mirror of
https://github.com/paulmillr/encrypted-dns.git
synced 2026-02-12 09:12:52 +00:00
Paul Miller
@@ -47,6 +47,7 @@
|
||||
| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] |
|
||||
| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由腾讯公司 DNSPod 运营 | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
|
||||
| [FDN][fdn-dns] | 🇫🇷 | 否 | 由法国数据网络运营 | | [HTTPS][fdn-https], [TLS][fdn-tls] |
|
||||
| [FFMUC-DNS][ffmucdns] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] |
|
||||
| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌公司运营 | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
|
||||
| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex 运营,拦截广告和跟踪器 | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
|
||||
| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营 | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
|
||||
@@ -203,6 +204,9 @@ New-Guid
|
||||
[dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public
|
||||
[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
|
||||
[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
|
||||
[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en
|
||||
[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig
|
||||
[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig
|
||||
[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
|
||||
[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
|
||||
[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
|
||||
|
||||
@@ -47,6 +47,7 @@
|
||||
| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] |
|
||||
| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由騰訊公司 DNSPod 營運 | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
|
||||
| [FDN][fdn-dns] | 🇫🇷 | 否 | 由法國資料網路營運 | | [HTTPS][fdn-https], [TLS][fdn-tls] |
|
||||
| [FFMUC-DNS][ffmucdns] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] |
|
||||
| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌公司營運 | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
|
||||
| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex 營運,阻擋廣告和追蹤器 | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
|
||||
| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運 | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
|
||||
@@ -203,6 +204,9 @@ New-Guid
|
||||
[dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public
|
||||
[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
|
||||
[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
|
||||
[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en
|
||||
[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig
|
||||
[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig
|
||||
[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
|
||||
[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
|
||||
[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
|
||||
|
||||
@@ -48,6 +48,7 @@ Check out [encrypted-dns over TOR](https://github.com/alecmuffett/dohot) if you
|
||||
| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] |
|
||||
| [DNSPod Public DNS][dnspod-dns] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
|
||||
| [FDN][fdn-dns] | 🇫🇷 | No | Operated by French Data Network | | [HTTPS][fdn-https], [TLS][fdn-tls] |
|
||||
| [FFMUC-DNS][ffmucdns] | 🇩🇪 | No | FFMUC free DNS servers provided by Freifunk München. | | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] |
|
||||
| [Google Public DNS][google-dns] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
|
||||
| [keweonDNS][keweondns] | 🇩🇪 | No | Operated by Aviontex. Blocks ads & tracking | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
|
||||
| [Mullvad DNS][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
|
||||
@@ -217,6 +218,9 @@ New-Guid
|
||||
[dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public
|
||||
[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
|
||||
[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
|
||||
[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en
|
||||
[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig
|
||||
[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig
|
||||
[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
|
||||
[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
|
||||
[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
|
||||
|
||||
@@ -11,8 +11,8 @@ Profiles are generated from easily editable `.json` files. Check out `providers`
|
||||
Check out [encrypted-dns over TOR](https://github.com/alecmuffett/dohot) if you need more privacy. Known issues (we can't fix them, maybe Apple can):
|
||||
|
||||
- eDNS gets disabled: [Little Snitch & Lulu](https://github.com/paulmillr/encrypted-dns/issues/13), [VPN](https://github.com/paulmillr/encrypted-dns/issues/18)
|
||||
- Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19)
|
||||
- Starting from iOS & iPadOS 15.5, [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication. This is good news.
|
||||
- Some traffic is exempt from eDNS: [Terminal / App Store](https://github.com/paulmillr/encrypted-dns/issues/22), [Chrome](https://github.com/paulmillr/encrypted-dns/issues/19) - this is bad
|
||||
- [Wi-Fi captive portals](https://en.wikipedia.org/wiki/Captive_portal) in cafes, hotels, airports are exempted by Apple from eDNS rules; to simplify authentication - this is good
|
||||
- TLS DNS is blocked more often by ISPs than HTTPS, because TLS uses non-standard port 853, which is easy to filter out.
|
||||
See [Google's article](https://security.googleblog.com/2022/07/dns-over-http3-in-android.html)
|
||||
|
||||
@@ -68,7 +68,9 @@ You can optionally exclude some trusted Wi-Fi networks where you don't want to u
|
||||
|
||||
## Contributing a new profile
|
||||
|
||||
Profiles are basically text files. Copy an existing one and change its UUID, make sure you update README with new profile's info.
|
||||
Profiles are generated from easily editable `.json` files. Check out `providers` directory to add or edit a new profile.
|
||||
|
||||
Copy an existing one and change its UUID, make sure you update README with new profile's info.
|
||||
|
||||
In addition to generating online, there are many other ways to generate a random UUID:
|
||||
|
||||
|
||||
53
profiles/ffmucdns-https.mobileconfig
Normal file
53
profiles/ffmucdns-https.mobileconfig
Normal file
@@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>PayloadContent</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>DNSSettings</key>
|
||||
<dict>
|
||||
<key>DNSProtocol</key>
|
||||
<string>HTTPS</string>
|
||||
<key>ServerAddresses</key>
|
||||
<array>
|
||||
<string>2001:678:e68:f000::</string>
|
||||
<string>2001:678:ed0:f000::</string>
|
||||
<string>5.1.66.255</string>
|
||||
<string>185.150.99.255</string>
|
||||
</array>
|
||||
<key>ServerURL</key>
|
||||
<string>https://doh.ffmuc.net/dns-query</string>
|
||||
</dict>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Configures device to use FFMUC-DNS Encrypted DNS over HTTPS</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>FFMUC DNS over HTTPS</string>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>com.apple.dnsSettings.managed.3b0c0dcc-d377-48fb-a222-019f42867461</string>
|
||||
<key>PayloadType</key>
|
||||
<string>com.apple.dnsSettings.managed</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>a9167fd8-e278-4c62-8c89-12f171617446</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
<key>ProhibitDisablement</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</array>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Adds the FFMUC DNS to Big Sur and iOS 14 based systems</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>FFMUC Encrypted DNS over HTTPS</string>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>com.paulmillr.apple-dns</string>
|
||||
<key>PayloadRemovalDisallowed</key>
|
||||
<false/>
|
||||
<key>PayloadType</key>
|
||||
<string>Configuration</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>f9186f3a-edbc-422e-9d3c-31956c67fd14</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
</dict>
|
||||
</plist>
|
||||
53
profiles/ffmucdns-tls.mobileconfig
Normal file
53
profiles/ffmucdns-tls.mobileconfig
Normal file
@@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>PayloadContent</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>DNSSettings</key>
|
||||
<dict>
|
||||
<key>DNSProtocol</key>
|
||||
<string>TLS</string>
|
||||
<key>ServerAddresses</key>
|
||||
<array>
|
||||
<string>2001:678:e68:f000::</string>
|
||||
<string>2001:678:ed0:f000::</string>
|
||||
<string>5.1.66.255</string>
|
||||
<string>185.150.99.255</string>
|
||||
</array>
|
||||
<key>ServerName</key>
|
||||
<string>dot.ffmuc.net</string>
|
||||
</dict>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Configures device to use FFMUC-DNS Encrypted DNS over TLS</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>FFMUC DNS over TLS</string>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>com.apple.dnsSettings.managed.69866750-1580-4f0f-90db-bd10da1ce3df</string>
|
||||
<key>PayloadType</key>
|
||||
<string>com.apple.dnsSettings.managed</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>35022acf-0422-4523-a0aa-41f0747037ad</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
<key>ProhibitDisablement</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</array>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Adds the FFMUC DNS to Big Sur and iOS 14 based systems</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>FFMUC Encrypted DNS over TLS</string>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>com.paulmillr.apple-dns</string>
|
||||
<key>PayloadRemovalDisallowed</key>
|
||||
<false/>
|
||||
<key>PayloadType</key>
|
||||
<string>Configuration</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>386ffdff-bb84-499f-bfb4-10b4ea229ee8</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
</dict>
|
||||
</plist>
|
||||
51
providers/36-ffmuc-dns.json
Normal file
51
providers/36-ffmuc-dns.json
Normal file
@@ -0,0 +1,51 @@
|
||||
{
|
||||
"id": "ffmucdns",
|
||||
"profile": "ffmuc-profile",
|
||||
"website": "https://ffmuc.net/wiki/knb:dohdot_en",
|
||||
"region": "DE",
|
||||
"censorship": false,
|
||||
"names": {
|
||||
"en": "FFMUC-DNS",
|
||||
"cmn-CN": "FFMUC-DNS",
|
||||
"cmn-TW": "FFMUC-DNS"
|
||||
},
|
||||
"notes": {
|
||||
"en": "FFMUC free DNS servers provided by Freifunk München.",
|
||||
"cmn-CN": "",
|
||||
"cmn-TW": ""
|
||||
},
|
||||
"https": {
|
||||
"name": "FFMUC-DNS Encrypted DNS over HTTPS",
|
||||
"fullName": "FFMUC DNS",
|
||||
"topName": "FFMUC Encrypted DNS over HTTPS",
|
||||
"PayloadDisplayName": "FFMUC DNS over HTTPS",
|
||||
"DNSProtocol": "HTTPS",
|
||||
"ServerURLOrName": "https://doh.ffmuc.net/dns-query",
|
||||
"ServerAddresses": [
|
||||
"2001:678:e68:f000::",
|
||||
"2001:678:ed0:f000::",
|
||||
"5.1.66.255",
|
||||
"185.150.99.255"
|
||||
],
|
||||
"PayloadIdentifier": "com.apple.dnsSettings.managed.3b0c0dcc-d377-48fb-a222-019f42867461",
|
||||
"PayloadUUID": "a9167fd8-e278-4c62-8c89-12f171617446",
|
||||
"TopPayloadUUID": "f9186f3a-edbc-422e-9d3c-31956c67fd14"
|
||||
},
|
||||
"tls": {
|
||||
"name": "FFMUC-DNS Encrypted DNS over TLS",
|
||||
"fullName": "FFMUC DNS",
|
||||
"topName": "FFMUC Encrypted DNS over TLS",
|
||||
"PayloadDisplayName": "FFMUC DNS over TLS",
|
||||
"DNSProtocol": "TLS",
|
||||
"ServerURLOrName": "dot.ffmuc.net",
|
||||
"ServerAddresses": [
|
||||
"2001:678:e68:f000::",
|
||||
"2001:678:ed0:f000::",
|
||||
"5.1.66.255",
|
||||
"185.150.99.255"
|
||||
],
|
||||
"PayloadIdentifier": "com.apple.dnsSettings.managed.69866750-1580-4f0f-90db-bd10da1ce3df",
|
||||
"PayloadUUID": "35022acf-0422-4523-a0aa-41f0747037ad",
|
||||
"TopPayloadUUID": "386ffdff-bb84-499f-bfb4-10b4ea229ee8"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user