-https.mobileconfig +++ b/profiles/canadianshield-protected-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://protected.canadianshield.cira.ca/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Canadian Shield Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/canadianshield-protected-tls.mobileconfig b/profiles/canadianshield-protected-tls.mobileconfig index 114ee7a..74ce303 100644 --- a/profiles/canadianshield-protected-tls.mobileconfig +++ b/profiles/canadianshield-protected-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName protected.canadianshield.cira.ca - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Canadian Shield Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/cloudflare-family-https.mobileconfig b/profiles/cloudflare-family-https.mobileconfig index 6be512b..961a669 100644 --- a/profiles/cloudflare-family-https.mobileconfig +++ b/profiles/cloudflare-family-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://family.cloudflare-dns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Cloudflare Family Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/cloudflare-https.mobileconfig b/profiles/cloudflare-https.mobileconfig index 6761dd8..84443e9 100644 --- a/profiles/cloudflare-https.mobileconfig +++ b/profiles/cloudflare-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://cloudflare-dns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Cloudflare Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/cloudflare-malware-https.mobileconfig b/profiles/cloudflare-malware-https.mobileconfig index 8e04363..0dd1d85 100644 --- a/profiles/cloudflare-malware-https.mobileconfig +++ b/profiles/cloudflare-malware-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://security.cloudflare-dns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Cloudflare no Malware Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/cloudflare-tls.mobileconfig b/profiles/cloudflare-tls.mobileconfig index 762c533..04a3542 100644 --- a/profiles/cloudflare-tls.mobileconfig +++ b/profiles/cloudflare-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName one.one.one.one - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Cloudflare Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-https.mobileconfig index 36b85a6..c3150d7 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-https.mobileconfig @@ -17,21 +17,6 @@ ServerURL https://doh.pub/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use DNSPod Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig index 7e0ef5e..f624f32 100644 --- a/profiles/dnspod-tls.mobileconfig +++ b/profiles/dnspod-tls.mobileconfig @@ -17,21 +17,6 @@ ServerName dot.pub - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use DNSPod Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/google-https.mobileconfig b/profiles/google-https.mobileconfig index f3851d7..4ec31a5 100644 --- a/profiles/google-https.mobileconfig +++ b/profiles/google-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns.google/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Google Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/google-tls.mobileconfig b/profiles/google-tls.mobileconfig index 1265d13..e78f02b 100644 --- a/profiles/google-tls.mobileconfig +++ b/profiles/google-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName dns.google - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Google Encrypted DNS over TLS PayloadDisplayName diff --git a/profiles/opendns-family-https.mobileconfig b/profiles/opendns-family-https.mobileconfig index 34f40a1..18346d6 100644 --- a/profiles/opendns-family-https.mobileconfig +++ b/profiles/opendns-family-https.mobileconfig @@ -12,21 +12,6 @@ ServerURL https://doh.familyshield.opendns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use OpenDNS Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/opendns-https.mobileconfig b/profiles/opendns-https.mobileconfig index 04d4592..5320fdb 100644 --- a/profiles/opendns-https.mobileconfig +++ b/profiles/opendns-https.mobileconfig @@ -12,21 +12,6 @@ ServerURL https://doh.opendns.com/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use OpenDNS Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/quad9-ECS-https.mobileconfig b/profiles/quad9-ECS-https.mobileconfig index 247cc35..59b9bf0 100644 --- a/profiles/quad9-ECS-https.mobileconfig +++ b/profiles/quad9-ECS-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns11.quad9.net/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS with ECS PayloadDisplayName diff --git a/profiles/quad9-ECS-tls.mobileconfig b/profiles/quad9-ECS-tls.mobileconfig index 76bb13e..3c5cb46 100644 --- a/profiles/quad9-ECS-tls.mobileconfig +++ b/profiles/quad9-ECS-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName dns11.quad9.net - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Quad9 with ECS Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/quad9-https.mobileconfig b/profiles/quad9-https.mobileconfig index b364372..e7f894e 100644 --- a/profiles/quad9-https.mobileconfig +++ b/profiles/quad9-https.mobileconfig @@ -19,21 +19,6 @@ ServerURL https://dns.quad9.net/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/quad9-tls.mobileconfig b/profiles/quad9-tls.mobileconfig index 9c332fe..7dc7674 100644 --- a/profiles/quad9-tls.mobileconfig +++ b/profiles/quad9-tls.mobileconfig @@ -19,21 +19,6 @@ ServerName dns.quad9.net - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/tiarapp-https.mobileconfig b/profiles/tiarapp-https.mobileconfig index 128f105..d610145 100644 --- a/profiles/tiarapp-https.mobileconfig +++ b/profiles/tiarapp-https.mobileconfig @@ -12,21 +12,6 @@ ServerURL https://doh.tiar.app/dns-query - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Tiarap Encrypted DNS over HTTPS PayloadDisplayName diff --git a/profiles/tiarapp-tls.mobileconfig b/profiles/tiarapp-tls.mobileconfig index 63e3d4c..bf68b54 100644 --- a/profiles/tiarapp-tls.mobileconfig +++ b/profiles/tiarapp-tls.mobileconfig @@ -12,21 +12,6 @@ ServerName dot.tiar.app - OnDemandRules - - - Action - Connect - InterfaceTypeMatch - Cellular - - - Action - Connect - URLStringProbe - http://captive.apple.com/hotspot-detect.html - - PayloadDescription Configures device to use Tiarap Encrypted DNS over TLS PayloadDisplayName From 3337c2526798fee7b1d296fe3dff0c5c5ee078af Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Thu, 16 Jun 2022 16:26:21 +0400 Subject: [PATCH 17/28] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b2d46b..486b3ef 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # encrypted-dns-configs Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). -Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) +Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile) ## Providers @@ -50,6 +50,10 @@ In the signed folder, we have *slightly outdated* signed versions of the profile To verify resolver IPs and hostnames, compare mobileconfig files to their documentation URLs. Internal workings of the profiles are described on [developer.apple.com](https://developer.apple.com/documentation/devicemanagement/dnssettings). In order to verify signed mobileconfigs, you will need to download them to your computer and open them in a text editor, because signing profiles makes GitHub think that they are binary files. +## Contributing a new profile + +Profiles are basically text files. Copy an existing one and change its UUID, for example, by generating a new one online. Make sure you update README with new profile's info. + ## Known issues We can't fix the issues, only Apple can: From 1a894c49bf6512e300b1c3329e8d77061d9b3ced Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Thu, 16 Jun 2022 16:26:31 +0400 Subject: [PATCH 18/28] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 486b3ef..c570bed 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # encrypted-dns-configs Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). -Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile) +Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile). ## Providers From 390beb6d751539581c4b92be23bda3f0764b6384 Mon Sep 17 00:00:00 2001 From: Nakorn Date: Thu, 16 Jun 2022 17:12:15 -0400 Subject: [PATCH 19/28] Correct DNSPOD (#95) * Correct DNSPOD * Update README.md --- README.md | 2 +- profiles/dnspod-https.mobileconfig | 4 ++-- profiles/dnspod-tls.mobileconfig | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c570bed..145745b 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hots | Cloudflare | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig) | | Cloudflare Malware | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig) | | Cloudflare Family | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig) | -| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | Yes | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) | +| DNSPod | ๐Ÿ‡จ๐Ÿ‡ณ | Yes | [Operated](https://www.dnspod.cn/Products/publicdns?lang=en) by DNSPod (Tencent) in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig) | | Google | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig) | | OpenDNS | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig) | | OpenDNS Family | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig) | diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-https.mobileconfig index c3150d7..d1ea9cf 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-https.mobileconfig @@ -11,8 +11,8 @@ HTTPS ServerAddresses - 162.14.21.178 - 162.14.21.56 + 1.12.12.12 + 120.53.53.53 ServerURL https://doh.pub/dns-query diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig index f624f32..9b296c8 100644 --- a/profiles/dnspod-tls.mobileconfig +++ b/profiles/dnspod-tls.mobileconfig @@ -11,8 +11,8 @@ TLS ServerAddresses - 162.14.21.178 - 162.14.21.56 + 1.12.12.12 + 120.53.53.53 ServerName dot.pub From f947075bc31dd81c23c61c6d56f3fe07ca7b6641 Mon Sep 17 00:00:00 2001 From: Nakorn Date: Sun, 26 Jun 2022 19:30:34 -0400 Subject: [PATCH 20/28] Update AdGuard & AliDNS (#103) * Correct DNSPOD * Update README.md * Update AdGuard & AliDNS --- README.md | 7 +-- ...fig => adguard-default-https.mobileconfig} | 0 profiles/adguard-default-tls.mobileconfig | 53 +++++++++++++++++++ profiles/adguard-family-tls.mobileconfig | 53 +++++++++++++++++++ profiles/alibaba-tls.mobileconfig | 53 +++++++++++++++++++ profiles/dnspod-tls.mobileconfig | 2 +- 6 files changed, 164 insertions(+), 4 deletions(-) rename profiles/{adguard-https.mobileconfig => adguard-default-https.mobileconfig} (100%) create mode 100644 profiles/adguard-default-tls.mobileconfig create mode 100644 profiles/adguard-family-tls.mobileconfig create mode 100644 profiles/alibaba-tls.mobileconfig diff --git a/README.md b/README.md index 145745b..f547f02 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,10 @@ All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hots | Name | Country | Censorship | Notes | Install button | |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| AdGuard | ๐Ÿ‡ท๐Ÿ‡บ | Yes ๐Ÿ”ด | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-https.mobileconfig) | -| AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig) | -| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | No ๐ŸŸข | [Filters](https://adguard.com/en/adguard-dns/overview.html) Unfiltered | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) | +| AdGuard Default | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#default) by AdGuard (Filters ads, tracking & phishing) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig) | +| AdGuard Family | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#family-protection) by AdGuard (Filters Default + malware & adult content) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig) | +| AdGuard No Filter | ๐Ÿ‡ท๐Ÿ‡บ | No | [Operated](https://adguard-dns.io/kb/general/dns-providers/#non-filtering) by AdGuard (Non-filtering) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig) | +| AliDNS | ๐Ÿ‡จ๐Ÿ‡ณ | Yes | [Operated](https://www.alidns.com/) by Alibaba in China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig) | | Alekberg | ๐Ÿ‡ณ๐Ÿ‡ฑ | No | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig) | | BlahDNS CDN Filtered | ๐Ÿ‡บ๐Ÿ‡ธ | Yes | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-doh1.mobileconfig) | | BlahDNS CDN Unfiltered | ๐Ÿ‡บ๐Ÿ‡ธ | No | [Independent](https://blahdns.com/) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-doh1.mobileconfig) | diff --git a/profiles/adguard-https.mobileconfig b/profiles/adguard-default-https.mobileconfig similarity index 100% rename from profiles/adguard-https.mobileconfig rename to profiles/adguard-default-https.mobileconfig diff --git a/profiles/adguard-default-tls.mobileconfig b/profiles/adguard-default-tls.mobileconfig new file mode 100644 index 0000000..9960bc1 --- /dev/null +++ b/profiles/adguard-default-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + TLS + ServerAddresses + + 2a10:50c0::ad1:ff + 2a10:50c0::ad2:ff + 94.140.14.14 + 94.140.15.15 + + ServerName + dns.adguard.com + + PayloadDescription + Configures device to use Adguard Default Encrypted DNS over TLS + PayloadDisplayName + Adguard Default DNS over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.e17cf1fa-0f0f-48a9-a68b-395804ed1850 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 28b90644-fc1e-409a-81e7-939598fee661 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the Adguard Default DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + Adguard Default DNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 54A8F485-C9E3-4475-B651-3656DF781F4F + PayloadVersion + 1 + + diff --git a/profiles/adguard-family-tls.mobileconfig b/profiles/adguard-family-tls.mobileconfig new file mode 100644 index 0000000..db648b2 --- /dev/null +++ b/profiles/adguard-family-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2a10:50c0::bad1:ff + 2a10:50c0::bad2:ff + 94.140.14.15 + 94.140.15.16 + + ServerName + dns-family.adguard.com + + PayloadDescription + Configures device to use AdGuard Family Protection Encrypted DNS over TLS + PayloadDisplayName + AdGuard Family Protection DNS over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.56f69d61-c1d2-422b-989a-adeeb1b6ddc0 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 1cda01f8-b05b-4b0d-8675-44eeb5290564 + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the AdGuard Family Protection DNS to Big Sur and iOS 14 based systems + PayloadDisplayName + AdGuard Family Protection DNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + FF00A616-63CE-4078-8786-800A1F357A9C + PayloadVersion + 1 + + diff --git a/profiles/alibaba-tls.mobileconfig b/profiles/alibaba-tls.mobileconfig new file mode 100644 index 0000000..41bf050 --- /dev/null +++ b/profiles/alibaba-tls.mobileconfig @@ -0,0 +1,53 @@ + + + + + PayloadContent + + + DNSSettings + + DNSProtocol + HTTPS + ServerAddresses + + 2400:3200::1 + 2400:3200:baba::1 + 223.5.5.5 + 223.6.6.6 + + ServerName + dns.alidns.com + + PayloadDescription + Configures device to use AliDNS Encrypted DNS over TLS + PayloadDisplayName + AliDNS DNS over TLS + PayloadIdentifier + com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4 + PayloadType + com.apple.dnsSettings.managed + PayloadUUID + 35d5c8a0-afa6-4b36-a9fe-099a997b44ad + PayloadVersion + 1 + ProhibitDisablement + + + + PayloadDescription + Adds the AliDNS to Big Sur and iOS 14 based systems + PayloadDisplayName + AliDNS over TLS + PayloadIdentifier + com.paulmillr.apple-dns + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 6C7F342C-930C-49D7-8FFF-750F38CE39DD + PayloadVersion + 1 + + diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-tls.mobileconfig index 9b296c8..cb4e5aa 100644 --- a/profiles/dnspod-tls.mobileconfig +++ b/profiles/dnspod-tls.mobileconfig @@ -44,7 +44,7 @@ PayloadType Configuration PayloadUUID - 030E6D6F-69A2-4515-9D77-99342CB9AE76 + 3FFF1FEC-04EB-4D2B-94AB-602EE3261D1D PayloadVersion 1 From 58daf3b92dd550900b2a2d50e290b26b2bac833c Mon Sep 17 00:00:00 2001 From: t0rzz Date: Sun, 10 Jul 2022 03:29:06 +0200 Subject: [PATCH 21/28] Update README.md Removed iOS version and MacOS version as the configuration profile work among every iOS and MacOS versions. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f547f02..1ef49e7 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hots ## Installation -To make settings work across all apps in **iOS 14** & **MacOS Big Sur**, youโ€™ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: itโ€™s not enough to simply set server IPs in System Preferences โ€” you need to install a profile. +To make settings work across all apps in **iOS** & **MacOS**, youโ€™ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: itโ€™s not enough to simply set server IPs in System Preferences โ€” you need to install a profile. To install, simply open the file in GitHub, and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. From e1794369f2d1928718fdd84b2a1283f12c16ae11 Mon Sep 17 00:00:00 2001 From: ouyangmland Date: Sun, 10 Jul 2022 10:56:54 +0800 Subject: [PATCH 22/28] Update alibaba-tls.mobileconfig --- profiles/alibaba-tls.mobileconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/alibaba-tls.mobileconfig b/profiles/alibaba-tls.mobileconfig index 41bf050..72635dd 100644 --- a/profiles/alibaba-tls.mobileconfig +++ b/profiles/alibaba-tls.mobileconfig @@ -8,7 +8,7 @@ DNSSettings DNSProtocol - HTTPS + TLS ServerAddresses 2400:3200::1 From 158158891929fa00192cc9b469e5c238731b7546 Mon Sep 17 00:00:00 2001 From: t0rzz Date: Sun, 10 Jul 2022 18:15:47 +0200 Subject: [PATCH 23/28] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added an essential requirement to get the profile to install: use Safari when clicking on the profile, otherwise it wonโ€™t ask for installation. Firefox or Chrome on iOS will just download the file and wonโ€™t ask for installation. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1ef49e7..4b52d3a 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hots To make settings work across all apps in **iOS** & **MacOS**, youโ€™ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: itโ€™s not enough to simply set server IPs in System Preferences โ€” you need to install a profile. -To install, simply open the file in GitHub, and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. +To install, simply open the file in GitHub by using Safari (other browsers will just download the file and won't ask for installation), and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the โ€œInstallโ€ button. ## Signed Profiles From ab54354e9cba82d670802bda5781ef4f07786dfe Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sun, 24 Jul 2022 14:42:15 +0200 Subject: [PATCH 24/28] Update README.md --- README.md | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 4b52d3a..3e85a16 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,19 @@ # encrypted-dns-configs -Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). +Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile). -Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile). +## Caveats + +Good news: starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. There are still some other issues; we can't fix them, only Apple can: + +- [Little Snitch / Lulu disable Encrypted DNS](https://github.com/paulmillr/encrypted-dns/issues/13) +- [Some traffic e.g. Terminal / App Store is except from EDNS](https://github.com/paulmillr/encrypted-dns/issues/22) +- [Chrome is exempt from eDNS](https://github.com/paulmillr/encrypted-dns/issues/19) +- [VPN disable eDNS](https://github.com/paulmillr/encrypted-dns/issues/18) ## Providers `Censorship=yes` means the profile will not send true information about `hostname=IP` relation for some hosts. -All profiles include a *Wi-Fi-only* exception for `http://captive.apple.com/hotspot-detect.html` in order for hotel/cafe networks to work properly. - | Name | Country | Censorship | Notes | Install button | |---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | AdGuard Default | ๐Ÿ‡ท๐Ÿ‡บ | Yes | [Operated](https://adguard-dns.io/kb/general/dns-providers/#default) by AdGuard (Filters ads, tracking & phishing) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig) | @@ -54,12 +59,3 @@ To verify resolver IPs and hostnames, compare mobileconfig files to their docume ## Contributing a new profile Profiles are basically text files. Copy an existing one and change its UUID, for example, by generating a new one online. Make sure you update README with new profile's info. - -## Known issues - -We can't fix the issues, only Apple can: - -- [Little Snitch / Lulu disable Encrypted DNS](https://github.com/paulmillr/encrypted-dns/issues/13) -- [Some traffic e.g. Terminal / App Store is except from EDNS](https://github.com/paulmillr/encrypted-dns/issues/22) -- [Chrome is except from EDNS](https://github.com/paulmillr/encrypted-dns/issues/19) -- [VPN disable EDNS](https://github.com/paulmillr/encrypted-dns/issues/18) From 2241a472880ae7dd7cfc64e7d1360b3492604edd Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sun, 24 Jul 2022 14:44:37 +0200 Subject: [PATCH 25/28] Update README.md --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3e85a16..88009f0 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,8 @@ Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_ov Good news: starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. There are still some other issues; we can't fix them, only Apple can: -- [Little Snitch / Lulu disable Encrypted DNS](https://github.com/paulmillr/encrypted-dns/issues/13) -- [Some traffic e.g. Terminal / App Store is except from EDNS](https://github.com/paulmillr/encrypted-dns/issues/22) -- [Chrome is exempt from eDNS](https://github.com/paulmillr/encrypted-dns/issues/19) -- [VPN disable eDNS](https://github.com/paulmillr/encrypted-dns/issues/18) +- eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18) +- Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19) ## Providers From 5f64f8a4996c24f28b62e620eb4a24296bf86326 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sun, 24 Jul 2022 14:46:40 +0200 Subject: [PATCH 26/28] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 88009f0..b9e557f 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@ # encrypted-dns-configs Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) and info about [contributing a new profile](#contributing-a-new-profile). -## Caveats +### Caveats -Good news: starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. There are still some other issues; we can't fix them, only Apple can: +DoH seems to work faster & better than DoT judging from the [Google's article](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html). + +Starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news. There are still some other issues; we can't fix them, only Apple can: - eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18) - Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19) From c416f8240aea455b65f1a9e8173fbd22e66f74cc Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Thu, 22 Sep 2022 19:36:30 +0000 Subject: [PATCH 27/28] Enable GitHub Sponsors --- .github/funding.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/funding.yml diff --git a/.github/funding.yml b/.github/funding.yml new file mode 100644 index 0000000..43f16ab --- /dev/null +++ b/.github/funding.yml @@ -0,0 +1,2 @@ +github: paulmillr +# custom: https://paulmillr.com/funding/ \ No newline at end of file From 69196a6b6a5e3a418e56487eba56cf21acb2bca1 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Wed, 7 Dec 2022 13:30:25 +0100 Subject: [PATCH 28/28] Tor --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b9e557f..a471c85 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ Starting from iOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Ca - eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18) - Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19) +If you need even more privacy, check out [encrypted-dns over TOR](https://github.com/alecmuffett/dohot). + ## Providers `Censorship=yes` means the profile will not send true information about `hostname=IP` relation for some hosts.