diff --git a/.gitignore b/.gitignore
index 457fe79..bed6624 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1 @@
-certs/cert.pem
-certs/chain.pem
-certs/fullchain.pem
-certs/privkey.pem
-certs/README
+/src/certificates
diff --git a/README.cmn-CN.md b/README.cmn-CN.md
index 3377d83..210613a 100644
--- a/README.cmn-CN.md
+++ b/README.cmn-CN.md
@@ -19,45 +19,45 @@
“`审查=是`”表示描述文件不会发送某些主机“`主机名=IP`”关系的真实信息。
-| 名称 | 区域 | 审查 | 备注 | 安装 | 安装 (未签名) |
-| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- |
-| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 数字安全集团运营 | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] |
-| [AdGuard DNS 默认][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站 | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
-| [AdGuard DNS 家庭保护][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容 | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
-| [AdGuard DNS 无过滤][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 运营,无过滤 | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
-| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由个人提供 | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] |
-| [阿里云公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里云计算运营 | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
-| [BlahDNS CDN 过滤][blahdns] | 🇺🇸 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] |
-| [BlahDNS CDN 无过滤][blahdns] | 🇺🇸 | 否 | 由个人提供,无过滤 | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
-| [BlahDNS 德国][blahdns] | 🇩🇪 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] |
-| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] |
-| [Canadian Shield 私人][canadian-shield] | 🇨🇦 | 否 | 由加拿大互联网注册管理局 (CIRA) 运营 | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
-| [Canadian Shield 保护][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件和钓鱼网站 | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
-| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
-| [Cleanbrowsing 家庭过滤器][cleanbrowsing] | 🇺🇸 | 是 | 过滤恶意软件、成人内容和混合内容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] |
-| [Cleanbrowsing 成人过滤器][cleanbrowsing] | 🇺🇸 | 是 | 过滤恶意软件和成人内容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] |
-| [Cleanbrowsing 安全过滤器][cleanbrowsing] | 🇺🇸 | 是 | 过滤恶意软件 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] |
-| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 公司运营 | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
-| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件和钓鱼网站 | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] |
-| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] |
-| [DNS4EU][dns4eu] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-profile-https-signed], [TLS][dns4eu-profile-tls-signed] | [HTTPS][dns4eu-profile-https], [TLS][dns4eu-profile-tls] |
-| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-profile-malware-https-signed], [TLS][dns4eu-profile-malware-tls-signed] | [HTTPS][dns4eu-profile-malware-https], [TLS][dns4eu-profile-malware-tls] |
-| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-profile-protective-ads-https-signed], [TLS][dns4eu-profile-protective-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-ads-https], [TLS][dns4eu-profile-protective-ads-tls] |
-| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-profile-protective-child-https-signed], [TLS][dns4eu-profile-protective-child-tls-signed] | [HTTPS][dns4eu-profile-protective-child-https], [TLS][dns4eu-profile-protective-child-tls] |
-| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-profile-protective-child-ads-https-signed], [TLS][dns4eu-profile-protective-child-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] |
-| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由腾讯公司 DNSPod 运营 | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
-| [FDN][fdn-dns] | 🇫🇷 | 否 | 由法国数据网络运营 | [HTTPS][fdn-https-signed], [TLS][fdn-tls-signed] | [HTTPS][fdn-https], [TLS][fdn-tls] |
-| [FFMUC-DNS][ffmucdns] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-profile-https-signed], [TLS][ffmuc-profile-tls-signed] | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] |
-| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌公司运营 | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
-| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex 运营,拦截广告和跟踪器 | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
-| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营 | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
-| [Mullvad DNS 广告拦截][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营,拦截广告和跟踪器 | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] |
-| [OpenDNS 标准版][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 运营 | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] |
-| [OpenDNS 家庭盾][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 运营,拦截恶意软件和成人内容 | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] |
-| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,拦截恶意软件 | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
-| [Quad9 带 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,支持 ECS,拦截恶意软件 | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
-| [Quad9 无过滤][quad9] | 🇨🇭 | 否 | 由 Quad9 基金会运营 | [HTTPS][quad9-profile-unfiltered-https-signed], [TLS][quad9-profile-unfiltered-tls-signed] | [HTTPS][quad9-profile-unfiltered-https], [TLS][quad9-profile-unfiltered-tls] |
-| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件 | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
+| 名称 | 区域 | 审查 | 备注 | 安装 | 安装 (未签名) |
+| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
+| [360 安全 DNS][360-default] | 🇨🇳 | 是 | 由 360 数字安全集团运营 | [HTTPS][360-default-https-signed] | [HTTPS][360-default-https] |
+| [AdGuard DNS 默认][adguard-default] | 🇷🇺 | 是 | 由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站 | [HTTPS][adguard-default-https-signed], [TLS][adguard-default-tls-signed] | [HTTPS][adguard-default-https], [TLS][adguard-default-tls] |
+| [AdGuard DNS 家庭保护][adguard-family] | 🇷🇺 | 是 | 由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容 | [HTTPS][adguard-family-https-signed], [TLS][adguard-family-tls-signed] | [HTTPS][adguard-family-https], [TLS][adguard-family-tls] |
+| [AdGuard DNS 无过滤][adguard-nofilter] | 🇷🇺 | 否 | 由 AdGuard 运营,无过滤 | [HTTPS][adguard-nofilter-https-signed], [TLS][adguard-nofilter-tls-signed] | [HTTPS][adguard-nofilter-https], [TLS][adguard-nofilter-tls] |
+| [Alekberg 加密 DNS][alekberg-default] | 🇳🇱 | 否 | 由个人提供 | [HTTPS][alekberg-default-https-signed] | [HTTPS][alekberg-default-https] |
+| [阿里云公共 DNS][alibaba-default] | 🇨🇳 | 否 | 由阿里云计算运营 | [HTTPS][alibaba-default-https-signed], [TLS][alibaba-default-tls-signed] | [HTTPS][alibaba-default-https], [TLS][alibaba-default-tls] |
+| [BlahDNS CDN 过滤][blahdns-cdn-adblock] | 🇺🇸 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-cdn-adblock-https-signed] | [HTTPS][blahdns-cdn-adblock-https] |
+| [BlahDNS CDN 无过滤][blahdns-cdn-unfiltered] | 🇺🇸 | 否 | 由个人提供,无过滤 | [HTTPS][blahdns-cdn-unfiltered-https-signed] | [HTTPS][blahdns-cdn-unfiltered-https] |
+| [BlahDNS 德国][blahdns-germany] | 🇩🇪 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-germany-https-signed] | [HTTPS][blahdns-germany-https] |
+| [BlahDNS 新加坡][blahdns-singapore] | 🇸🇬 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-singapore-https-signed] | [HTTPS][blahdns-singapore-https] |
+| [Canadian Shield 私人][canadianshield-private] | 🇨🇦 | 否 | 由加拿大互联网注册管理局 (CIRA) 运营 | [HTTPS][canadianshield-private-https-signed], [TLS][canadianshield-private-tls-signed] | [HTTPS][canadianshield-private-https], [TLS][canadianshield-private-tls] |
+| [Canadian Shield 保护][canadianshield-protected] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件和钓鱼网站 | [HTTPS][canadianshield-protected-https-signed], [TLS][canadianshield-protected-tls-signed] | [HTTPS][canadianshield-protected-https], [TLS][canadianshield-protected-tls] |
+| [Canadian Shield 家庭][canadianshield-family] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][canadianshield-family-https-signed], [TLS][canadianshield-family-tls-signed] | [HTTPS][canadianshield-family-https], [TLS][canadianshield-family-tls] |
+| [Cleanbrowsing 家庭过滤器][cleanbrowsing-family] | 🇺🇸 | 是 | 过滤恶意软件、成人内容和混合内容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] |
+| [Cleanbrowsing 成人过滤器][cleanbrowsing-adult] | 🇺🇸 | 是 | 过滤恶意软件和成人内容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] |
+| [Cleanbrowsing 安全过滤器][cleanbrowsing-security] | 🇺🇸 | 是 | 过滤恶意软件 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] |
+| [Cloudflare 1.1.1.1][cloudflare-default] | 🇺🇸 | 否 | 由 Cloudflare 公司运营 | [HTTPS][cloudflare-default-https-signed], [TLS][cloudflare-default-tls-signed] | [HTTPS][cloudflare-default-https], [TLS][cloudflare-default-tls] |
+| [Cloudflare 1.1.1.1 安全][cloudflare-malware] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件和钓鱼网站 | [HTTPS][cloudflare-malware-https-signed] | [HTTPS][cloudflare-malware-https] |
+| [Cloudflare 1.1.1.1 家庭][cloudflare-family] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][cloudflare-family-https-signed] | [HTTPS][cloudflare-family-https] |
+| [DNS4EU][dns4eu-default] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-default-https-signed], [TLS][dns4eu-default-tls-signed] | [HTTPS][dns4eu-default-https], [TLS][dns4eu-default-tls] |
+| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-malware-https-signed], [TLS][dns4eu-malware-tls-signed] | [HTTPS][dns4eu-malware-https], [TLS][dns4eu-malware-tls] |
+| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-protective-ads-https-signed], [TLS][dns4eu-protective-ads-tls-signed] | [HTTPS][dns4eu-protective-ads-https], [TLS][dns4eu-protective-ads-tls] |
+| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-protective-child-https-signed], [TLS][dns4eu-protective-child-tls-signed] | [HTTPS][dns4eu-protective-child-https], [TLS][dns4eu-protective-child-tls] |
+| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-protective-child-ads-https-signed], [TLS][dns4eu-protective-child-ads-tls-signed] | [HTTPS][dns4eu-protective-child-ads-https], [TLS][dns4eu-protective-child-ads-tls] |
+| [DNSPod 公共 DNS][dnspod-default] | 🇨🇳 | 否 | 由腾讯公司 DNSPod 运营 | [HTTPS][dnspod-default-https-signed], [TLS][dnspod-default-tls-signed] | [HTTPS][dnspod-default-https], [TLS][dnspod-default-tls] |
+| [FDN][fdn-default] | 🇫🇷 | 否 | 由法国数据网络运营 | [HTTPS][fdn-default-https-signed], [TLS][fdn-default-tls-signed] | [HTTPS][fdn-default-https], [TLS][fdn-default-tls] |
+| [FFMUC-DNS][ffmuc-dns-default] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-dns-default-https-signed], [TLS][ffmuc-dns-default-tls-signed] | [HTTPS][ffmuc-dns-default-https], [TLS][ffmuc-dns-default-tls] |
+| [Google 公共 DNS][google-default] | 🇺🇸 | 否 | 由谷歌公司运营 | [HTTPS][google-default-https-signed], [TLS][google-default-tls-signed] | [HTTPS][google-default-https], [TLS][google-default-tls] |
+| [keweonDNS][keweondns-default] | 🇩🇪 | 否 | 由 Aviontex 运营,拦截广告和跟踪器 | [HTTPS][keweondns-default-https-signed], [TLS][keweondns-default-tls-signed] | [HTTPS][keweondns-default-https], [TLS][keweondns-default-tls] |
+| [Mullvad DNS][mullvad-default] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营 | [HTTPS][mullvad-default-https-signed] | [HTTPS][mullvad-default-https] |
+| [Mullvad DNS 广告拦截][mullvad-adblock] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营,拦截广告和跟踪器 | [HTTPS][mullvad-adblock-https-signed] | [HTTPS][mullvad-adblock-https] |
+| [OpenDNS 标准版][opendns-default] | 🇺🇸 | 否 | 由思科 OpenDNS 运营 | [HTTPS][opendns-default-https-signed] | [HTTPS][opendns-default-https] |
+| [OpenDNS 家庭盾][opendns-family] | 🇺🇸 | 是 | 由思科 OpenDNS 运营,拦截恶意软件和成人内容 | [HTTPS][opendns-family-https-signed] | [HTTPS][opendns-family-https] |
+| [Quad9][quad9-default] | 🇨🇭 | 是 | 由 Quad9 基金会运营,拦截恶意软件 | [HTTPS][quad9-default-https-signed], [TLS][quad9-default-tls-signed] | [HTTPS][quad9-default-https], [TLS][quad9-default-tls] |
+| [Quad9 带 ECS][quad9-ECS] | 🇨🇭 | 是 | 由 Quad9 基金会运营,支持 ECS,拦截恶意软件 | [HTTPS][quad9-ECS-https-signed], [TLS][quad9-ECS-tls-signed] | [HTTPS][quad9-ECS-https], [TLS][quad9-ECS-tls] |
+| [Quad9 无过滤][quad9-nofilter] | 🇨🇭 | 否 | 由 Quad9 基金会运营 | [HTTPS][quad9-nofilter-https-signed], [TLS][quad9-nofilter-tls-signed] | [HTTPS][quad9-nofilter-https], [TLS][quad9-nofilter-tls] |
+| [Tiarap][tiarapp-default] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件 | [HTTPS][tiarapp-default-https-signed], [TLS][tiarapp-default-tls-signed] | [HTTPS][tiarapp-default-https], [TLS][tiarapp-default-tls] |
## 安装
@@ -120,152 +120,164 @@ cat /proc/sys/kernel/random/uuid
New-Guid
```
-[360-dns]: https://sdns.360.net/dnsPublic.html
-[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
-[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default
-[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
-[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
-[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
-[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
-[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
-[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
-[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
-[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
-[alekberg-dns]: https://alekberg.net
-[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
-[aliyun-dns]: https://www.alidns.com/
-[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
-[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
-[blahdns]: https://blahdns.com/
-[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig
-[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig
-[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig
-[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig
-[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
-[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
-[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
-[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
-[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
-[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
-[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
-[cleanbrowsing]: https://cleanbrowsing.org/filters/
+[360-default]: https://sdns.360.net/dnsPublic.html
+[360-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-default-https.mobileconfig
+[adguard-default]: https://adguard-dns.io/kb/general/dns-providers/#default
+[adguard-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
+[adguard-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
+[adguard-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
+[adguard-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
+[adguard-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
+[adguard-nofilter]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
+[adguard-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
+[adguard-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
+[alekberg-default]: https://alekberg.net
+[alekberg-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-default-https.mobileconfig
+[alibaba-default]: https://www.alidns.com/
+[alibaba-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-https.mobileconfig
+[alibaba-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-tls.mobileconfig
+[blahdns-cdn-adblock]: https://blahdns.com/
+[blahdns-cdn-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig
+[blahdns-cdn-unfiltered]: https://blahdns.com/
+[blahdns-cdn-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig
+[blahdns-germany]: https://blahdns.com/
+[blahdns-germany-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig
+[blahdns-singapore]: https://blahdns.com/
+[blahdns-singapore-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig
+[canadianshield-private]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-private-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
+[canadianshield-private-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
+[canadianshield-protected]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-protected-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
+[canadianshield-protected-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
+[canadianshield-family]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
+[canadianshield-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
+[cleanbrowsing-family]: https://cleanbrowsing.org/filters/
[cleanbrowsing-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig
[cleanbrowsing-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig
+[cleanbrowsing-adult]: https://cleanbrowsing.org/filters/
[cleanbrowsing-adult-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig
[cleanbrowsing-adult-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig
+[cleanbrowsing-security]: https://cleanbrowsing.org/filters/
[cleanbrowsing-security-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig
[cleanbrowsing-security-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig
-[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
-[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
-[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
-[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
-[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
-[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
-[dnspod-dns]: https://www.dnspod.com/products/public.dns
-[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
-[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
-[fdn-dns]: https://www.fdn.fr/actions/dns/
-[fdn-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-https.mobileconfig
-[fdn-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-tls.mobileconfig
-[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports
-[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
-[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
-[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
-[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-https.mobileconfig
-[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-tls.mobileconfig
-[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
-[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-https.mobileconfig
-[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig
-[opendns]: https://support.opendns.com/hc/articles/360038086532
-[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
-[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
-[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
-[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
-[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
-[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
-[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
-[quad9-profile-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig
-[quad9-profile-unfiltered-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig
-[tiarap]: https://doh.tiar.app
-[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
-[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig
-[dns4eu]: https://www.joindns4.eu/for-public
-[dns4eu-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-https.mobileconfig
-[dns4eu-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-tls.mobileconfig
+[cloudflare-default]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-https.mobileconfig
+[cloudflare-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-tls.mobileconfig
+[cloudflare-malware]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
+[cloudflare-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
+[cloudflare-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
+[dns4eu-default]: https://www.joindns4.eu/for-public
+[dns4eu-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-https.mobileconfig
+[dns4eu-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-tls.mobileconfig
[dns4eu-malware]: https://www.joindns4.eu/for-public
-[dns4eu-profile-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig
-[dns4eu-profile-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig
+[dns4eu-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig
+[dns4eu-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig
[dns4eu-protective-ads]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig
-[dns4eu-profile-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig
+[dns4eu-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig
+[dns4eu-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig
[dns4eu-protective-child]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig
-[dns4eu-profile-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig
+[dns4eu-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig
+[dns4eu-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig
[dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
-[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
-[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en
-[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig
-[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig
-[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
-[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
-[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
-[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
-[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
-[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
-[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
-[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig
-[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig
-[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig
-[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig
-[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig
-[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig
-[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig
-[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
-[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
-[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
-[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
-[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
-[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
+[dns4eu-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
+[dns4eu-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
+[dnspod-default]: https://www.dnspod.com/products/public.dns
+[dnspod-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-https.mobileconfig
+[dnspod-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-tls.mobileconfig
+[fdn-default]: https://www.fdn.fr/actions/dns/
+[fdn-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-https.mobileconfig
+[fdn-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-tls.mobileconfig
+[ffmuc-dns-default]: https://ffmuc.net/wiki/knb:dohdot_en
+[ffmuc-dns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-https.mobileconfig
+[ffmuc-dns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-tls.mobileconfig
+[google-default]: https://developers.google.com/speed/public-dns/docs/secure-transports
+[google-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-https.mobileconfig
+[google-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-tls.mobileconfig
+[keweondns-default]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
+[keweondns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-https.mobileconfig
+[keweondns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-tls.mobileconfig
+[mullvad-default]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-default-https.mobileconfig
+[mullvad-adblock]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig
+[opendns-default]: https://support.opendns.com/hc/articles/360038086532
+[opendns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-default-https.mobileconfig
+[opendns-family]: https://support.opendns.com/hc/articles/360038086532
+[opendns-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
+[quad9-default]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-https.mobileconfig
+[quad9-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-tls.mobileconfig
+[quad9-ECS]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-ECS-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
+[quad9-ECS-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
+[quad9-nofilter]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig
+[quad9-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig
+[tiarapp-default]: https://doh.tiar.app
+[tiarapp-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-https.mobileconfig
+[tiarapp-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-tls.mobileconfig
+[360-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-default-https.mobileconfig
+[adguard-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
+[adguard-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
+[adguard-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
+[adguard-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
+[adguard-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
+[adguard-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
+[alekberg-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-default-https.mobileconfig
+[alibaba-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-https.mobileconfig
+[alibaba-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-tls.mobileconfig
+[blahdns-cdn-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig
+[blahdns-cdn-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig
+[blahdns-germany-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig
+[blahdns-singapore-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig
+[canadianshield-private-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
+[canadianshield-private-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
+[canadianshield-protected-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
+[canadianshield-protected-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
+[canadianshield-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
+[canadianshield-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
[cleanbrowsing-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-https.mobileconfig
[cleanbrowsing-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-tls.mobileconfig
[cleanbrowsing-adult-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-https.mobileconfig
[cleanbrowsing-adult-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-tls.mobileconfig
[cleanbrowsing-security-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-https.mobileconfig
[cleanbrowsing-security-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-tls.mobileconfig
-[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig
-[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig
-[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
-[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
-[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig
-[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig
-[fdn-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-https.mobileconfig
-[fdn-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-tls.mobileconfig
-[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig
-[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig
-[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-https.mobileconfig
-[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-tls.mobileconfig
-[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-https.mobileconfig
-[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig
-[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig
-[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
-[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig
-[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig
-[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
-[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
-[quad9-profile-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig
-[quad9-profile-unfiltered-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig
-[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig
-[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig
-[dns4eu-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-https.mobileconfig
-[dns4eu-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-tls.mobileconfig
-[dns4eu-profile-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig
-[dns4eu-profile-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig
-[dns4eu-profile-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig
-[dns4eu-profile-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig
-[dns4eu-profile-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig
-[dns4eu-profile-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig
-[dns4eu-profile-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig
-[dns4eu-profile-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig
-[ffmuc-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-https.mobileconfig
-[ffmuc-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-tls.mobileconfig
+[cloudflare-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-https.mobileconfig
+[cloudflare-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-tls.mobileconfig
+[cloudflare-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
+[cloudflare-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
+[dns4eu-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-https.mobileconfig
+[dns4eu-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-tls.mobileconfig
+[dns4eu-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig
+[dns4eu-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig
+[dns4eu-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig
+[dns4eu-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig
+[dns4eu-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig
+[dns4eu-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig
+[dns4eu-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig
+[dns4eu-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig
+[dnspod-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-https.mobileconfig
+[dnspod-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-tls.mobileconfig
+[fdn-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-https.mobileconfig
+[fdn-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-tls.mobileconfig
+[ffmuc-dns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-https.mobileconfig
+[ffmuc-dns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-tls.mobileconfig
+[google-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-https.mobileconfig
+[google-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-tls.mobileconfig
+[keweondns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-https.mobileconfig
+[keweondns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-tls.mobileconfig
+[mullvad-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-default-https.mobileconfig
+[mullvad-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig
+[opendns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-default-https.mobileconfig
+[opendns-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
+[quad9-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-https.mobileconfig
+[quad9-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-tls.mobileconfig
+[quad9-ECS-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
+[quad9-ECS-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
+[quad9-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig
+[quad9-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig
+[tiarapp-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-https.mobileconfig
+[tiarapp-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-tls.mobileconfig
diff --git a/README.cmn-TW.md b/README.cmn-TW.md
index 7c5e522..71fa4d1 100644
--- a/README.cmn-TW.md
+++ b/README.cmn-TW.md
@@ -19,45 +19,45 @@
「`審查=是`」意味著描述檔不會發送某些主機「`主機名=IP`」關係的真實訊息。
-| 名稱 | 區域 | 審查 | 備註 | 安裝連結 | |
-| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- |
-| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 數位安全集團營運 | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] |
-| [AdGuard DNS 預設][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 營運,阻擋廣告、追蹤器和釣魚網站 | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
-| [AdGuard DNS 家庭保護][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 營運,除預設規則外,額外阻擋惡意軟體和成人內容 | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
-| [AdGuard DNS 無過濾][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 營運,無過濾 | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
-| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由個人提供 | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] |
-| [阿里雲公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里雲計算營運 | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
-| [BlahDNS CDN 過濾][blahdns] | 🇺🇸 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] |
-| [BlahDNS CDN 無過濾][blahdns] | 🇺🇸 | 否 | 由個人提供,無過濾 | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
-| [BlahDNS 德國][blahdns] | 🇩🇪 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] |
-| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] |
-| [Canadian Shield 私人][canadian-shield] | 🇨🇦 | 否 | 由加拿大網際網路註冊管理局 (CIRA) 營運 | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
-| [Canadian Shield 保護][canadian-shield] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體和釣魚網站 | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
-| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
-| [Cleanbrowsing 家庭過濾器][cleanbrowsing] | 🇺🇸 | 是 | 過濾惡意軟體、成人內容和混合內容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] |
-| [Cleanbrowsing 成人過濾器][cleanbrowsing] | 🇺🇸 | 是 | 過濾惡意軟體和成人內容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] |
-| [Cleanbrowsing 安全過濾器][cleanbrowsing] | 🇺🇸 | 是 | 過濾惡意軟體 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] |
-| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 公司營運 | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
-| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體和釣魚網站 | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] |
-| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] |
-| [DNS4EU][dns4eu] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-profile-https-signed], [TLS][dns4eu-profile-tls-signed] | [HTTPS][dns4eu-profile-https], [TLS][dns4eu-profile-tls] |
-| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-profile-malware-https-signed], [TLS][dns4eu-profile-malware-tls-signed] | [HTTPS][dns4eu-profile-malware-https], [TLS][dns4eu-profile-malware-tls] |
-| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-profile-protective-ads-https-signed], [TLS][dns4eu-profile-protective-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-ads-https], [TLS][dns4eu-profile-protective-ads-tls] |
-| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-profile-protective-child-https-signed], [TLS][dns4eu-profile-protective-child-tls-signed] | [HTTPS][dns4eu-profile-protective-child-https], [TLS][dns4eu-profile-protective-child-tls] |
-| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-profile-protective-child-ads-https-signed], [TLS][dns4eu-profile-protective-child-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] |
-| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由騰訊公司 DNSPod 營運 | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
-| [FDN][fdn-dns] | 🇫🇷 | 否 | 由法國資料網路營運 | [HTTPS][fdn-https-signed], [TLS][fdn-tls-signed] | [HTTPS][fdn-https], [TLS][fdn-tls] |
-| [FFMUC-DNS][ffmucdns] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-profile-https-signed], [TLS][ffmuc-profile-tls-signed] | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] |
-| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌公司營運 | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
-| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex 營運,阻擋廣告和追蹤器 | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
-| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運 | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
-| [Mullvad DNS 廣告阻擋][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運,阻擋廣告和追蹤器 | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] |
-| [OpenDNS 標準版][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 營運 | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] |
-| [OpenDNS 家庭盾][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 營運,阻擋惡意軟體和成人內容 | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] |
-| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會營運,阻擋惡意軟體 | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
-| [Quad9 帶 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會營運,支援 ECS,阻擋惡意軟體 | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
-| [Quad9 無過濾][quad9] | 🇨🇭 | 否 | 由 Quad9 基金會營運 | [HTTPS][quad9-profile-unfiltered-https-signed], [TLS][quad9-profile-unfiltered-tls-signed] | [HTTPS][quad9-profile-unfiltered-https], [TLS][quad9-profile-unfiltered-tls] |
-| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體 | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
+| 名稱 | 區域 | 審查 | 備註 | 安裝連結 | |
+| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
+| [360 安全 DNS][360-default] | 🇨🇳 | 是 | 由 360 數位安全集團營運 | [HTTPS][360-default-https-signed] | [HTTPS][360-default-https] |
+| [AdGuard DNS 預設][adguard-default] | 🇷🇺 | 是 | 由 AdGuard 營運,阻擋廣告、追蹤器和釣魚網站 | [HTTPS][adguard-default-https-signed], [TLS][adguard-default-tls-signed] | [HTTPS][adguard-default-https], [TLS][adguard-default-tls] |
+| [AdGuard DNS 家庭保護][adguard-family] | 🇷🇺 | 是 | 由 AdGuard 營運,除預設規則外,額外阻擋惡意軟體和成人內容 | [HTTPS][adguard-family-https-signed], [TLS][adguard-family-tls-signed] | [HTTPS][adguard-family-https], [TLS][adguard-family-tls] |
+| [AdGuard DNS 無過濾][adguard-nofilter] | 🇷🇺 | 否 | 由 AdGuard 營運,無過濾 | [HTTPS][adguard-nofilter-https-signed], [TLS][adguard-nofilter-tls-signed] | [HTTPS][adguard-nofilter-https], [TLS][adguard-nofilter-tls] |
+| [Alekberg 加密 DNS][alekberg-default] | 🇳🇱 | 否 | 由個人提供 | [HTTPS][alekberg-default-https-signed] | [HTTPS][alekberg-default-https] |
+| [阿里雲公共 DNS][alibaba-default] | 🇨🇳 | 否 | 由阿里雲計算營運 | [HTTPS][alibaba-default-https-signed], [TLS][alibaba-default-tls-signed] | [HTTPS][alibaba-default-https], [TLS][alibaba-default-tls] |
+| [BlahDNS CDN 過濾][blahdns-cdn-adblock] | 🇺🇸 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-cdn-adblock-https-signed] | [HTTPS][blahdns-cdn-adblock-https] |
+| [BlahDNS CDN 無過濾][blahdns-cdn-unfiltered] | 🇺🇸 | 否 | 由個人提供,無過濾 | [HTTPS][blahdns-cdn-unfiltered-https-signed] | [HTTPS][blahdns-cdn-unfiltered-https] |
+| [BlahDNS 德國][blahdns-germany] | 🇩🇪 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-germany-https-signed] | [HTTPS][blahdns-germany-https] |
+| [BlahDNS 新加坡][blahdns-singapore] | 🇸🇬 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-singapore-https-signed] | [HTTPS][blahdns-singapore-https] |
+| [Canadian Shield 私人][canadianshield-private] | 🇨🇦 | 否 | 由加拿大網際網路註冊管理局 (CIRA) 營運 | [HTTPS][canadianshield-private-https-signed], [TLS][canadianshield-private-tls-signed] | [HTTPS][canadianshield-private-https], [TLS][canadianshield-private-tls] |
+| [Canadian Shield 保護][canadianshield-protected] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體和釣魚網站 | [HTTPS][canadianshield-protected-https-signed], [TLS][canadianshield-protected-tls-signed] | [HTTPS][canadianshield-protected-https], [TLS][canadianshield-protected-tls] |
+| [Canadian Shield 家庭][canadianshield-family] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][canadianshield-family-https-signed], [TLS][canadianshield-family-tls-signed] | [HTTPS][canadianshield-family-https], [TLS][canadianshield-family-tls] |
+| [Cleanbrowsing 家庭過濾器][cleanbrowsing-family] | 🇺🇸 | 是 | 過濾惡意軟體、成人內容和混合內容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] |
+| [Cleanbrowsing 成人過濾器][cleanbrowsing-adult] | 🇺🇸 | 是 | 過濾惡意軟體和成人內容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] |
+| [Cleanbrowsing 安全過濾器][cleanbrowsing-security] | 🇺🇸 | 是 | 過濾惡意軟體 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] |
+| [Cloudflare 1.1.1.1][cloudflare-default] | 🇺🇸 | 否 | 由 Cloudflare 公司營運 | [HTTPS][cloudflare-default-https-signed], [TLS][cloudflare-default-tls-signed] | [HTTPS][cloudflare-default-https], [TLS][cloudflare-default-tls] |
+| [Cloudflare 1.1.1.1 安全][cloudflare-malware] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體和釣魚網站 | [HTTPS][cloudflare-malware-https-signed] | [HTTPS][cloudflare-malware-https] |
+| [Cloudflare 1.1.1.1 家庭][cloudflare-family] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][cloudflare-family-https-signed] | [HTTPS][cloudflare-family-https] |
+| [DNS4EU][dns4eu-default] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-default-https-signed], [TLS][dns4eu-default-tls-signed] | [HTTPS][dns4eu-default-https], [TLS][dns4eu-default-tls] |
+| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-malware-https-signed], [TLS][dns4eu-malware-tls-signed] | [HTTPS][dns4eu-malware-https], [TLS][dns4eu-malware-tls] |
+| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-protective-ads-https-signed], [TLS][dns4eu-protective-ads-tls-signed] | [HTTPS][dns4eu-protective-ads-https], [TLS][dns4eu-protective-ads-tls] |
+| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-protective-child-https-signed], [TLS][dns4eu-protective-child-tls-signed] | [HTTPS][dns4eu-protective-child-https], [TLS][dns4eu-protective-child-tls] |
+| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-protective-child-ads-https-signed], [TLS][dns4eu-protective-child-ads-tls-signed] | [HTTPS][dns4eu-protective-child-ads-https], [TLS][dns4eu-protective-child-ads-tls] |
+| [DNSPod 公共 DNS][dnspod-default] | 🇨🇳 | 否 | 由騰訊公司 DNSPod 營運 | [HTTPS][dnspod-default-https-signed], [TLS][dnspod-default-tls-signed] | [HTTPS][dnspod-default-https], [TLS][dnspod-default-tls] |
+| [FDN][fdn-default] | 🇫🇷 | 否 | 由法國資料網路營運 | [HTTPS][fdn-default-https-signed], [TLS][fdn-default-tls-signed] | [HTTPS][fdn-default-https], [TLS][fdn-default-tls] |
+| [FFMUC-DNS][ffmuc-dns-default] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-dns-default-https-signed], [TLS][ffmuc-dns-default-tls-signed] | [HTTPS][ffmuc-dns-default-https], [TLS][ffmuc-dns-default-tls] |
+| [Google 公共 DNS][google-default] | 🇺🇸 | 否 | 由谷歌公司營運 | [HTTPS][google-default-https-signed], [TLS][google-default-tls-signed] | [HTTPS][google-default-https], [TLS][google-default-tls] |
+| [keweonDNS][keweondns-default] | 🇩🇪 | 否 | 由 Aviontex 營運,阻擋廣告和追蹤器 | [HTTPS][keweondns-default-https-signed], [TLS][keweondns-default-tls-signed] | [HTTPS][keweondns-default-https], [TLS][keweondns-default-tls] |
+| [Mullvad DNS][mullvad-default] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運 | [HTTPS][mullvad-default-https-signed] | [HTTPS][mullvad-default-https] |
+| [Mullvad DNS 廣告阻擋][mullvad-adblock] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運,阻擋廣告和追蹤器 | [HTTPS][mullvad-adblock-https-signed] | [HTTPS][mullvad-adblock-https] |
+| [OpenDNS 標準版][opendns-default] | 🇺🇸 | 否 | 由思科 OpenDNS 營運 | [HTTPS][opendns-default-https-signed] | [HTTPS][opendns-default-https] |
+| [OpenDNS 家庭盾][opendns-family] | 🇺🇸 | 是 | 由思科 OpenDNS 營運,阻擋惡意軟體和成人內容 | [HTTPS][opendns-family-https-signed] | [HTTPS][opendns-family-https] |
+| [Quad9][quad9-default] | 🇨🇭 | 是 | 由 Quad9 基金會營運,阻擋惡意軟體 | [HTTPS][quad9-default-https-signed], [TLS][quad9-default-tls-signed] | [HTTPS][quad9-default-https], [TLS][quad9-default-tls] |
+| [Quad9 帶 ECS][quad9-ECS] | 🇨🇭 | 是 | 由 Quad9 基金會營運,支援 ECS,阻擋惡意軟體 | [HTTPS][quad9-ECS-https-signed], [TLS][quad9-ECS-tls-signed] | [HTTPS][quad9-ECS-https], [TLS][quad9-ECS-tls] |
+| [Quad9 無過濾][quad9-nofilter] | 🇨🇭 | 否 | 由 Quad9 基金會營運 | [HTTPS][quad9-nofilter-https-signed], [TLS][quad9-nofilter-tls-signed] | [HTTPS][quad9-nofilter-https], [TLS][quad9-nofilter-tls] |
+| [Tiarap][tiarapp-default] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體 | [HTTPS][tiarapp-default-https-signed], [TLS][tiarapp-default-tls-signed] | [HTTPS][tiarapp-default-https], [TLS][tiarapp-default-tls] |
## 安裝
@@ -120,152 +120,164 @@ cat /proc/sys/kernel/random/uuid
New-Guid
```
-[360-dns]: https://sdns.360.net/dnsPublic.html
-[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
-[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default
-[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
-[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
-[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
-[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
-[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
-[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
-[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
-[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
-[alekberg-dns]: https://alekberg.net
-[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
-[aliyun-dns]: https://www.alidns.com/
-[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
-[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
-[blahdns]: https://blahdns.com/
-[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig
-[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig
-[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig
-[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig
-[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
-[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
-[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
-[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
-[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
-[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
-[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
-[cleanbrowsing]: https://cleanbrowsing.org/filters/
+[360-default]: https://sdns.360.net/dnsPublic.html
+[360-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-default-https.mobileconfig
+[adguard-default]: https://adguard-dns.io/kb/general/dns-providers/#default
+[adguard-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
+[adguard-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
+[adguard-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
+[adguard-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
+[adguard-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
+[adguard-nofilter]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
+[adguard-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
+[adguard-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
+[alekberg-default]: https://alekberg.net
+[alekberg-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-default-https.mobileconfig
+[alibaba-default]: https://www.alidns.com/
+[alibaba-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-https.mobileconfig
+[alibaba-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-tls.mobileconfig
+[blahdns-cdn-adblock]: https://blahdns.com/
+[blahdns-cdn-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig
+[blahdns-cdn-unfiltered]: https://blahdns.com/
+[blahdns-cdn-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig
+[blahdns-germany]: https://blahdns.com/
+[blahdns-germany-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig
+[blahdns-singapore]: https://blahdns.com/
+[blahdns-singapore-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig
+[canadianshield-private]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-private-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
+[canadianshield-private-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
+[canadianshield-protected]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-protected-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
+[canadianshield-protected-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
+[canadianshield-family]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
+[canadianshield-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
+[cleanbrowsing-family]: https://cleanbrowsing.org/filters/
[cleanbrowsing-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig
[cleanbrowsing-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig
+[cleanbrowsing-adult]: https://cleanbrowsing.org/filters/
[cleanbrowsing-adult-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig
[cleanbrowsing-adult-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig
+[cleanbrowsing-security]: https://cleanbrowsing.org/filters/
[cleanbrowsing-security-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig
[cleanbrowsing-security-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig
-[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
-[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
-[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
-[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
-[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
-[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
-[dnspod-dns]: https://www.dnspod.com/products/public.dns
-[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
-[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
-[fdn-dns]: https://www.fdn.fr/actions/dns/
-[fdn-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-https.mobileconfig
-[fdn-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-tls.mobileconfig
-[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports
-[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
-[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
-[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
-[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-https.mobileconfig
-[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-tls.mobileconfig
-[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
-[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-https.mobileconfig
-[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig
-[opendns]: https://support.opendns.com/hc/articles/360038086532
-[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
-[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
-[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
-[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
-[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
-[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
-[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
-[quad9-profile-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig
-[quad9-profile-unfiltered-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig
-[tiarap]: https://doh.tiar.app
-[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
-[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig
-[dns4eu]: https://www.joindns4.eu/for-public
-[dns4eu-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-https.mobileconfig
-[dns4eu-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-tls.mobileconfig
+[cloudflare-default]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-https.mobileconfig
+[cloudflare-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-tls.mobileconfig
+[cloudflare-malware]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
+[cloudflare-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
+[cloudflare-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
+[dns4eu-default]: https://www.joindns4.eu/for-public
+[dns4eu-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-https.mobileconfig
+[dns4eu-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-tls.mobileconfig
[dns4eu-malware]: https://www.joindns4.eu/for-public
-[dns4eu-profile-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig
-[dns4eu-profile-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig
+[dns4eu-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig
+[dns4eu-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig
[dns4eu-protective-ads]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig
-[dns4eu-profile-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig
+[dns4eu-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig
+[dns4eu-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig
[dns4eu-protective-child]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig
-[dns4eu-profile-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig
+[dns4eu-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig
+[dns4eu-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig
[dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
-[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
-[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en
-[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig
-[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig
-[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
-[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
-[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
-[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
-[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
-[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
-[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
-[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig
-[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig
-[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig
-[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig
-[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig
-[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig
-[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig
-[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
-[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
-[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
-[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
-[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
-[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
+[dns4eu-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
+[dns4eu-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
+[dnspod-default]: https://www.dnspod.com/products/public.dns
+[dnspod-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-https.mobileconfig
+[dnspod-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-tls.mobileconfig
+[fdn-default]: https://www.fdn.fr/actions/dns/
+[fdn-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-https.mobileconfig
+[fdn-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-tls.mobileconfig
+[ffmuc-dns-default]: https://ffmuc.net/wiki/knb:dohdot_en
+[ffmuc-dns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-https.mobileconfig
+[ffmuc-dns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-tls.mobileconfig
+[google-default]: https://developers.google.com/speed/public-dns/docs/secure-transports
+[google-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-https.mobileconfig
+[google-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-tls.mobileconfig
+[keweondns-default]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
+[keweondns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-https.mobileconfig
+[keweondns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-tls.mobileconfig
+[mullvad-default]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-default-https.mobileconfig
+[mullvad-adblock]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig
+[opendns-default]: https://support.opendns.com/hc/articles/360038086532
+[opendns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-default-https.mobileconfig
+[opendns-family]: https://support.opendns.com/hc/articles/360038086532
+[opendns-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
+[quad9-default]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-https.mobileconfig
+[quad9-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-tls.mobileconfig
+[quad9-ECS]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-ECS-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
+[quad9-ECS-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
+[quad9-nofilter]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig
+[quad9-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig
+[tiarapp-default]: https://doh.tiar.app
+[tiarapp-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-https.mobileconfig
+[tiarapp-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-tls.mobileconfig
+[360-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-default-https.mobileconfig
+[adguard-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
+[adguard-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
+[adguard-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
+[adguard-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
+[adguard-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
+[adguard-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
+[alekberg-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-default-https.mobileconfig
+[alibaba-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-https.mobileconfig
+[alibaba-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-tls.mobileconfig
+[blahdns-cdn-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig
+[blahdns-cdn-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig
+[blahdns-germany-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig
+[blahdns-singapore-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig
+[canadianshield-private-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
+[canadianshield-private-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
+[canadianshield-protected-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
+[canadianshield-protected-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
+[canadianshield-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
+[canadianshield-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
[cleanbrowsing-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-https.mobileconfig
[cleanbrowsing-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-tls.mobileconfig
[cleanbrowsing-adult-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-https.mobileconfig
[cleanbrowsing-adult-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-tls.mobileconfig
[cleanbrowsing-security-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-https.mobileconfig
[cleanbrowsing-security-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-tls.mobileconfig
-[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig
-[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig
-[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
-[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
-[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig
-[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig
-[fdn-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-https.mobileconfig
-[fdn-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-tls.mobileconfig
-[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig
-[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig
-[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-https.mobileconfig
-[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-tls.mobileconfig
-[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-https.mobileconfig
-[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig
-[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig
-[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
-[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig
-[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig
-[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
-[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
-[quad9-profile-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig
-[quad9-profile-unfiltered-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig
-[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig
-[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig
-[dns4eu-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-https.mobileconfig
-[dns4eu-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-tls.mobileconfig
-[dns4eu-profile-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig
-[dns4eu-profile-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig
-[dns4eu-profile-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig
-[dns4eu-profile-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig
-[dns4eu-profile-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig
-[dns4eu-profile-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig
-[dns4eu-profile-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig
-[dns4eu-profile-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig
-[ffmuc-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-https.mobileconfig
-[ffmuc-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-tls.mobileconfig
+[cloudflare-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-https.mobileconfig
+[cloudflare-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-tls.mobileconfig
+[cloudflare-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
+[cloudflare-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
+[dns4eu-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-https.mobileconfig
+[dns4eu-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-tls.mobileconfig
+[dns4eu-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig
+[dns4eu-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig
+[dns4eu-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig
+[dns4eu-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig
+[dns4eu-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig
+[dns4eu-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig
+[dns4eu-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig
+[dns4eu-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig
+[dnspod-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-https.mobileconfig
+[dnspod-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-tls.mobileconfig
+[fdn-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-https.mobileconfig
+[fdn-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-tls.mobileconfig
+[ffmuc-dns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-https.mobileconfig
+[ffmuc-dns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-tls.mobileconfig
+[google-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-https.mobileconfig
+[google-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-tls.mobileconfig
+[keweondns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-https.mobileconfig
+[keweondns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-tls.mobileconfig
+[mullvad-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-default-https.mobileconfig
+[mullvad-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig
+[opendns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-default-https.mobileconfig
+[opendns-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
+[quad9-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-https.mobileconfig
+[quad9-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-tls.mobileconfig
+[quad9-ECS-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
+[quad9-ECS-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
+[quad9-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig
+[quad9-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig
+[tiarapp-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-https.mobileconfig
+[tiarapp-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-tls.mobileconfig
diff --git a/README.md b/README.md
index 1e35f4c..30c7af9 100644
--- a/README.md
+++ b/README.md
@@ -25,45 +25,45 @@ Mac:
Censorship (also known as "filtering") means the profile will not send true information about `hostname=IP` relation for some hosts.
-| Name | Region | Censorship | Notes | Install | Install (unsigned) |
-| ------------------------------------------------------------------------------------ | ------ | ---------- | --------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- |
-| [360 Security DNS][360-dns] | 🇨🇳 | Yes | Operated by 360 Digital Security Group | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] |
-| [AdGuard DNS Default][adguard-dns-default] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] |
-| [AdGuard DNS Family Protection][adguard-dns-family] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] |
-| [AdGuard DNS Non-filtering][adguard-dns-unfiltered] | 🇷🇺 | No | Operated by AdGuard Software Ltd. Non-filtering | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] |
-| [Alekberg Encrypted DNS][alekberg-dns] | 🇳🇱 | No | Independent | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] |
-| [Aliyun Public DNS][aliyun-dns] | 🇨🇳 | No | Operated by Alibaba Cloud Ltd. | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] |
-| [BlahDNS CDN Filtered][blahdns] | 🇺🇸 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] |
-| [BlahDNS CDN Unfiltered][blahdns] | 🇺🇸 | No | Independent. Non-filtering | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] |
-| [BlahDNS Germany][blahdns] | 🇩🇪 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] |
-| [BlahDNS Singapore][blahdns] | 🇸🇬 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] |
-| [Canadian Shield Private][canadian-shield] | 🇨🇦 | No | Operated by the Canadian Internet Registration Authority (CIRA) | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] |
-| [Canadian Shield Protected][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] |
-| [Canadian Shield Family][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] |
-| [Cleanbrowsing Family Filter][cleanbrowsing] | 🇺🇸 | Yes | Filters malware & adult, mixed content | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] |
-| [Cleanbrowsing Adult Filter][cleanbrowsing] | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] |
-| [Cleanbrowsing Security Filter][cleanbrowsing] | 🇺🇸 | Yes | Filters malware | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] |
-| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | No | Operated by Cloudflare Inc. | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] |
-| [Cloudflare 1.1.1.1 Security][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware & phishing | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] |
-| [Cloudflare 1.1.1.1 Family][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware, phishing & adult content | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] |
-| [DNS4EU][dns4eu] | 🇨🇿 | No | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-profile-https-signed], [TLS][dns4eu-profile-tls-signed] | [HTTPS][dns4eu-profile-https], [TLS][dns4eu-profile-tls] |
-| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-profile-malware-https-signed], [TLS][dns4eu-profile-malware-tls-signed] | [HTTPS][dns4eu-profile-malware-https], [TLS][dns4eu-profile-malware-tls] |
-| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-profile-protective-ads-https-signed], [TLS][dns4eu-profile-protective-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-ads-https], [TLS][dns4eu-profile-protective-ads-tls] |
-| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-profile-protective-child-https-signed], [TLS][dns4eu-profile-protective-child-tls-signed] | [HTTPS][dns4eu-profile-protective-child-https], [TLS][dns4eu-profile-protective-child-tls] |
-| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-profile-protective-child-ads-https-signed], [TLS][dns4eu-profile-protective-child-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] |
-| [DNSPod Public DNS][dnspod-dns] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] |
-| [FDN][fdn-dns] | 🇫🇷 | No | Operated by French Data Network | [HTTPS][fdn-https-signed], [TLS][fdn-tls-signed] | [HTTPS][fdn-https], [TLS][fdn-tls] |
-| [FFMUC-DNS][ffmucdns] | 🇩🇪 | No | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-profile-https-signed], [TLS][ffmuc-profile-tls-signed] | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] |
-| [Google Public DNS][google-dns] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] |
-| [keweonDNS][keweondns] | 🇩🇪 | No | Operated by Aviontex. Blocks ads & tracking | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] |
-| [Mullvad DNS][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] |
-| [Mullvad DNS Adblock][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB. Blocks ads & tracking | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] |
-| [OpenDNS Standard][opendns] | 🇺🇸 | No | Operated by Cisco OpenDNS LLC | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] |
-| [OpenDNS FamilyShield][opendns] | 🇺🇸 | Yes | Operated by Cisco OpenDNS LLC. Blocks malware & adult content | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] |
-| [Quad9][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Blocks malware | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] |
-| [Quad9 w/ ECS][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Supports ECS. Blocks malware | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] |
-| [Quad9 Unfiltered][quad9] | 🇨🇭 | No | Operated by Quad9 Foundation. | [HTTPS][quad9-profile-unfiltered-https-signed], [TLS][quad9-profile-unfiltered-tls-signed] | [HTTPS][quad9-profile-unfiltered-https], [TLS][quad9-profile-unfiltered-tls] |
-| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | Yes | Operated by Tiarap Inc. Blocks ads, tracking, phising & malware | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] |
+| Name | Region | Censorship | Notes | Install | Install (unsigned) |
+| ------------------------------------------------------------------------------------ | ------ | ---------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
+| [360 Security DNS][360-default] | 🇨🇳 | Yes | Operated by 360 Digital Security Group | [HTTPS][360-default-https-signed] | [HTTPS][360-default-https] |
+| [AdGuard DNS Default][adguard-default] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing | [HTTPS][adguard-default-https-signed], [TLS][adguard-default-tls-signed] | [HTTPS][adguard-default-https], [TLS][adguard-default-tls] |
+| [AdGuard DNS Family Protection][adguard-family] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content | [HTTPS][adguard-family-https-signed], [TLS][adguard-family-tls-signed] | [HTTPS][adguard-family-https], [TLS][adguard-family-tls] |
+| [AdGuard DNS Non-filtering][adguard-nofilter] | 🇷🇺 | No | Operated by AdGuard Software Ltd. Non-filtering | [HTTPS][adguard-nofilter-https-signed], [TLS][adguard-nofilter-tls-signed] | [HTTPS][adguard-nofilter-https], [TLS][adguard-nofilter-tls] |
+| [Alekberg Encrypted DNS][alekberg-default] | 🇳🇱 | No | Independent | [HTTPS][alekberg-default-https-signed] | [HTTPS][alekberg-default-https] |
+| [Aliyun Public DNS][alibaba-default] | 🇨🇳 | No | Operated by Alibaba Cloud Ltd. | [HTTPS][alibaba-default-https-signed], [TLS][alibaba-default-tls-signed] | [HTTPS][alibaba-default-https], [TLS][alibaba-default-tls] |
+| [BlahDNS CDN Filtered][blahdns-cdn-adblock] | 🇺🇸 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-cdn-adblock-https-signed] | [HTTPS][blahdns-cdn-adblock-https] |
+| [BlahDNS CDN Unfiltered][blahdns-cdn-unfiltered] | 🇺🇸 | No | Independent. Non-filtering | [HTTPS][blahdns-cdn-unfiltered-https-signed] | [HTTPS][blahdns-cdn-unfiltered-https] |
+| [BlahDNS Germany][blahdns-germany] | 🇩🇪 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-germany-https-signed] | [HTTPS][blahdns-germany-https] |
+| [BlahDNS Singapore][blahdns-singapore] | 🇸🇬 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-singapore-https-signed] | [HTTPS][blahdns-singapore-https] |
+| [Canadian Shield Private][canadianshield-private] | 🇨🇦 | No | Operated by the Canadian Internet Registration Authority (CIRA) | [HTTPS][canadianshield-private-https-signed], [TLS][canadianshield-private-tls-signed] | [HTTPS][canadianshield-private-https], [TLS][canadianshield-private-tls] |
+| [Canadian Shield Protected][canadianshield-protected] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing | [HTTPS][canadianshield-protected-https-signed], [TLS][canadianshield-protected-tls-signed] | [HTTPS][canadianshield-protected-https], [TLS][canadianshield-protected-tls] |
+| [Canadian Shield Family][canadianshield-family] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content | [HTTPS][canadianshield-family-https-signed], [TLS][canadianshield-family-tls-signed] | [HTTPS][canadianshield-family-https], [TLS][canadianshield-family-tls] |
+| [Cleanbrowsing Family Filter][cleanbrowsing-family] | 🇺🇸 | Yes | Filters malware & adult, mixed content | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] |
+| [Cleanbrowsing Adult Filter][cleanbrowsing-adult] | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] |
+| [Cleanbrowsing Security Filter][cleanbrowsing-security] | 🇺🇸 | Yes | Filters malware | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] |
+| [Cloudflare 1.1.1.1][cloudflare-default] | 🇺🇸 | No | Operated by Cloudflare Inc. | [HTTPS][cloudflare-default-https-signed], [TLS][cloudflare-default-tls-signed] | [HTTPS][cloudflare-default-https], [TLS][cloudflare-default-tls] |
+| [Cloudflare 1.1.1.1 Security][cloudflare-malware] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware & phishing | [HTTPS][cloudflare-malware-https-signed] | [HTTPS][cloudflare-malware-https] |
+| [Cloudflare 1.1.1.1 Family][cloudflare-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware, phishing & adult content | [HTTPS][cloudflare-family-https-signed] | [HTTPS][cloudflare-family-https] |
+| [DNS4EU][dns4eu-default] | 🇨🇿 | No | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-default-https-signed], [TLS][dns4eu-default-tls-signed] | [HTTPS][dns4eu-default-https], [TLS][dns4eu-default-tls] |
+| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-malware-https-signed], [TLS][dns4eu-malware-tls-signed] | [HTTPS][dns4eu-malware-https], [TLS][dns4eu-malware-tls] |
+| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-protective-ads-https-signed], [TLS][dns4eu-protective-ads-tls-signed] | [HTTPS][dns4eu-protective-ads-https], [TLS][dns4eu-protective-ads-tls] |
+| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-protective-child-https-signed], [TLS][dns4eu-protective-child-tls-signed] | [HTTPS][dns4eu-protective-child-https], [TLS][dns4eu-protective-child-tls] |
+| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-protective-child-ads-https-signed], [TLS][dns4eu-protective-child-ads-tls-signed] | [HTTPS][dns4eu-protective-child-ads-https], [TLS][dns4eu-protective-child-ads-tls] |
+| [DNSPod Public DNS][dnspod-default] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-default-https-signed], [TLS][dnspod-default-tls-signed] | [HTTPS][dnspod-default-https], [TLS][dnspod-default-tls] |
+| [FDN][fdn-default] | 🇫🇷 | No | Operated by French Data Network | [HTTPS][fdn-default-https-signed], [TLS][fdn-default-tls-signed] | [HTTPS][fdn-default-https], [TLS][fdn-default-tls] |
+| [FFMUC-DNS][ffmuc-dns-default] | 🇩🇪 | No | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-dns-default-https-signed], [TLS][ffmuc-dns-default-tls-signed] | [HTTPS][ffmuc-dns-default-https], [TLS][ffmuc-dns-default-tls] |
+| [Google Public DNS][google-default] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-default-https-signed], [TLS][google-default-tls-signed] | [HTTPS][google-default-https], [TLS][google-default-tls] |
+| [keweonDNS][keweondns-default] | 🇩🇪 | No | Operated by Aviontex. Blocks ads & tracking | [HTTPS][keweondns-default-https-signed], [TLS][keweondns-default-tls-signed] | [HTTPS][keweondns-default-https], [TLS][keweondns-default-tls] |
+| [Mullvad DNS][mullvad-default] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-default-https-signed] | [HTTPS][mullvad-default-https] |
+| [Mullvad DNS Adblock][mullvad-adblock] | 🇸🇪 | Yes | Operated by Mullvad VPN AB. Blocks ads & tracking | [HTTPS][mullvad-adblock-https-signed] | [HTTPS][mullvad-adblock-https] |
+| [OpenDNS Standard][opendns-default] | 🇺🇸 | No | Operated by Cisco OpenDNS LLC | [HTTPS][opendns-default-https-signed] | [HTTPS][opendns-default-https] |
+| [OpenDNS FamilyShield][opendns-family] | 🇺🇸 | Yes | Operated by Cisco OpenDNS LLC. Blocks malware & adult content | [HTTPS][opendns-family-https-signed] | [HTTPS][opendns-family-https] |
+| [Quad9][quad9-default] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Blocks malware | [HTTPS][quad9-default-https-signed], [TLS][quad9-default-tls-signed] | [HTTPS][quad9-default-https], [TLS][quad9-default-tls] |
+| [Quad9 w/ ECS][quad9-ECS] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Supports ECS. Blocks malware | [HTTPS][quad9-ECS-https-signed], [TLS][quad9-ECS-tls-signed] | [HTTPS][quad9-ECS-https], [TLS][quad9-ECS-tls] |
+| [Quad9 Unfiltered][quad9-nofilter] | 🇨🇭 | No | Operated by Quad9 Foundation. | [HTTPS][quad9-nofilter-https-signed], [TLS][quad9-nofilter-tls-signed] | [HTTPS][quad9-nofilter-https], [TLS][quad9-nofilter-tls] |
+| [Tiarap][tiarapp-default] | 🇸🇬 🇺🇸 | Yes | Operated by Tiarap Inc. Blocks ads, tracking, phising & malware | [HTTPS][tiarapp-default-https-signed], [TLS][tiarapp-default-tls-signed] | [HTTPS][tiarapp-default-https], [TLS][tiarapp-default-tls] |
## Known issues
@@ -102,163 +102,174 @@ Censorship (also known as "filtering") means the profile will not send true info
- `npm run new` - interactively creates new profile from CLI options. Can also be ran with flags.
- `scripts/new.test.ts` includes CLI snapshot tests and a PTY interactive flow test.
- PTY test runs by default; set `NEW_TEST_PTY=0` to opt out.
-- `node scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig
-- `node scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL.
+- `src/scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig
+- `src/scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL.
- Uses `-nosmimecap` to match local CMS signing policy.
-- `node scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout.
-- `node test/sign-single.test.ts` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`.
- - Runs under `npm run test`.
+- `src/scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout.
+- `npm run test` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`.
- Generates temporary test root/signer certificates and keys via OpenSSL.
- Signs the same profile with `scripts/sign.ts` and `scripts/sign_openssl.sh`.
- Verifies detached content and embedded certificate set parity.
-[360-dns]: https://sdns.360.net/dnsPublic.html
-[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig
-[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default
-[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
-[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
-[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
-[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
-[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
-[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
-[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
-[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
-[alekberg-dns]: https://alekberg.net
-[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig
-[aliyun-dns]: https://www.alidns.com/
-[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig
-[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig
-[blahdns]: https://blahdns.com/
-[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig
-[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig
-[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig
-[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig
-[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
-[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
-[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
-[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
-[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
-[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
-[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
-[cleanbrowsing]: https://cleanbrowsing.org/filters/
+[360-default]: https://sdns.360.net/dnsPublic.html
+[360-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-default-https.mobileconfig
+[adguard-default]: https://adguard-dns.io/kb/general/dns-providers/#default
+[adguard-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig
+[adguard-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig
+[adguard-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection
+[adguard-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig
+[adguard-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig
+[adguard-nofilter]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering
+[adguard-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig
+[adguard-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig
+[alekberg-default]: https://alekberg.net
+[alekberg-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-default-https.mobileconfig
+[alibaba-default]: https://www.alidns.com/
+[alibaba-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-https.mobileconfig
+[alibaba-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-tls.mobileconfig
+[blahdns-cdn-adblock]: https://blahdns.com/
+[blahdns-cdn-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig
+[blahdns-cdn-unfiltered]: https://blahdns.com/
+[blahdns-cdn-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig
+[blahdns-germany]: https://blahdns.com/
+[blahdns-germany-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig
+[blahdns-singapore]: https://blahdns.com/
+[blahdns-singapore-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig
+[canadianshield-private]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-private-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig
+[canadianshield-private-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig
+[canadianshield-protected]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-protected-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig
+[canadianshield-protected-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig
+[canadianshield-family]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses
+[canadianshield-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig
+[canadianshield-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig
+[cleanbrowsing-family]: https://cleanbrowsing.org/filters/
[cleanbrowsing-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig
[cleanbrowsing-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig
+[cleanbrowsing-adult]: https://cleanbrowsing.org/filters/
[cleanbrowsing-adult-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig
[cleanbrowsing-adult-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig
+[cleanbrowsing-security]: https://cleanbrowsing.org/filters/
[cleanbrowsing-security-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig
[cleanbrowsing-security-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig
-[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/
-[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig
-[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig
-[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
-[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
-[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
-[dnspod-dns]: https://www.dnspod.com/products/public.dns
-[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig
-[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig
-[fdn-dns]: https://www.fdn.fr/actions/dns/
-[fdn-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-https.mobileconfig
-[fdn-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-tls.mobileconfig
-[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports
-[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig
-[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig
-[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
-[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-https.mobileconfig
-[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-tls.mobileconfig
-[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
-[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-https.mobileconfig
-[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig
-[opendns]: https://support.opendns.com/hc/articles/360038086532
-[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig
-[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
-[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
-[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig
-[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig
-[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
-[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
-[quad9-profile-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig
-[quad9-profile-unfiltered-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig
-[tiarap]: https://doh.tiar.app
-[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig
-[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig
-[dns4eu]: https://www.joindns4.eu/for-public
-[dns4eu-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-https.mobileconfig
-[dns4eu-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-tls.mobileconfig
+[cloudflare-default]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-https.mobileconfig
+[cloudflare-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-tls.mobileconfig
+[cloudflare-malware]: https://developers.cloudflare.com/1.1.1.1/encryption/
+[cloudflare-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig
+[cloudflare-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
+[cloudflare-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig
+[dns4eu-default]: https://www.joindns4.eu/for-public
+[dns4eu-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-https.mobileconfig
+[dns4eu-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-tls.mobileconfig
[dns4eu-malware]: https://www.joindns4.eu/for-public
-[dns4eu-profile-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig
-[dns4eu-profile-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig
+[dns4eu-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig
+[dns4eu-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig
[dns4eu-protective-ads]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig
-[dns4eu-profile-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig
+[dns4eu-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig
+[dns4eu-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig
[dns4eu-protective-child]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig
-[dns4eu-profile-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig
+[dns4eu-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig
+[dns4eu-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig
[dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public
-[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
-[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
-[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en
-[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig
-[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig
-[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig
-[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
-[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
-[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
-[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
-[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
-[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
-[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig
-[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig
-[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig
-[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig
-[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig
-[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig
-[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig
-[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
-[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
-[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
-[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
-[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
-[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
+[dns4eu-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig
+[dns4eu-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig
+[dnspod-default]: https://www.dnspod.com/products/public.dns
+[dnspod-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-https.mobileconfig
+[dnspod-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-tls.mobileconfig
+[fdn-default]: https://www.fdn.fr/actions/dns/
+[fdn-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-https.mobileconfig
+[fdn-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-tls.mobileconfig
+[ffmuc-dns-default]: https://ffmuc.net/wiki/knb:dohdot_en
+[ffmuc-dns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-https.mobileconfig
+[ffmuc-dns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-tls.mobileconfig
+[google-default]: https://developers.google.com/speed/public-dns/docs/secure-transports
+[google-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-https.mobileconfig
+[google-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-tls.mobileconfig
+[keweondns-default]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/
+[keweondns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-https.mobileconfig
+[keweondns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-tls.mobileconfig
+[mullvad-default]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-default-https.mobileconfig
+[mullvad-adblock]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/
+[mullvad-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig
+[opendns-default]: https://support.opendns.com/hc/articles/360038086532
+[opendns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-default-https.mobileconfig
+[opendns-family]: https://support.opendns.com/hc/articles/360038086532
+[opendns-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig
+[quad9-default]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-https.mobileconfig
+[quad9-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-tls.mobileconfig
+[quad9-ECS]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-ECS-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig
+[quad9-ECS-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig
+[quad9-nofilter]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+[quad9-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig
+[quad9-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig
+[tiarapp-default]: https://doh.tiar.app
+[tiarapp-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-https.mobileconfig
+[tiarapp-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-tls.mobileconfig
+[360-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-default-https.mobileconfig
+[adguard-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig
+[adguard-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig
+[adguard-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig
+[adguard-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig
+[adguard-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig
+[adguard-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig
+[alekberg-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-default-https.mobileconfig
+[alibaba-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-https.mobileconfig
+[alibaba-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-tls.mobileconfig
+[blahdns-cdn-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig
+[blahdns-cdn-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig
+[blahdns-germany-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig
+[blahdns-singapore-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig
+[canadianshield-private-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig
+[canadianshield-private-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig
+[canadianshield-protected-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig
+[canadianshield-protected-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig
+[canadianshield-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig
+[canadianshield-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig
[cleanbrowsing-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-https.mobileconfig
[cleanbrowsing-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-tls.mobileconfig
[cleanbrowsing-adult-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-https.mobileconfig
[cleanbrowsing-adult-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-tls.mobileconfig
[cleanbrowsing-security-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-https.mobileconfig
[cleanbrowsing-security-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-tls.mobileconfig
-[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig
-[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig
-[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
-[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
-[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig
-[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig
-[fdn-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-https.mobileconfig
-[fdn-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-tls.mobileconfig
-[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig
-[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig
-[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-https.mobileconfig
-[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-tls.mobileconfig
-[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-https.mobileconfig
-[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig
-[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig
-[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
-[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig
-[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig
-[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
-[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
-[quad9-profile-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig
-[quad9-profile-unfiltered-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig
-[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig
-[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig
-[dns4eu-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-https.mobileconfig
-[dns4eu-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-tls.mobileconfig
-[dns4eu-profile-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig
-[dns4eu-profile-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig
-[dns4eu-profile-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig
-[dns4eu-profile-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig
-[dns4eu-profile-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig
-[dns4eu-profile-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig
-[dns4eu-profile-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig
-[dns4eu-profile-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig
-[ffmuc-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-https.mobileconfig
-[ffmuc-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-tls.mobileconfig
+[cloudflare-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-https.mobileconfig
+[cloudflare-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-tls.mobileconfig
+[cloudflare-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig
+[cloudflare-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig
+[dns4eu-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-https.mobileconfig
+[dns4eu-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-tls.mobileconfig
+[dns4eu-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig
+[dns4eu-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig
+[dns4eu-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig
+[dns4eu-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig
+[dns4eu-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig
+[dns4eu-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig
+[dns4eu-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig
+[dns4eu-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig
+[dnspod-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-https.mobileconfig
+[dnspod-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-tls.mobileconfig
+[fdn-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-https.mobileconfig
+[fdn-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-tls.mobileconfig
+[ffmuc-dns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-https.mobileconfig
+[ffmuc-dns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-tls.mobileconfig
+[google-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-https.mobileconfig
+[google-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-tls.mobileconfig
+[keweondns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-https.mobileconfig
+[keweondns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-tls.mobileconfig
+[mullvad-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-default-https.mobileconfig
+[mullvad-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig
+[opendns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-default-https.mobileconfig
+[opendns-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig
+[quad9-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-https.mobileconfig
+[quad9-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-tls.mobileconfig
+[quad9-ECS-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig
+[quad9-ECS-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig
+[quad9-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig
+[quad9-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig
+[tiarapp-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-https.mobileconfig
+[tiarapp-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-tls.mobileconfig
diff --git a/certs/.gitkeep b/certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/package.json b/package.json
index e293805..9c4a0f0 100644
--- a/package.json
+++ b/package.json
@@ -4,13 +4,14 @@
"type": "module",
"scripts": {
"build:clean": "rm -f signed/*.mobileconfig profiles/*.mobileconfig README*.md",
- "build": "npm run build:clean && node scripts/build.ts",
- "sign": "node scripts/sign.ts",
- "new": "node scripts/new.ts",
- "test": "node --experimental-strip-types --test scripts/new.test.ts scripts/sign-single.test.ts",
- "format": "prettier --write \"src/*.json\" scripts/*.ts *.ts"
+ "build": "npm run build:clean && node src/scripts/build.ts",
+ "sign": "node src/scripts/sign.ts",
+ "new": "node src/scripts/new.ts",
+ "test": "node --experimental-strip-types --test src/scripts/new.test.ts src/scripts/sign-single.test.ts",
+ "format": "prettier --write \"src/*.json\" src/scripts/*.ts"
},
"dependencies": {
+ "@noble/hashes": "2.0.1",
"micro-key-producer": "0.8.5",
"prettier": "3.6.2"
}
diff --git a/profiles/360-https.mobileconfig b/profiles/360-default-https.mobileconfig
similarity index 68%
rename from profiles/360-https.mobileconfig
rename to profiles/360-default-https.mobileconfig
index 0238e90..eee8e10 100644
--- a/profiles/360-https.mobileconfig
+++ b/profiles/360-default-https.mobileconfig
@@ -18,15 +18,15 @@
https://doh.360.cn/dns-query
PayloadDescription
- Configures device to use 360 Public Security DNS over HTTPS
+ Configures device to use 360 Security DNS Encrypted DNS over HTTPS
PayloadDisplayName
- 360 Public Security DNS over HTTPS
+ 360 Security DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.b399690d-2f24-5d4e-8e6b-1faedb2dcf0f
+ com.apple.dnsSettings.managed.fb138167-92eb-53a2-949b-b4c4f7c29e65
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- B399690D-2F24-5D4E-8E6B-1FAEDB2DCF0F
+ FB138167-92EB-53A2-949B-B4C4F7C29E65
PayloadVersion
1
ProhibitDisablement
@@ -34,9 +34,12 @@
PayloadDescription
- Adds the 360 Public Security DNS over HTTPS to Big Sur and iOS 14 based systems
+ Configures device to use 360 Security DNS over HTTPS
+Operated by 360 Digital Security Group.
+Server location: 🇨🇳.
+Filtering: yes
PayloadDisplayName
- 360 Public Security DNS over HTTPS
+ 360 Security DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -46,7 +49,7 @@
PayloadType
Configuration
PayloadUUID
- 32955666-3542-5C76-B7E4-B8924A9D7572
+ 8B0370F5-EAC9-5A92-B6DF-A0D3B9023F12
PayloadVersion
1
diff --git a/profiles/adguard-default-https.mobileconfig b/profiles/adguard-default-https.mobileconfig
index 88661c0..cc70a9a 100644
--- a/profiles/adguard-default-https.mobileconfig
+++ b/profiles/adguard-default-https.mobileconfig
@@ -20,9 +20,9 @@
https://dns.adguard.com/dns-query
PayloadDescription
- Configures device to use Adguard Default Encrypted DNS over HTTPS
+ Configures device to use AdGuard DNS Default Encrypted DNS over HTTPS
PayloadDisplayName
- Adguard Default DNS over HTTPS
+ AdGuard DNS Default Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.e0484b82-bd95-5055-bce6-22ddb955f954
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Adguard Default DNS to Big Sur and iOS 14 based systems
+ Configures device to use AdGuard DNS Default over HTTPS
+Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing.
+Server location: 🇷🇺.
+Filtering: yes
PayloadDisplayName
- Adguard Default DNS over HTTPS
+ AdGuard DNS Default Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/adguard-default-tls.mobileconfig b/profiles/adguard-default-tls.mobileconfig
index 1dbce9b..651a414 100644
--- a/profiles/adguard-default-tls.mobileconfig
+++ b/profiles/adguard-default-tls.mobileconfig
@@ -20,9 +20,9 @@
dns.adguard.com
PayloadDescription
- Configures device to use Adguard Default Encrypted DNS over TLS
+ Configures device to use AdGuard DNS Default Encrypted DNS over TLS
PayloadDisplayName
- Adguard Default DNS over TLS
+ AdGuard DNS Default Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.d1c9922c-d540-5ffe-a181-9c3538691553
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Adguard Default DNS to Big Sur and iOS 14 based systems
+ Configures device to use AdGuard DNS Default over TLS
+Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing.
+Server location: 🇷🇺.
+Filtering: yes
PayloadDisplayName
- Adguard Default DNS over TLS
+ AdGuard DNS Default Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/adguard-family-https.mobileconfig b/profiles/adguard-family-https.mobileconfig
index 69d7547..dc79164 100644
--- a/profiles/adguard-family-https.mobileconfig
+++ b/profiles/adguard-family-https.mobileconfig
@@ -20,9 +20,9 @@
https://dns-family.adguard.com/dns-query
PayloadDescription
- Configures device to use AdGuard Family Protection Encrypted DNS over HTTPS
+ Configures device to use AdGuard DNS Family Protection Encrypted DNS over HTTPS
PayloadDisplayName
- AdGuard Family Protection DNS over HTTPS
+ AdGuard DNS Family Protection Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.0efea210-5662-5682-a598-eb1533476312
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the AdGuard Family Protection DNS to Big Sur and iOS 14 based systems
+ Configures device to use AdGuard DNS Family Protection over HTTPS
+Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content.
+Server location: 🇷🇺.
+Filtering: yes
PayloadDisplayName
- AdGuard Family Protection DNS over HTTPS
+ AdGuard DNS Family Protection Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/adguard-family-tls.mobileconfig b/profiles/adguard-family-tls.mobileconfig
index dfa6c8f..5de4136 100644
--- a/profiles/adguard-family-tls.mobileconfig
+++ b/profiles/adguard-family-tls.mobileconfig
@@ -20,9 +20,9 @@
dns-family.adguard.com
PayloadDescription
- Configures device to use AdGuard Family Protection Encrypted DNS over TLS
+ Configures device to use AdGuard DNS Family Protection Encrypted DNS over TLS
PayloadDisplayName
- AdGuard Family Protection DNS over TLS
+ AdGuard DNS Family Protection Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.613ad78c-05ce-5f51-b416-a6be4d086adb
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the AdGuard Family Protection DNS to Big Sur and iOS 14 based systems
+ Configures device to use AdGuard DNS Family Protection over TLS
+Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content.
+Server location: 🇷🇺.
+Filtering: yes
PayloadDisplayName
- AdGuard Family Protection DNS over TLS
+ AdGuard DNS Family Protection Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/adguard-nofilter-https.mobileconfig b/profiles/adguard-nofilter-https.mobileconfig
index 21c936f..b6430e6 100644
--- a/profiles/adguard-nofilter-https.mobileconfig
+++ b/profiles/adguard-nofilter-https.mobileconfig
@@ -20,9 +20,9 @@
https://dns-unfiltered.adguard.com/dns-query
PayloadDescription
- Configures device to use Adguard No Filter Encrypted DNS over TLS
+ Configures device to use AdGuard DNS Non-filtering Encrypted DNS over HTTPS
PayloadDisplayName
- Adguard No Filter over HTTPS
+ AdGuard DNS Non-filtering Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.b32f80e6-b0d2-52b0-9b6b-8daa173ed9ce
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Adguard No Filter to Big Sur and iOS 14 based systems
+ Configures device to use AdGuard DNS Non-filtering over HTTPS
+Operated by AdGuard Software Ltd. Non-filtering.
+Server location: 🇷🇺.
+Filtering: no
PayloadDisplayName
- Adguard No Filter over HTTPS
+ AdGuard DNS Non-filtering Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/adguard-nofilter-tls.mobileconfig b/profiles/adguard-nofilter-tls.mobileconfig
index dbf04ae..6bff81f 100644
--- a/profiles/adguard-nofilter-tls.mobileconfig
+++ b/profiles/adguard-nofilter-tls.mobileconfig
@@ -20,9 +20,9 @@
dns-unfiltered.adguard.com
PayloadDescription
- Configures device to use Adguard No Filter Encrypted DNS over TLS
+ Configures device to use AdGuard DNS Non-filtering Encrypted DNS over TLS
PayloadDisplayName
- Adguard No Filter over TLS
+ AdGuard DNS Non-filtering Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.967d8837-2749-5739-bd43-3ebe75d1ccc7
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Adguard No Filter to Big Sur and iOS 14 based systems
+ Configures device to use AdGuard DNS Non-filtering over TLS
+Operated by AdGuard Software Ltd. Non-filtering.
+Server location: 🇷🇺.
+Filtering: no
PayloadDisplayName
- Adguard No Filter over TLS
+ AdGuard DNS Non-filtering Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/alekberg-https.mobileconfig b/profiles/alekberg-default-https.mobileconfig
similarity index 70%
rename from profiles/alekberg-https.mobileconfig
rename to profiles/alekberg-default-https.mobileconfig
index 9b17e82..fdee825 100644
--- a/profiles/alekberg-https.mobileconfig
+++ b/profiles/alekberg-default-https.mobileconfig
@@ -18,15 +18,15 @@
https://dnsnl.alekberg.net/dns-query
PayloadDescription
- Configures device to use Alekberg DNS over HTTPS (nl)
+ Configures device to use Alekberg Encrypted DNS Encrypted DNS over HTTPS
PayloadDisplayName
- Alekberg DNS over HTTPS (nl)
+ Alekberg Encrypted DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.081fa724-7333-5733-a4ed-194e3e9f1ad5
+ com.apple.dnsSettings.managed.d27008e4-ecaa-5171-adcf-70bdc8c2351c
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 081FA724-7333-5733-A4ED-194E3E9F1AD5
+ D27008E4-ECAA-5171-ADCF-70BDC8C2351C
PayloadVersion
1
ProhibitDisablement
@@ -34,14 +34,17 @@
PayloadDescription
- This profile enables Alekberg DNS over HTTPS located in Amsterdam (DNSSEC enabled) on all networks using the iOS 14 / macOS Big Sur Encrypted DNS feature.
+ Configures device to use Alekberg Encrypted DNS over HTTPS
+Independent.
+Server location: 🇳🇱.
+Filtering: no
ConsentText
default
Privacy policy: https://alekberg.net/privacy
PayloadDisplayName
- Alekberg DNS over HTTPS (nl)
+ Alekberg Encrypted DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -51,7 +54,7 @@
PayloadType
Configuration
PayloadUUID
- 3BCA6F1A-25FD-59B9-8997-386560ED54A6
+ EB4D5EF9-B4B4-56A6-9C3A-43EFD5A3C532
PayloadVersion
1
diff --git a/profiles/alibaba-https.mobileconfig b/profiles/alibaba-default-https.mobileconfig
similarity index 69%
rename from profiles/alibaba-https.mobileconfig
rename to profiles/alibaba-default-https.mobileconfig
index 062a8c8..a8c1492 100644
--- a/profiles/alibaba-https.mobileconfig
+++ b/profiles/alibaba-default-https.mobileconfig
@@ -20,15 +20,15 @@
https://dns.alidns.com/dns-query
PayloadDescription
- Configures device to use AliDNS Encrypted DNS over TLS
+ Configures device to use Aliyun Public DNS Encrypted DNS over HTTPS
PayloadDisplayName
- AliDNS DNS over HTTPS
+ Aliyun Public DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.628022a4-60d9-57d7-8fd2-5feb4de86bf2
+ com.apple.dnsSettings.managed.5311493a-61cc-56dd-bf44-6702dcfb3964
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 628022A4-60D9-57D7-8FD2-5FEB4DE86BF2
+ 5311493A-61CC-56DD-BF44-6702DCFB3964
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the AliDNS to Big Sur and iOS 14 based systems
+ Configures device to use Aliyun Public DNS over HTTPS
+Operated by Alibaba Cloud Ltd.
+Server location: 🇨🇳.
+Filtering: no
PayloadDisplayName
- AliDNS over HTTPS
+ Aliyun Public DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- E826D360-4317-56A8-BDBF-BBF52811B4CA
+ 3730DCE6-C68A-5D19-9D70-D7727B9318AB
PayloadVersion
1
diff --git a/profiles/alibaba-tls.mobileconfig b/profiles/alibaba-default-tls.mobileconfig
similarity index 69%
rename from profiles/alibaba-tls.mobileconfig
rename to profiles/alibaba-default-tls.mobileconfig
index 2ef40f5..7b16710 100644
--- a/profiles/alibaba-tls.mobileconfig
+++ b/profiles/alibaba-default-tls.mobileconfig
@@ -20,15 +20,15 @@
dns.alidns.com
PayloadDescription
- Configures device to use AliDNS Encrypted DNS over TLS
+ Configures device to use Aliyun Public DNS Encrypted DNS over TLS
PayloadDisplayName
- AliDNS DNS over TLS
+ Aliyun Public DNS Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.2f3e8ca8-7351-5a2e-b6b6-2293632709ea
+ com.apple.dnsSettings.managed.2950c71c-1478-5c77-b58b-e3be44f2f4cc
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 2F3E8CA8-7351-5A2E-B6B6-2293632709EA
+ 2950C71C-1478-5C77-B58B-E3BE44F2F4CC
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the AliDNS to Big Sur and iOS 14 based systems
+ Configures device to use Aliyun Public DNS over TLS
+Operated by Alibaba Cloud Ltd.
+Server location: 🇨🇳.
+Filtering: no
PayloadDisplayName
- AliDNS over TLS
+ Aliyun Public DNS Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 623E4324-F2F1-5B6C-8BE1-5042663750FE
+ B3571C63-5980-585A-B65C-51CC145498CE
PayloadVersion
1
diff --git a/profiles/blahdns-cdn-adblock-https.mobileconfig b/profiles/blahdns-cdn-adblock-https.mobileconfig
index bb4a84a..43d326f 100644
--- a/profiles/blahdns-cdn-adblock-https.mobileconfig
+++ b/profiles/blahdns-cdn-adblock-https.mobileconfig
@@ -13,9 +13,9 @@
https://doh1.blahdns.com/dns-query
PayloadDescription
- Configures device to use BlahDNS (CDN / Adblock / Primary) DNS over HTTPS
+ Configures device to use BlahDNS CDN Filtered Encrypted DNS over HTTPS
PayloadDisplayName
- BlahDNS (CDN / Adblock / Primary) DNS over HTTPS
+ BlahDNS CDN Filtered Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.81f9f40a-545c-5c09-bc7a-55957bda3333
PayloadType
@@ -29,7 +29,10 @@
PayloadDescription
- This profile enables BlahDNS (CDN / Adblock / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature.
+ Configures device to use BlahDNS CDN Filtered over HTTPS
+Independent. Blocks ads, tracking & malware.
+Server location: 🇺🇸.
+Filtering: yes
ConsentText
default
@@ -37,7 +40,7 @@
https://blahdns.com
PayloadDisplayName
- BlahDNS (CDN / Adblock / Primary) DNS over HTTPS
+ BlahDNS CDN Filtered Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/blahdns-cdn-unfiltered-https.mobileconfig b/profiles/blahdns-cdn-unfiltered-https.mobileconfig
index 774d048..05b6157 100644
--- a/profiles/blahdns-cdn-unfiltered-https.mobileconfig
+++ b/profiles/blahdns-cdn-unfiltered-https.mobileconfig
@@ -13,9 +13,9 @@
https://doh1.blahdns.com/uncensor
PayloadDescription
- Configures device to use BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS
+ Configures device to use BlahDNS CDN Unfiltered Encrypted DNS over HTTPS
PayloadDisplayName
- BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS
+ BlahDNS CDN Unfiltered Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.68a187fb-09ed-583d-90e8-86768d65ec77
PayloadType
@@ -29,7 +29,10 @@
PayloadDescription
- This profile enables BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature.
+ Configures device to use BlahDNS CDN Unfiltered over HTTPS
+Independent. Non-filtering.
+Server location: 🇺🇸.
+Filtering: no
ConsentText
default
@@ -37,7 +40,7 @@
https://blahdns.com
PayloadDisplayName
- BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS
+ BlahDNS CDN Unfiltered Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/blahdns-germany-https.mobileconfig b/profiles/blahdns-germany-https.mobileconfig
index edd0a6f..104e69a 100644
--- a/profiles/blahdns-germany-https.mobileconfig
+++ b/profiles/blahdns-germany-https.mobileconfig
@@ -18,9 +18,9 @@
https://doh-de.blahdns.com/dns-query
PayloadDescription
- Configures device to use BlahDNS (Germany) DNS over HTTPS
+ Configures device to use BlahDNS Germany Encrypted DNS over HTTPS
PayloadDisplayName
- BlahDNS (Germany) DNS over HTTPS
+ BlahDNS Germany Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.f6244097-4c9c-5f50-9957-173c9262c5ac
PayloadType
@@ -34,7 +34,10 @@
PayloadDescription
- This profile enables BlahDNS (Germany) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature.
+ Configures device to use BlahDNS Germany over HTTPS
+Independent. Blocks ads, tracking & malware.
+Server location: 🇩🇪.
+Filtering: yes
ConsentText
default
@@ -42,7 +45,7 @@
https://blahdns.com
PayloadDisplayName
- BlahDNS (Germany) DNS over HTTPS
+ BlahDNS Germany Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/blahdns-singapore-https.mobileconfig b/profiles/blahdns-singapore-https.mobileconfig
index b5ab5c0..9be3d28 100644
--- a/profiles/blahdns-singapore-https.mobileconfig
+++ b/profiles/blahdns-singapore-https.mobileconfig
@@ -18,9 +18,9 @@
https://doh-sg.blahdns.com/dns-query
PayloadDescription
- Configures device to use BlahDNS (Singapore) DNS over HTTPS
+ Configures device to use BlahDNS Singapore Encrypted DNS over HTTPS
PayloadDisplayName
- BlahDNS (Singapore) DNS over HTTPS
+ BlahDNS Singapore Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.d1976481-acaa-5aa7-bd8f-2a8de37caab9
PayloadType
@@ -34,7 +34,10 @@
PayloadDescription
- This profile enables BlahDNS (Singapore) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature.
+ Configures device to use BlahDNS Singapore over HTTPS
+Independent. Blocks ads, tracking & malware.
+Server location: 🇸🇬.
+Filtering: yes
ConsentText
default
@@ -42,7 +45,7 @@
https://blahdns.com
PayloadDisplayName
- BlahDNS (Singapore) DNS over HTTPS
+ BlahDNS Singapore Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/canadianshield-family-https.mobileconfig b/profiles/canadianshield-family-https.mobileconfig
index 35eea08..a4528d8 100644
--- a/profiles/canadianshield-family-https.mobileconfig
+++ b/profiles/canadianshield-family-https.mobileconfig
@@ -20,9 +20,9 @@
https://family.canadianshield.cira.ca/dns-query
PayloadDescription
- Configures device to use Canadian Shield Encrypted DNS over HTTPS
+ Configures device to use Canadian Shield Family Encrypted DNS over HTTPS
PayloadDisplayName
- Canadian Shield DNS over HTTPS
+ Canadian Shield Family Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.66866361-cb2d-5332-988f-b83b18a3e4b6
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems
+ Configures device to use Canadian Shield Family over HTTPS
+Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content.
+Server location: 🇨🇦.
+Filtering: yes
PayloadDisplayName
- Canadian Shield DNS over HTTPS
+ Canadian Shield Family Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/canadianshield-family-tls.mobileconfig b/profiles/canadianshield-family-tls.mobileconfig
index 45f4781..da362cb 100644
--- a/profiles/canadianshield-family-tls.mobileconfig
+++ b/profiles/canadianshield-family-tls.mobileconfig
@@ -20,9 +20,9 @@
family.canadianshield.cira.ca
PayloadDescription
- Configures device to use Canadian Shield Encrypted DNS over TLS
+ Configures device to use Canadian Shield Family Encrypted DNS over TLS
PayloadDisplayName
- Canadian Shield DNS over TLS
+ Canadian Shield Family Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.f39a4c45-f272-5414-bcbb-04a393575ee1
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems
+ Configures device to use Canadian Shield Family over TLS
+Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content.
+Server location: 🇨🇦.
+Filtering: yes
PayloadDisplayName
- Canadian Shield DNS over TLS
+ Canadian Shield Family Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/canadianshield-private-https.mobileconfig b/profiles/canadianshield-private-https.mobileconfig
index 19654ab..91f9b4d 100644
--- a/profiles/canadianshield-private-https.mobileconfig
+++ b/profiles/canadianshield-private-https.mobileconfig
@@ -20,9 +20,9 @@
https://private.canadianshield.cira.ca/dns-query
PayloadDescription
- Configures device to use Canadian Shield Encrypted DNS over HTTPS
+ Configures device to use Canadian Shield Private Encrypted DNS over HTTPS
PayloadDisplayName
- Canadian Shield DNS over HTTPS
+ Canadian Shield Private Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.df3591d5-693b-57b6-9c73-0f7eb396a96b
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems
+ Configures device to use Canadian Shield Private over HTTPS
+Operated by the Canadian Internet Registration Authority (CIRA).
+Server location: 🇨🇦.
+Filtering: no
PayloadDisplayName
- Canadian Shield DNS over HTTPS
+ Canadian Shield Private Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/canadianshield-private-tls.mobileconfig b/profiles/canadianshield-private-tls.mobileconfig
index b0c4745..950283a 100644
--- a/profiles/canadianshield-private-tls.mobileconfig
+++ b/profiles/canadianshield-private-tls.mobileconfig
@@ -20,9 +20,9 @@
private.canadianshield.cira.ca
PayloadDescription
- Configures device to use Canadian Shield Encrypted DNS over TLS
+ Configures device to use Canadian Shield Private Encrypted DNS over TLS
PayloadDisplayName
- Canadian Shield DNS over TLS
+ Canadian Shield Private Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.0af0ebba-7a17-52f0-bc99-915fad31fee6
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems
+ Configures device to use Canadian Shield Private over TLS
+Operated by the Canadian Internet Registration Authority (CIRA).
+Server location: 🇨🇦.
+Filtering: no
PayloadDisplayName
- Canadian Shield DNS over TLS
+ Canadian Shield Private Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/canadianshield-protected-https.mobileconfig b/profiles/canadianshield-protected-https.mobileconfig
index ff155f4..fc20658 100644
--- a/profiles/canadianshield-protected-https.mobileconfig
+++ b/profiles/canadianshield-protected-https.mobileconfig
@@ -20,9 +20,9 @@
https://protected.canadianshield.cira.ca/dns-query
PayloadDescription
- Configures device to use Canadian Shield Encrypted DNS over HTTPS
+ Configures device to use Canadian Shield Protected Encrypted DNS over HTTPS
PayloadDisplayName
- Canadian Shield DNS over HTTPS
+ Canadian Shield Protected Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.66f3663e-cbbe-53af-ae6f-78bde855ad79
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems
+ Configures device to use Canadian Shield Protected over HTTPS
+Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing.
+Server location: 🇨🇦.
+Filtering: yes
PayloadDisplayName
- Canadian Shield DNS over HTTPS
+ Canadian Shield Protected Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/canadianshield-protected-tls.mobileconfig b/profiles/canadianshield-protected-tls.mobileconfig
index 451c016..1052340 100644
--- a/profiles/canadianshield-protected-tls.mobileconfig
+++ b/profiles/canadianshield-protected-tls.mobileconfig
@@ -20,9 +20,9 @@
protected.canadianshield.cira.ca
PayloadDescription
- Configures device to use Canadian Shield Encrypted DNS over TLS
+ Configures device to use Canadian Shield Protected Encrypted DNS over TLS
PayloadDisplayName
- Canadian Shield DNS over TLS
+ Canadian Shield Protected Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.3b381320-92e4-5db9-b632-7b5f6f52582b
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems
+ Configures device to use Canadian Shield Protected over TLS
+Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing.
+Server location: 🇨🇦.
+Filtering: yes
PayloadDisplayName
- Canadian Shield DNS over TLS
+ Canadian Shield Protected Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cleanbrowsing-adult-https.mobileconfig b/profiles/cleanbrowsing-adult-https.mobileconfig
index 7010448..c2c49ad 100644
--- a/profiles/cleanbrowsing-adult-https.mobileconfig
+++ b/profiles/cleanbrowsing-adult-https.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over HTTPS
PayloadDisplayName
- Cleanbrowsing Adult Filter DNS over HTTPS
+ Cleanbrowsing Adult Filter Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.11607628-2525-55f8-8f2c-c1d7b68b3ff9
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cleanbrowsing Adult Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cleanbrowsing Adult Filter over HTTPS
+Filters malware & adult content.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cleanbrowsing Adult DNS over HTTPS
+ Cleanbrowsing Adult Filter Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cleanbrowsing-adult-tls.mobileconfig b/profiles/cleanbrowsing-adult-tls.mobileconfig
index 3246cd8..fefb542 100644
--- a/profiles/cleanbrowsing-adult-tls.mobileconfig
+++ b/profiles/cleanbrowsing-adult-tls.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over TLS
PayloadDisplayName
- Cleanbrowsing Adult Filter DNS over TLS
+ Cleanbrowsing Adult Filter Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.121e1333-1810-5b62-aae2-06711e8582a8
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cleanbrowsing Adult Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cleanbrowsing Adult Filter over TLS
+Filters malware & adult content.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cleanbrowsing Adult DNS over TLS
+ Cleanbrowsing Adult Filter Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cleanbrowsing-family-https.mobileconfig b/profiles/cleanbrowsing-family-https.mobileconfig
index 561a6ff..44e66bf 100644
--- a/profiles/cleanbrowsing-family-https.mobileconfig
+++ b/profiles/cleanbrowsing-family-https.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use Cleanbrowsing Family Filter Encrypted DNS over HTTPS
PayloadDisplayName
- Cleanbrowsing Family Filter DNS over HTTPS
+ Cleanbrowsing Family Filter Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.412fd71d-9aea-513e-a745-17475f60376b
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cleanbrowsing Family Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cleanbrowsing Family Filter over HTTPS
+Filters malware & adult, mixed content.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cleanbrowsing Family DNS over HTTPS
+ Cleanbrowsing Family Filter Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cleanbrowsing-family-tls.mobileconfig b/profiles/cleanbrowsing-family-tls.mobileconfig
index b9e44dc..0bf6159 100644
--- a/profiles/cleanbrowsing-family-tls.mobileconfig
+++ b/profiles/cleanbrowsing-family-tls.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use Cleanbrowsing Family Filter Encrypted DNS over TLS
PayloadDisplayName
- Cleanbrowsing Family Filter DNS over TLS
+ Cleanbrowsing Family Filter Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.ae17eab7-deb2-547f-b6a9-03b71df2ea45
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cleanbrowsing Family Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cleanbrowsing Family Filter over TLS
+Filters malware & adult, mixed content.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cleanbrowsing Family DNS over TLS
+ Cleanbrowsing Family Filter Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cleanbrowsing-security-https.mobileconfig b/profiles/cleanbrowsing-security-https.mobileconfig
index 3326166..495dacb 100644
--- a/profiles/cleanbrowsing-security-https.mobileconfig
+++ b/profiles/cleanbrowsing-security-https.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use Cleanbrowsing Security Filter Encrypted DNS over HTTPS
PayloadDisplayName
- Cleanbrowsing Security Filter DNS over HTTPS
+ Cleanbrowsing Security Filter Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.de112623-e567-556a-a5ef-d89ca497ec27
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cleanbrowsing Security Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cleanbrowsing Security Filter over HTTPS
+Filters malware.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cleanbrowsing Security DNS over HTTPS
+ Cleanbrowsing Security Filter Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cleanbrowsing-security-tls.mobileconfig b/profiles/cleanbrowsing-security-tls.mobileconfig
index d8fc360..5aa3daa 100644
--- a/profiles/cleanbrowsing-security-tls.mobileconfig
+++ b/profiles/cleanbrowsing-security-tls.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use Cleanbrowsing Security Filter Encrypted DNS over TLS
PayloadDisplayName
- Cleanbrowsing Security Filter DNS over TLS
+ Cleanbrowsing Security Filter Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.a35a5934-ac4d-576a-9abc-d457e4bb083f
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cleanbrowsing Security Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cleanbrowsing Security Filter over TLS
+Filters malware.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cleanbrowsing Security DNS over TLS
+ Cleanbrowsing Security Filter Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cloudflare-https.mobileconfig b/profiles/cloudflare-default-https.mobileconfig
similarity index 70%
rename from profiles/cloudflare-https.mobileconfig
rename to profiles/cloudflare-default-https.mobileconfig
index 80de124..bbe0345 100644
--- a/profiles/cloudflare-https.mobileconfig
+++ b/profiles/cloudflare-default-https.mobileconfig
@@ -20,15 +20,15 @@
https://cloudflare-dns.com/dns-query
PayloadDescription
- Configures device to use Cloudflare Encrypted DNS over HTTPS
+ Configures device to use Cloudflare 1.1.1.1 Encrypted DNS over HTTPS
PayloadDisplayName
- Cloudflare DNS over HTTPS
+ Cloudflare 1.1.1.1 Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.a622f1ba-d83a-5bf5-94cc-d1efb194c1ad
+ com.apple.dnsSettings.managed.095ae5f2-a34c-5a91-9661-f102d0bf6f22
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- A622F1BA-D83A-5BF5-94CC-D1EFB194C1AD
+ 095AE5F2-A34C-5A91-9661-F102D0BF6F22
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cloudflare DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cloudflare 1.1.1.1 over HTTPS
+Operated by Cloudflare Inc.
+Server location: 🇺🇸.
+Filtering: no
PayloadDisplayName
- Cloudflare DNS over HTTPS
+ Cloudflare 1.1.1.1 Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 4C580C46-17EE-5AD4-9F74-E4456C60B5F3
+ 2035BD92-4191-539D-B6B9-28112A9E44DB
PayloadVersion
1
diff --git a/profiles/cloudflare-tls.mobileconfig b/profiles/cloudflare-default-tls.mobileconfig
similarity index 69%
rename from profiles/cloudflare-tls.mobileconfig
rename to profiles/cloudflare-default-tls.mobileconfig
index b736a24..d82fb53 100644
--- a/profiles/cloudflare-tls.mobileconfig
+++ b/profiles/cloudflare-default-tls.mobileconfig
@@ -20,15 +20,15 @@
one.one.one.one
PayloadDescription
- Configures device to use Cloudflare Encrypted DNS over TLS
+ Configures device to use Cloudflare 1.1.1.1 Encrypted DNS over TLS
PayloadDisplayName
- Cloudflare DNS over TLS
+ Cloudflare 1.1.1.1 Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.c175937c-0992-5986-9710-d62101aa14e2
+ com.apple.dnsSettings.managed.a5c1862e-358b-5ca9-948e-9e99a53551c4
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- C175937C-0992-5986-9710-D62101AA14E2
+ A5C1862E-358B-5CA9-948E-9E99A53551C4
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cloudflare DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cloudflare 1.1.1.1 over TLS
+Operated by Cloudflare Inc.
+Server location: 🇺🇸.
+Filtering: no
PayloadDisplayName
- Cloudflare DNS over TLS
+ Cloudflare 1.1.1.1 Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 39F27C9C-76F9-58A4-BF49-7E74B397C3AD
+ 00EE7325-8FA5-570B-82B5-3D98A33306F7
PayloadVersion
1
diff --git a/profiles/cloudflare-family-https.mobileconfig b/profiles/cloudflare-family-https.mobileconfig
index fb6a62b..222d6cd 100644
--- a/profiles/cloudflare-family-https.mobileconfig
+++ b/profiles/cloudflare-family-https.mobileconfig
@@ -20,9 +20,9 @@
https://family.cloudflare-dns.com/dns-query
PayloadDescription
- Configures device to use Cloudflare Family Encrypted DNS over HTTPS
+ Configures device to use Cloudflare 1.1.1.1 Family Encrypted DNS over HTTPS
PayloadDisplayName
- Cloudflare Family DNS over HTTPS
+ Cloudflare 1.1.1.1 Family Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.a0655c38-5f1b-5fff-81f5-a8db009bd2b6
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cloudflare DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cloudflare 1.1.1.1 Family over HTTPS
+Operated by Cloudflare Inc. Blocks malware, phishing & adult content.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cloudflare Family DNS over HTTPS
+ Cloudflare 1.1.1.1 Family Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/cloudflare-malware-https.mobileconfig b/profiles/cloudflare-malware-https.mobileconfig
index 1f725ca..8b0d7cb 100644
--- a/profiles/cloudflare-malware-https.mobileconfig
+++ b/profiles/cloudflare-malware-https.mobileconfig
@@ -20,9 +20,9 @@
https://security.cloudflare-dns.com/dns-query
PayloadDescription
- Configures device to use Cloudflare no Malware Encrypted DNS over HTTPS
+ Configures device to use Cloudflare 1.1.1.1 Security Encrypted DNS over HTTPS
PayloadDisplayName
- Cloudflare no Malware DNS over HTTPS
+ Cloudflare 1.1.1.1 Security Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.e82f3188-9d25-5418-b532-005fc733395d
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Cloudflare no Malware DNS to Big Sur and iOS 14 based systems
+ Configures device to use Cloudflare 1.1.1.1 Security over HTTPS
+Operated by Cloudflare Inc. Blocks malware & phishing.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Cloudflare no Malware DNS over HTTPS
+ Cloudflare 1.1.1.1 Security Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/dns4eu-https.mobileconfig b/profiles/dns4eu-default-https.mobileconfig
similarity index 78%
rename from profiles/dns4eu-https.mobileconfig
rename to profiles/dns4eu-default-https.mobileconfig
index 47998c6..0d2db1e 100644
--- a/profiles/dns4eu-https.mobileconfig
+++ b/profiles/dns4eu-default-https.mobileconfig
@@ -22,13 +22,13 @@
PayloadDescription
Configures device to use DNS4EU Encrypted DNS over HTTPS
PayloadDisplayName
- DNS4EU DNS over HTTPS
+ DNS4EU Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.396fd0be-2549-58f2-9d0f-985a83d45a6d
+ com.apple.dnsSettings.managed.8f35bc77-18dd-5233-a8ee-fbc3fd0b76e0
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 396FD0BE-2549-58F2-9D0F-985A83D45A6D
+ 8F35BC77-18DD-5233-A8EE-FBC3FD0B76E0
PayloadVersion
1
ProhibitDisablement
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU over HTTPS
+Operated by a consortium lead by Whalebone.
+Server location: 🇨🇿.
+Filtering: no
PayloadDisplayName
DNS4EU Encrypted DNS over HTTPS
PayloadIdentifier
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 95A242BB-7152-5CDD-8A90-B74649CDF200
+ 5A30346F-9BFF-55B3-93E8-7623B9089F52
PayloadVersion
1
diff --git a/profiles/dns4eu-tls.mobileconfig b/profiles/dns4eu-default-tls.mobileconfig
similarity index 74%
rename from profiles/dns4eu-tls.mobileconfig
rename to profiles/dns4eu-default-tls.mobileconfig
index 1d433ef..1ecc84d 100644
--- a/profiles/dns4eu-tls.mobileconfig
+++ b/profiles/dns4eu-default-tls.mobileconfig
@@ -20,15 +20,15 @@
unfiltered.joindns4.eu
PayloadDescription
- Configures device to use DNS4EU Encrypted DNS over HTTPS
+ Configures device to use DNS4EU Encrypted DNS over TLS
PayloadDisplayName
- DNS4EU DNS over TLS
+ DNS4EU Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.c95cadb2-d735-5267-a164-0e091c0ea6a8
+ com.apple.dnsSettings.managed.1b655f2b-5fd9-5c82-92eb-defef98cbd17
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- C95CADB2-D735-5267-A164-0E091C0EA6A8
+ 1B655F2B-5FD9-5C82-92EB-DEFEF98CBD17
PayloadVersion
1
ProhibitDisablement
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU over TLS
+Operated by a consortium lead by Whalebone.
+Server location: 🇨🇿.
+Filtering: no
PayloadDisplayName
DNS4EU Encrypted DNS over TLS
PayloadIdentifier
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 8F3A0C0C-69E0-5023-BF3C-A59666D19730
+ 49FE26A9-C6EE-51AB-9380-C98AECD3FE27
PayloadVersion
1
diff --git a/profiles/dns4eu-malware-https.mobileconfig b/profiles/dns4eu-malware-https.mobileconfig
index fc22e0c..f92df32 100644
--- a/profiles/dns4eu-malware-https.mobileconfig
+++ b/profiles/dns4eu-malware-https.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use DNS4EU Protective Encrypted DNS over HTTPS
PayloadDisplayName
- DNS4EU Protective DNS over HTTPS
+ DNS4EU Protective Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.2baa4a86-3f38-5158-abca-f153366d84e4
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective over HTTPS
+Operated by a consortium lead by Whalebone. Blocks Malware.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective Encrypted DNS over HTTPS
PayloadIdentifier
diff --git a/profiles/dns4eu-malware-tls.mobileconfig b/profiles/dns4eu-malware-tls.mobileconfig
index ef0ba1b..9ee16d4 100644
--- a/profiles/dns4eu-malware-tls.mobileconfig
+++ b/profiles/dns4eu-malware-tls.mobileconfig
@@ -20,9 +20,9 @@
protective.joindns4.eu
PayloadDescription
- Configures device to use DNS4EU Protective Encrypted DNS over HTTPS
+ Configures device to use DNS4EU Protective Encrypted DNS over TLS
PayloadDisplayName
- DNS4EU Protective DNS over TLS
+ DNS4EU Protective Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.2337132d-17ea-5aa9-8322-5fe5c305d930
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective over TLS
+Operated by a consortium lead by Whalebone. Blocks Malware.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective Encrypted DNS over TLS
PayloadIdentifier
diff --git a/profiles/dns4eu-protective-ads-https.mobileconfig b/profiles/dns4eu-protective-ads-https.mobileconfig
index 2e0441d..1cede54 100644
--- a/profiles/dns4eu-protective-ads-https.mobileconfig
+++ b/profiles/dns4eu-protective-ads-https.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS
PayloadDisplayName
- DNS4EU Protective ad-blocking DNS over HTTPS
+ DNS4EU Protective ad-blocking Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.468a13d5-803a-56dd-acf2-293ed817ef9a
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective ad-blocking DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective ad-blocking over HTTPS
+Operated by a consortium lead by Whalebone. Blocks Malware and Ads.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective ad-blocking Encrypted DNS over HTTPS
PayloadIdentifier
diff --git a/profiles/dns4eu-protective-ads-tls.mobileconfig b/profiles/dns4eu-protective-ads-tls.mobileconfig
index 660f70c..2633555 100644
--- a/profiles/dns4eu-protective-ads-tls.mobileconfig
+++ b/profiles/dns4eu-protective-ads-tls.mobileconfig
@@ -20,9 +20,9 @@
noads.joindns4.eu
PayloadDescription
- Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS
+ Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over TLS
PayloadDisplayName
- DNS4EU Protective ad-blocking DNS over TLS
+ DNS4EU Protective ad-blocking Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.bef794eb-fb3f-5f69-8727-926f4ed9c07a
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective ad-blocking DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective ad-blocking over TLS
+Operated by a consortium lead by Whalebone. Blocks Malware and Ads.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective ad-blocking Encrypted DNS over TLS
PayloadIdentifier
diff --git a/profiles/dns4eu-protective-child-ads-https.mobileconfig b/profiles/dns4eu-protective-child-ads-https.mobileconfig
index 2b60f45..ca12a69 100644
--- a/profiles/dns4eu-protective-child-ads-https.mobileconfig
+++ b/profiles/dns4eu-protective-child-ads-https.mobileconfig
@@ -20,9 +20,9 @@
https://child-noads.joindns4.eu/dns-query
PayloadDescription
- Configures device to use DNS4EU Protective with child protection & ad-blocking DNS over HTTPS
+ Configures device to use DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS
PayloadDisplayName
- DNS4EU Protective with child protection & ad-blocking DNS over HTTPS
+ DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.f4a5e1c6-d82e-5000-a7bb-678a20116896
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective with child protection & ad-blocking DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective with child protection & ad-blocking over HTTPS
+Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS
PayloadIdentifier
diff --git a/profiles/dns4eu-protective-child-ads-tls.mobileconfig b/profiles/dns4eu-protective-child-ads-tls.mobileconfig
index 7df8a74..1d21f79 100644
--- a/profiles/dns4eu-protective-child-ads-tls.mobileconfig
+++ b/profiles/dns4eu-protective-child-ads-tls.mobileconfig
@@ -20,9 +20,9 @@
child-noads.joindns4.eu
PayloadDescription
- Configures device to use DNS4EU Protective with child protection & ad-blocking DNS over TLS
+ Configures device to use DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS
PayloadDisplayName
- DNS4EU Protective with child protection & ad-blocking DNS over TLS
+ DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.8455f0bd-16e3-5d43-9a57-8e83e22499c1
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective with child protection & ad-blocking DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective with child protection & ad-blocking over TLS
+Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS
PayloadIdentifier
diff --git a/profiles/dns4eu-protective-child-https.mobileconfig b/profiles/dns4eu-protective-child-https.mobileconfig
index 83bfe0c..7d856d9 100644
--- a/profiles/dns4eu-protective-child-https.mobileconfig
+++ b/profiles/dns4eu-protective-child-https.mobileconfig
@@ -22,7 +22,7 @@
PayloadDescription
Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS
PayloadDisplayName
- DNS4EU Protective with child protection DNS over HTTPS
+ DNS4EU Protective with child protection Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.a4b449c5-9ca9-58d0-b156-1cb329b9180e
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective with child protection DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective with child protection over HTTPS
+Operated by a consortium lead by Whalebone. Blocks malware and explicit content.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective with child protection Encrypted DNS over HTTPS
PayloadIdentifier
diff --git a/profiles/dns4eu-protective-child-tls.mobileconfig b/profiles/dns4eu-protective-child-tls.mobileconfig
index 9ebcf36..43028f5 100644
--- a/profiles/dns4eu-protective-child-tls.mobileconfig
+++ b/profiles/dns4eu-protective-child-tls.mobileconfig
@@ -20,9 +20,9 @@
child.joindns4.eu
PayloadDescription
- Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS
+ Configures device to use DNS4EU Protective with child protection Encrypted DNS over TLS
PayloadDisplayName
- DNS4EU Protective with child protection DNS over TLS
+ DNS4EU Protective with child protection Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.27f84837-064b-5f9d-abd5-10b69f7c63d5
PayloadType
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the DNS4EU Protective with child protection DNS to Big Sur and iOS 14 based systems
+ Configures device to use DNS4EU Protective with child protection over TLS
+Operated by a consortium lead by Whalebone. Blocks malware and explicit content.
+Server location: 🇨🇿.
+Filtering: yes
PayloadDisplayName
DNS4EU Protective with child protection Encrypted DNS over TLS
PayloadIdentifier
diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-default-https.mobileconfig
similarity index 67%
rename from profiles/dnspod-https.mobileconfig
rename to profiles/dnspod-default-https.mobileconfig
index 66dc576..3e2fcbb 100644
--- a/profiles/dnspod-https.mobileconfig
+++ b/profiles/dnspod-default-https.mobileconfig
@@ -18,15 +18,15 @@
https://doh.pub/dns-query
PayloadDescription
- Configures device to use DNSPod Encrypted DNS over HTTPS
+ Configures device to use DNSPod Public DNS Encrypted DNS over HTTPS
PayloadDisplayName
- DNSPod over HTTPS
+ DNSPod Public DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.4a92b66e-27f0-52cc-97fe-7f275afb211e
+ com.apple.dnsSettings.managed.1d985f7e-00d8-5690-a941-dc8b11b70ffe
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 4A92B66E-27F0-52CC-97FE-7F275AFB211E
+ 1D985F7E-00D8-5690-A941-DC8B11B70FFE
PayloadVersion
1
ProhibitDisablement
@@ -34,9 +34,12 @@
PayloadDescription
- Adds the DNSPod to Big Sur and iOS 14 based systems
+ Configures device to use DNSPod Public DNS over HTTPS
+Operated by DNSPod Inc., a Tencent Cloud Company.
+Server location: 🇨🇳.
+Filtering: no
PayloadDisplayName
- DNSPod over HTTPS
+ DNSPod Public DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -46,7 +49,7 @@
PayloadType
Configuration
PayloadUUID
- 20FA0DC1-8E44-56BA-8973-7433CDF62E7F
+ 41267ACC-F253-579C-8F01-9B93DACBCA25
PayloadVersion
1
diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-default-tls.mobileconfig
similarity index 67%
rename from profiles/dnspod-tls.mobileconfig
rename to profiles/dnspod-default-tls.mobileconfig
index 0b8c2f5..49582fa 100644
--- a/profiles/dnspod-tls.mobileconfig
+++ b/profiles/dnspod-default-tls.mobileconfig
@@ -18,15 +18,15 @@
dot.pub
PayloadDescription
- Configures device to use DNSPod Encrypted DNS over TLS
+ Configures device to use DNSPod Public DNS Encrypted DNS over TLS
PayloadDisplayName
- DNSPod over TLS
+ DNSPod Public DNS Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.9ed9e9c2-8d89-5392-88ed-f87b311b8fe6
+ com.apple.dnsSettings.managed.64ecbaaa-b2da-542e-8d8b-9f2cbd1037ed
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 9ED9E9C2-8D89-5392-88ED-F87B311B8FE6
+ 64ECBAAA-B2DA-542E-8D8B-9F2CBD1037ED
PayloadVersion
1
ProhibitDisablement
@@ -34,9 +34,12 @@
PayloadDescription
- Adds the DNSPod to Big Sur and iOS 14 based systems
+ Configures device to use DNSPod Public DNS over TLS
+Operated by DNSPod Inc., a Tencent Cloud Company.
+Server location: 🇨🇳.
+Filtering: no
PayloadDisplayName
- DNSPod over TLS
+ DNSPod Public DNS Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -46,7 +49,7 @@
PayloadType
Configuration
PayloadUUID
- 511E6BB6-E99D-5045-A281-E8390F9C188C
+ 430A7431-572F-5FA3-B347-FE77E300234D
PayloadVersion
1
diff --git a/profiles/fdn-https.mobileconfig b/profiles/fdn-default-https.mobileconfig
similarity index 74%
rename from profiles/fdn-https.mobileconfig
rename to profiles/fdn-default-https.mobileconfig
index 581ad39..e9f7419 100644
--- a/profiles/fdn-https.mobileconfig
+++ b/profiles/fdn-default-https.mobileconfig
@@ -20,15 +20,15 @@
https://ns0.fdn.fr/dns-query
PayloadDescription
- Configures device to use Google Encrypted DNS over HTTPS
+ Configures device to use FDN Encrypted DNS over HTTPS
PayloadDisplayName
- FDN DNS over HTTPS
+ FDN Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.53520e35-5994-52bb-aa82-bde0a6061ec9
+ com.apple.dnsSettings.managed.c56afe2b-9a39-5a08-968f-c6c5e3c9c1c1
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 53520E35-5994-52BB-AA82-BDE0A6061EC9
+ C56AFE2B-9A39-5A08-968F-C6C5E3C9C1C1
PayloadVersion
1
ProhibitDisablement
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the FDN DNS to Big Sur and iOS 14 based systems
+ Configures device to use FDN over HTTPS
+Operated by French Data Network.
+Server location: 🇫🇷.
+Filtering: no
PayloadDisplayName
FDN Encrypted DNS over HTTPS
PayloadIdentifier
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 426D33EA-3B8B-5E59-AB91-56CF5EC6AFCC
+ C87A5BE8-354A-557F-9C9D-2871E280F815
PayloadVersion
1
diff --git a/profiles/fdn-tls.mobileconfig b/profiles/fdn-default-tls.mobileconfig
similarity index 78%
rename from profiles/fdn-tls.mobileconfig
rename to profiles/fdn-default-tls.mobileconfig
index aa04adc..ce4dd06 100644
--- a/profiles/fdn-tls.mobileconfig
+++ b/profiles/fdn-default-tls.mobileconfig
@@ -22,13 +22,13 @@
PayloadDescription
Configures device to use FDN Encrypted DNS over TLS
PayloadDisplayName
- FDN DNS over TLS
+ FDN Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.2e1f5a96-94ab-5c5b-a178-59cba96e7e73
+ com.apple.dnsSettings.managed.c974694b-5b7f-5e35-b092-f237c2856ded
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 2E1F5A96-94AB-5C5B-A178-59CBA96E7E73
+ C974694B-5B7F-5E35-B092-F237C2856DED
PayloadVersion
1
ProhibitDisablement
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the FDN DNS to Big Sur and iOS 14 based systems
+ Configures device to use FDN over TLS
+Operated by French Data Network.
+Server location: 🇫🇷.
+Filtering: no
PayloadDisplayName
FDN Encrypted DNS over TLS
PayloadIdentifier
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 2F91C89C-F9B4-5C96-9380-2FB9454444AA
+ EB3A703B-71BE-5734-A9B0-1405042917C8
PayloadVersion
1
diff --git a/profiles/ffmucdns-https.mobileconfig b/profiles/ffmuc-dns-default-https.mobileconfig
similarity index 74%
rename from profiles/ffmucdns-https.mobileconfig
rename to profiles/ffmuc-dns-default-https.mobileconfig
index f08b769..393e819 100644
--- a/profiles/ffmucdns-https.mobileconfig
+++ b/profiles/ffmuc-dns-default-https.mobileconfig
@@ -22,13 +22,13 @@
PayloadDescription
Configures device to use FFMUC-DNS Encrypted DNS over HTTPS
PayloadDisplayName
- FFMUC DNS over HTTPS
+ FFMUC-DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.dc5e0bbf-e009-5221-8a2e-7249e53ade1f
+ com.apple.dnsSettings.managed.2297046a-c2cc-5c3e-ab2d-08cfe5880f70
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- DC5E0BBF-E009-5221-8A2E-7249E53ADE1F
+ 2297046A-C2CC-5C3E-AB2D-08CFE5880F70
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the FFMUC DNS to Big Sur and iOS 14 based systems
+ Configures device to use FFMUC-DNS over HTTPS
+FFMUC free DNS servers provided by Freifunk München.
+Server location: 🇩🇪.
+Filtering: no
PayloadDisplayName
- FFMUC Encrypted DNS over HTTPS
+ FFMUC-DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 0072E80B-F435-534F-B6FA-7C7C9423B9FB
+ 791C654F-0336-563C-BE97-3E54C004FA8B
PayloadVersion
1
diff --git a/profiles/ffmucdns-tls.mobileconfig b/profiles/ffmuc-dns-default-tls.mobileconfig
similarity index 74%
rename from profiles/ffmucdns-tls.mobileconfig
rename to profiles/ffmuc-dns-default-tls.mobileconfig
index 0eede85..2b90ca3 100644
--- a/profiles/ffmucdns-tls.mobileconfig
+++ b/profiles/ffmuc-dns-default-tls.mobileconfig
@@ -22,13 +22,13 @@
PayloadDescription
Configures device to use FFMUC-DNS Encrypted DNS over TLS
PayloadDisplayName
- FFMUC DNS over TLS
+ FFMUC-DNS Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.01675f29-6ce8-5f58-8c4b-fbdda91c8652
+ com.apple.dnsSettings.managed.40b7c673-8dbb-50f8-8fe5-c9b06762e0c9
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 01675F29-6CE8-5F58-8C4B-FBDDA91C8652
+ 40B7C673-8DBB-50F8-8FE5-C9B06762E0C9
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the FFMUC DNS to Big Sur and iOS 14 based systems
+ Configures device to use FFMUC-DNS over TLS
+FFMUC free DNS servers provided by Freifunk München.
+Server location: 🇩🇪.
+Filtering: no
PayloadDisplayName
- FFMUC Encrypted DNS over TLS
+ FFMUC-DNS Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 4AB17AF6-FF17-58EF-B57F-1AED92A8E26A
+ 8C251397-46B4-5F6E-ACB7-532C953B8993
PayloadVersion
1
diff --git a/profiles/google-https.mobileconfig b/profiles/google-default-https.mobileconfig
similarity index 70%
rename from profiles/google-https.mobileconfig
rename to profiles/google-default-https.mobileconfig
index 64bf5b1..5f69bfe 100644
--- a/profiles/google-https.mobileconfig
+++ b/profiles/google-default-https.mobileconfig
@@ -20,15 +20,15 @@
https://dns.google/dns-query
PayloadDescription
- Configures device to use Google Encrypted DNS over HTTPS
+ Configures device to use Google Public DNS Encrypted DNS over HTTPS
PayloadDisplayName
- Google DNS over HTTPS
+ Google Public DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.317a5cde-06e0-52b8-b0d9-de462fa44247
+ com.apple.dnsSettings.managed.156aa2ac-211a-5c74-be98-9a6d91a4744b
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 317A5CDE-06E0-52B8-B0D9-DE462FA44247
+ 156AA2AC-211A-5C74-BE98-9A6D91A4744B
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Google DNS to Big Sur and iOS 14 based systems
+ Configures device to use Google Public DNS over HTTPS
+Operated by Google LLC.
+Server location: 🇺🇸.
+Filtering: no
PayloadDisplayName
- Google Encrypted DNS over HTTPS
+ Google Public DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- D3AE1D44-EB42-5B10-B721-15D6A0354A9A
+ 79FF6A43-D453-5B8A-B0CB-F9475AC50A56
PayloadVersion
1
diff --git a/profiles/google-tls.mobileconfig b/profiles/google-default-tls.mobileconfig
similarity index 70%
rename from profiles/google-tls.mobileconfig
rename to profiles/google-default-tls.mobileconfig
index 1d0c3e9..ed06245 100644
--- a/profiles/google-tls.mobileconfig
+++ b/profiles/google-default-tls.mobileconfig
@@ -20,15 +20,15 @@
dns.google
PayloadDescription
- Configures device to use Google Encrypted DNS over TLS
+ Configures device to use Google Public DNS Encrypted DNS over TLS
PayloadDisplayName
- Google DNS over TLS
+ Google Public DNS Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.43e491d5-b019-5356-bc82-e8b2e1c89871
+ com.apple.dnsSettings.managed.d984244b-7644-5b5e-b254-af8e59f6c09c
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 43E491D5-B019-5356-BC82-E8B2E1C89871
+ D984244B-7644-5B5E-B254-AF8E59F6C09C
PayloadVersion
1
ProhibitDisablement
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Google DNS to Big Sur and iOS 14 based systems
+ Configures device to use Google Public DNS over TLS
+Operated by Google LLC.
+Server location: 🇺🇸.
+Filtering: no
PayloadDisplayName
- Google Encrypted DNS over TLS
+ Google Public DNS Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 958F3451-3B7E-5D58-8ECA-6CD67C493117
+ 022447CE-3B19-59A8-B11E-D4DEFB9DFBC1
PayloadVersion
1
diff --git a/profiles/keweondns-https.mobileconfig b/profiles/keweondns-default-https.mobileconfig
similarity index 66%
rename from profiles/keweondns-https.mobileconfig
rename to profiles/keweondns-default-https.mobileconfig
index 94909a9..24c8b7b 100644
--- a/profiles/keweondns-https.mobileconfig
+++ b/profiles/keweondns-default-https.mobileconfig
@@ -13,15 +13,15 @@
https://dns.keweon.center/dns-query
PayloadDescription
- Configures device to use keweonDNS physical DNS Server to encrypt DNS over HTTPS
+ Configures device to use keweonDNS Encrypted DNS over HTTPS
PayloadDisplayName
- keweonDNS (DoH)
+ keweonDNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.d9980b2f-f260-5bda-b033-800567c1476a
+ com.apple.dnsSettings.managed.23b46469-4d5e-547d-9847-89e17050d05d
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- D9980B2F-F260-5BDA-B033-800567C1476A
+ 23B46469-4D5E-547D-9847-89E17050D05D
PayloadVersion
1
ProhibitDisablement
@@ -29,9 +29,12 @@
PayloadDescription
- Adds keweonDNS encrypted DNS configurations to Apple based systems
+ Configures device to use keweonDNS over HTTPS
+Operated by Aviontex. Blocks ads & tracking.
+Server location: 🇩🇪.
+Filtering: no
PayloadDisplayName
- keweonDNS (DoH)
+ keweonDNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -41,7 +44,7 @@
PayloadType
Configuration
PayloadUUID
- 19232C4C-ABA0-5B57-AC25-8C2494698028
+ 8851DBB0-04A8-5551-A542-3B9D3D809895
PayloadVersion
1
diff --git a/profiles/keweondns-tls.mobileconfig b/profiles/keweondns-default-tls.mobileconfig
similarity index 66%
rename from profiles/keweondns-tls.mobileconfig
rename to profiles/keweondns-default-tls.mobileconfig
index 8a253fa..1fc4ada 100644
--- a/profiles/keweondns-tls.mobileconfig
+++ b/profiles/keweondns-default-tls.mobileconfig
@@ -13,15 +13,15 @@
dns.keweon.center
PayloadDescription
- Configures device to use keweonDNS physical DNS Server to encrypt DNS over TLS
+ Configures device to use keweonDNS Encrypted DNS over TLS
PayloadDisplayName
- keweonDNS (DoT)
+ keweonDNS Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.e3e6d9a3-8f9f-5bae-b22c-4288be42e6b1
+ com.apple.dnsSettings.managed.751ad467-aa85-53df-b68d-5dc1f8c7624a
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- E3E6D9A3-8F9F-5BAE-B22C-4288BE42E6B1
+ 751AD467-AA85-53DF-B68D-5DC1F8C7624A
PayloadVersion
1
ProhibitDisablement
@@ -29,9 +29,12 @@
PayloadDescription
- Adds keweonDNS encrypted DNS configurations to Apple based systems
+ Configures device to use keweonDNS over TLS
+Operated by Aviontex. Blocks ads & tracking.
+Server location: 🇩🇪.
+Filtering: no
PayloadDisplayName
- keweonDNS (DoT)
+ keweonDNS Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -41,7 +44,7 @@
PayloadType
Configuration
PayloadUUID
- B6B082E8-E78E-5F49-8AFB-390B51717105
+ 054FC0B7-2EBC-5369-AB12-DEBF5D29F9FD
PayloadVersion
1
diff --git a/profiles/mullvad-adblock-https.mobileconfig b/profiles/mullvad-adblock-https.mobileconfig
index b01d1e0..9d06e71 100644
--- a/profiles/mullvad-adblock-https.mobileconfig
+++ b/profiles/mullvad-adblock-https.mobileconfig
@@ -18,9 +18,9 @@
https://adblock.doh.mullvad.net/dns-query
PayloadDescription
- Configures device to use Mullvad DNS over HTTPS
+ Configures device to use Mullvad DNS Adblock Encrypted DNS over HTTPS
PayloadDisplayName
- Mullvad DNS over HTTPS
+ Mullvad DNS Adblock Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.aa51aa88-e16a-50c0-9b0b-4a5c1f4af720
PayloadType
@@ -34,9 +34,12 @@
PayloadDescription
- Adds the Mullvad DNS with ad blocking to Big Sur and iOS 14 based systems
+ Configures device to use Mullvad DNS Adblock over HTTPS
+Operated by Mullvad VPN AB. Blocks ads & tracking.
+Server location: 🇸🇪.
+Filtering: yes
PayloadDisplayName
- Mullvad DNS over HTTPS
+ Mullvad DNS Adblock Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/mullvad-https.mobileconfig b/profiles/mullvad-default-https.mobileconfig
similarity index 69%
rename from profiles/mullvad-https.mobileconfig
rename to profiles/mullvad-default-https.mobileconfig
index 5c6d872..143fc4e 100644
--- a/profiles/mullvad-https.mobileconfig
+++ b/profiles/mullvad-default-https.mobileconfig
@@ -18,15 +18,15 @@
https://doh.mullvad.net/dns-query
PayloadDescription
- Configures device to use Mullvad DNS over HTTPS
+ Configures device to use Mullvad DNS Encrypted DNS over HTTPS
PayloadDisplayName
- Mullvad DNS over HTTPS
+ Mullvad DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.5e97cf64-16b7-58ac-8a9f-e70b7b1ed1d4
+ com.apple.dnsSettings.managed.5392613a-ac78-594d-a43b-d396f54f59fd
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 5E97CF64-16B7-58AC-8A9F-E70B7B1ED1D4
+ 5392613A-AC78-594D-A43B-D396F54F59FD
PayloadVersion
1
ProhibitDisablement
@@ -34,9 +34,12 @@
PayloadDescription
- Adds the Mullvad DNS to Big Sur and iOS 14 based systems
+ Configures device to use Mullvad DNS over HTTPS
+Operated by Mullvad VPN AB.
+Server location: 🇸🇪.
+Filtering: yes
PayloadDisplayName
- Mullvad DNS over HTTPS
+ Mullvad DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -46,7 +49,7 @@
PayloadType
Configuration
PayloadUUID
- 4F6048D0-45F2-55B2-AF08-D09094960B41
+ 9EE643A7-BCF2-50B2-A03E-7437589CB25E
PayloadVersion
1
diff --git a/profiles/opendns-https.mobileconfig b/profiles/opendns-default-https.mobileconfig
similarity index 66%
rename from profiles/opendns-https.mobileconfig
rename to profiles/opendns-default-https.mobileconfig
index 57a16ae..3abd25e 100644
--- a/profiles/opendns-https.mobileconfig
+++ b/profiles/opendns-default-https.mobileconfig
@@ -13,15 +13,15 @@
https://doh.opendns.com/dns-query
PayloadDescription
- Configures device to use OpenDNS Encrypted DNS over HTTPS
+ Configures device to use OpenDNS Standard Encrypted DNS over HTTPS
PayloadDisplayName
- OpenDNS DNS over HTTPS Standard
+ OpenDNS Standard Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.45ba4fc6-566b-5e50-b483-46b97b96597a
+ com.apple.dnsSettings.managed.a3d586de-f243-5813-8f3e-fafa8e48b05d
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 45BA4FC6-566B-5E50-B483-46B97B96597A
+ A3D586DE-F243-5813-8F3E-FAFA8E48B05D
PayloadVersion
1
ProhibitDisablement
@@ -29,9 +29,12 @@
PayloadDescription
- Adds the OpenDNS Encrypted DNS to Big Sur and iOS 14 based systems
+ Configures device to use OpenDNS Standard over HTTPS
+Operated by Cisco OpenDNS LLC.
+Server location: 🇺🇸.
+Filtering: no
PayloadDisplayName
- OpenDNS Encrypted DNS
+ OpenDNS Standard Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -41,7 +44,7 @@
PayloadType
Configuration
PayloadUUID
- 38CDCB26-893D-50A7-8E36-EE7E02CC0682
+ E939E0A6-C1E4-5734-912C-5A213C1C5A78
PayloadVersion
1
diff --git a/profiles/opendns-family-https.mobileconfig b/profiles/opendns-family-https.mobileconfig
index 6fb60c6..5905980 100644
--- a/profiles/opendns-family-https.mobileconfig
+++ b/profiles/opendns-family-https.mobileconfig
@@ -13,9 +13,9 @@
https://doh.familyshield.opendns.com/dns-query
PayloadDescription
- Configures device to use OpenDNS Encrypted DNS over HTTPS
+ Configures device to use OpenDNS FamilyShield Encrypted DNS over HTTPS
PayloadDisplayName
- OpenDNS DNS over HTTPS Standard
+ OpenDNS FamilyShield Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.1a8cc509-020c-5f6a-830d-7a85f82d66e5
PayloadType
@@ -29,9 +29,12 @@
PayloadDescription
- Adds the OpenDNS Encrypted DNS Family Shield to Big Sur and iOS 14 based systems
+ Configures device to use OpenDNS FamilyShield over HTTPS
+Operated by Cisco OpenDNS LLC. Blocks malware & adult content.
+Server location: 🇺🇸.
+Filtering: yes
PayloadDisplayName
- OpenDNS Encrypted DNS Family Shield
+ OpenDNS FamilyShield Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/quad9-ECS-https.mobileconfig b/profiles/quad9-ECS-https.mobileconfig
index e31a989..464f282 100644
--- a/profiles/quad9-ECS-https.mobileconfig
+++ b/profiles/quad9-ECS-https.mobileconfig
@@ -20,9 +20,9 @@
https://dns11.quad9.net/dns-query
PayloadDescription
- Configures device to use Quad9 Encrypted DNS over HTTPS with ECS
+ Configures device to use Quad9 w/ ECS Encrypted DNS over HTTPS
PayloadDisplayName
- Quad9 DNS over HTTPS with ECS
+ Quad9 w/ ECS Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.be15a83d-45e7-56c2-af36-23c6c8c72198
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems
+ Configures device to use Quad9 w/ ECS over HTTPS
+Operated by Quad9 Foundation. Supports ECS. Blocks malware.
+Server location: 🇨🇭.
+Filtering: yes
PayloadDisplayName
- Quad9 with ECS Encrypted DNS over HTTPS
+ Quad9 w/ ECS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/quad9-ECS-tls.mobileconfig b/profiles/quad9-ECS-tls.mobileconfig
index cb9c445..f384ac4 100644
--- a/profiles/quad9-ECS-tls.mobileconfig
+++ b/profiles/quad9-ECS-tls.mobileconfig
@@ -20,9 +20,9 @@
dns11.quad9.net
PayloadDescription
- Configures device to use Quad9 with ECS Encrypted DNS over HTTPS
+ Configures device to use Quad9 w/ ECS Encrypted DNS over TLS
PayloadDisplayName
- Quad9 DNS over TLS with ECS
+ Quad9 w/ ECS Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.97a5f054-ede5-5ed7-aa4b-d71c34d3d690
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems
+ Configures device to use Quad9 w/ ECS over TLS
+Operated by Quad9 Foundation. Supports ECS. Blocks malware.
+Server location: 🇨🇭.
+Filtering: yes
PayloadDisplayName
- Quad9 with ECS Encrypted DNS over TLS
+ Quad9 w/ ECS Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/quad9-https.mobileconfig b/profiles/quad9-default-https.mobileconfig
similarity index 77%
rename from profiles/quad9-https.mobileconfig
rename to profiles/quad9-default-https.mobileconfig
index 3b19af0..1eaa949 100644
--- a/profiles/quad9-https.mobileconfig
+++ b/profiles/quad9-default-https.mobileconfig
@@ -22,13 +22,13 @@
PayloadDescription
Configures device to use Quad9 Encrypted DNS over HTTPS
PayloadDisplayName
- Quad9 DNS over HTTPS
+ Quad9 Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.f8a674b2-5c62-5f7e-aa75-56af6005d526
+ com.apple.dnsSettings.managed.44379267-355e-54e5-acc1-cbebdf529036
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- F8A674B2-5C62-5F7E-AA75-56AF6005D526
+ 44379267-355E-54E5-ACC1-CBEBDF529036
PayloadVersion
1
ProhibitDisablement
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the Quad9 DNS to Big Sur and iOS 14 based systems
+ Configures device to use Quad9 over HTTPS
+Operated by Quad9 Foundation. Blocks malware.
+Server location: 🇨🇭.
+Filtering: yes
PayloadDisplayName
Quad9 Encrypted DNS over HTTPS
PayloadIdentifier
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- C26A7C0E-10F6-542D-AB88-2D3B6FC27C1C
+ 8FE3092A-B80F-5352-A2A8-0CA9EC8A7E46
PayloadVersion
1
diff --git a/profiles/quad9-tls.mobileconfig b/profiles/quad9-default-tls.mobileconfig
similarity index 73%
rename from profiles/quad9-tls.mobileconfig
rename to profiles/quad9-default-tls.mobileconfig
index c11941d..065221d 100644
--- a/profiles/quad9-tls.mobileconfig
+++ b/profiles/quad9-default-tls.mobileconfig
@@ -20,15 +20,15 @@
dns.quad9.net
PayloadDescription
- Configures device to use Quad9 Encrypted DNS over HTTPS
+ Configures device to use Quad9 Encrypted DNS over TLS
PayloadDisplayName
- Quad9 DNS over TLS
+ Quad9 Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.d542f87a-d392-5401-867c-f25f81311318
+ com.apple.dnsSettings.managed.2ec591fd-e155-5119-a2d7-036cde99d0a3
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- D542F87A-D392-5401-867C-F25F81311318
+ 2EC591FD-E155-5119-A2D7-036CDE99D0A3
PayloadVersion
1
ProhibitDisablement
@@ -36,7 +36,10 @@
PayloadDescription
- Adds the Quad9 DNS to Big Sur and iOS 14 based systems
+ Configures device to use Quad9 over TLS
+Operated by Quad9 Foundation. Blocks malware.
+Server location: 🇨🇭.
+Filtering: yes
PayloadDisplayName
Quad9 Encrypted DNS over TLS
PayloadIdentifier
@@ -48,7 +51,7 @@
PayloadType
Configuration
PayloadUUID
- 6D3671D0-DDDE-52A7-B1DE-5818251E5766
+ AD038BB9-1330-527A-82BF-0F9F7FD709C5
PayloadVersion
1
diff --git a/profiles/quad9-nofilter-https.mobileconfig b/profiles/quad9-nofilter-https.mobileconfig
index 2c5a69c..7292965 100644
--- a/profiles/quad9-nofilter-https.mobileconfig
+++ b/profiles/quad9-nofilter-https.mobileconfig
@@ -20,9 +20,9 @@
https://dns10.quad9.net/dns-query
PayloadDescription
- Configures device to use Quad9 No Filter Encrypted DNS over HTTPS
+ Configures device to use Quad9 Unfiltered Encrypted DNS over HTTPS
PayloadDisplayName
- Quad9 No Filter DNS over HTTPS
+ Quad9 Unfiltered Encrypted DNS over HTTPS
PayloadIdentifier
com.apple.dnsSettings.managed.4764962f-5e78-514d-ad2c-dc8acd3b27f3
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Quad9 No Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Quad9 Unfiltered over HTTPS
+Operated by Quad9 Foundation.
+Server location: 🇨🇭.
+Filtering: no
PayloadDisplayName
- Quad9 No Filter Encrypted DNS over HTTPS
+ Quad9 Unfiltered Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/quad9-nofilter-tls.mobileconfig b/profiles/quad9-nofilter-tls.mobileconfig
index b1b76fd..539b124 100644
--- a/profiles/quad9-nofilter-tls.mobileconfig
+++ b/profiles/quad9-nofilter-tls.mobileconfig
@@ -20,9 +20,9 @@
dns10.quad9.net
PayloadDescription
- Configures device to use Quad9 No Filter Encrypted DNS over HTTPS
+ Configures device to use Quad9 Unfiltered Encrypted DNS over TLS
PayloadDisplayName
- Quad9 No Filter DNS over TLS
+ Quad9 Unfiltered Encrypted DNS over TLS
PayloadIdentifier
com.apple.dnsSettings.managed.90067817-36d5-5412-96fc-3c3294eb0fec
PayloadType
@@ -36,9 +36,12 @@
PayloadDescription
- Adds the Quad9 No Filter DNS to Big Sur and iOS 14 based systems
+ Configures device to use Quad9 Unfiltered over TLS
+Operated by Quad9 Foundation.
+Server location: 🇨🇭.
+Filtering: no
PayloadDisplayName
- Quad9 No Filter Encrypted DNS over TLS
+ Quad9 Unfiltered Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
diff --git a/profiles/template-on-demand.mobileconfig b/profiles/template-on-demand-default-https.mobileconfig
similarity index 73%
rename from profiles/template-on-demand.mobileconfig
rename to profiles/template-on-demand-default-https.mobileconfig
index 9381e2f..41fabab 100644
--- a/profiles/template-on-demand.mobileconfig
+++ b/profiles/template-on-demand-default-https.mobileconfig
@@ -37,15 +37,15 @@
PayloadDescription
- Configures device to use Example Encrypted DNS over HTTPS
+ Configures device to use Example Encrypted DNS Encrypted DNS over HTTPS
PayloadDisplayName
- Example DNS over HTTPS
+ Example Encrypted DNS Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.abc0db58-da07-5566-a55b-587df1382d4a
+ com.apple.dnsSettings.managed.45134783-5122-5abb-96ed-f5bf88841542
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- ABC0DB58-DA07-5566-A55B-587DF1382D4A
+ 45134783-5122-5ABB-96ED-F5BF88841542
PayloadVersion
1
ProhibitDisablement
@@ -53,9 +53,12 @@
PayloadDescription
- Adds the Example Encrypted DNS over HTTPS to Big Sur and iOS 14 based systems
+ Configures device to use Example Encrypted DNS over HTTPS
+Adds the Example Encrypted DNS over HTTPS to Big Sur and iOS 14 based systems.
+Server location: .
+Filtering: no
PayloadDisplayName
- Example Encrypted DNS over HTTPS
+ Example Encrypted DNS Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -65,7 +68,7 @@
PayloadType
Configuration
PayloadUUID
- 9E0173E4-7947-5174-A857-D97C90189345
+ 094F8FB6-20D9-51D6-8F5D-6E3F32192E24
PayloadVersion
1
diff --git a/profiles/tiarapp-https.mobileconfig b/profiles/tiarapp-default-https.mobileconfig
similarity index 70%
rename from profiles/tiarapp-https.mobileconfig
rename to profiles/tiarapp-default-https.mobileconfig
index 0fef4cf..377b91b 100644
--- a/profiles/tiarapp-https.mobileconfig
+++ b/profiles/tiarapp-default-https.mobileconfig
@@ -15,13 +15,13 @@
PayloadDescription
Configures device to use Tiarap Encrypted DNS over HTTPS
PayloadDisplayName
- Tiarap DNS over HTTPS
+ Tiarap Encrypted DNS over HTTPS
PayloadIdentifier
- com.apple.dnsSettings.managed.b8bfdb6a-295d-5b21-b057-eb3c8b0a786e
+ com.apple.dnsSettings.managed.fde2d338-fe25-546b-ab48-645b7b675e6b
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- B8BFDB6A-295D-5B21-B057-EB3C8B0A786E
+ FDE2D338-FE25-546B-AB48-645B7B675E6B
PayloadVersion
1
ProhibitDisablement
@@ -29,9 +29,12 @@
PayloadDescription
- Adds the Tiarap DNS over HTTPS to Big Sur and iOS 14 based systems
+ Configures device to use Tiarap over HTTPS
+Operated by Tiarap Inc. Blocks ads, tracking, phising & malware.
+Server location: 🇸🇬 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Tiarap DNS over HTTPS
+ Tiarap Encrypted DNS over HTTPS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -41,7 +44,7 @@
PayloadType
Configuration
PayloadUUID
- 5D9FBC79-C3B0-5A98-A17D-8EC8A05C0F22
+ 39D05040-6A6B-53A3-A94A-CBACA457F960
PayloadVersion
1
diff --git a/profiles/tiarapp-tls.mobileconfig b/profiles/tiarapp-default-tls.mobileconfig
similarity index 70%
rename from profiles/tiarapp-tls.mobileconfig
rename to profiles/tiarapp-default-tls.mobileconfig
index bde3ebc..f0f7319 100644
--- a/profiles/tiarapp-tls.mobileconfig
+++ b/profiles/tiarapp-default-tls.mobileconfig
@@ -15,13 +15,13 @@
PayloadDescription
Configures device to use Tiarap Encrypted DNS over TLS
PayloadDisplayName
- Tiarap DNS over TLS
+ Tiarap Encrypted DNS over TLS
PayloadIdentifier
- com.apple.dnsSettings.managed.1e58dec4-c1a9-50ac-81cb-cc9c261f9041
+ com.apple.dnsSettings.managed.d7772cd8-45af-5f49-8563-5d6c20df3f65
PayloadType
com.apple.dnsSettings.managed
PayloadUUID
- 1E58DEC4-C1A9-50AC-81CB-CC9C261F9041
+ D7772CD8-45AF-5F49-8563-5D6C20DF3F65
PayloadVersion
1
ProhibitDisablement
@@ -29,9 +29,12 @@
PayloadDescription
- Adds the Tiarap DNS over TLS to Big Sur and iOS 14 based systems
+ Configures device to use Tiarap over TLS
+Operated by Tiarap Inc. Blocks ads, tracking, phising & malware.
+Server location: 🇸🇬 🇺🇸.
+Filtering: yes
PayloadDisplayName
- Tiarap DNS over TLS
+ Tiarap Encrypted DNS over TLS
PayloadIdentifier
com.paulmillr.apple-dns
PayloadRemovalDisallowed
@@ -41,7 +44,7 @@
PayloadType
Configuration
PayloadUUID
- BB91492E-F74F-5707-8B99-EA8E92DE96B6
+ B9C51928-5B68-5B30-9CEC-B3A30FBBABB1
PayloadVersion
1
diff --git a/scripts/build.ts b/scripts/build.ts
deleted file mode 100755
index 265cfd8..0000000
--- a/scripts/build.ts
+++ /dev/null
@@ -1,771 +0,0 @@
-#!/usr/bin/env node
-import { CMS } from 'micro-key-producer/x509.js';
-import { createHash } from 'node:crypto';
-import fs from 'node:fs';
-import net from 'node:net';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-
-type LangData = {
- code: string;
- name: string;
- table_columns: {
- name: string;
- region: string;
- censorship: string;
- notes: string;
- install_signed: string;
- install_unsigned: string;
- };
- yes: string;
- no: string;
-};
-
-type Lang = {
- code: string;
- name: string;
- mdFile: string;
- jsonFile: string;
- data: LangData;
-};
-
-type RuleParam = { DomainAction: string; Domains: string[] };
-type Rule = {
- Action: string;
- InterfaceTypeMatch?: string;
- SSIDMatch?: string[];
- ActionParameters?: RuleParam[];
-};
-type DnsCfg = {
- protocol: string;
- server: string;
- addresses: string[];
-};
-type DnsInput = {
- protocol: string;
- server: string;
- addresses: string[];
-};
-type DnsValidateOpts = { requireTlsAddresses?: boolean };
-
-type PayloadCfg = {
- description?: string;
- displayName: string;
- identifier: string;
- uuid: string;
- type?: string;
- version?: number;
- organization?: string;
- prohibitDisablement?: boolean;
-};
-
-type TopCfg = {
- description: string;
- displayName: string;
- identifier: string;
- removalDisallowed?: boolean;
- scope?: string;
- type?: string;
- uuid: string;
- version?: number;
- organization?: string;
- consentTextDefault?: string;
-};
-
-type CertCfg = {
- fileName: string;
- data: string;
- displayName: string;
- identifier: string;
- uuid: string;
- type?: string;
- version?: number;
-};
-
-export type ProfileCfg = {
- // Controls plist string escaping; kept for compatibility with old provider entries.
- escapeXML?: boolean;
- // Naming inputs used to derive PayloadDisplayName / top display fields when explicit fields are absent.
- name?: string;
- fullName?: string;
- // Explicit top payload display name fallback when top.displayName is not set.
- topName?: string;
- // DNS endpoint (DoH URL or DoT hostname) and optional resolver IP hints for Apple DNSSettings payload.
- ServerURLOrName?: string;
- ServerAddresses?: string[];
- // Inner payload fields (com.apple.dnsSettings.managed) shown in UI and used for stable ids.
- PayloadDisplayName?: string;
- PayloadDescription?: string;
- PayloadIdentifier?: string;
- PayloadUUID?: string;
- PayloadType?: string;
- PayloadVersion?: number;
- // Apple DNS payload flag: true prevents user from toggling DNS settings off in UI.
- ProhibitDisablement?: boolean;
- // Optional Apple consent text block; used by some providers for privacy-policy notice.
- ConsentTextDefault?: string;
- // Structured variants used by CLI/tests; normalize() supports both structured and flat forms.
- dns?: DnsCfg;
- payload?: PayloadCfg;
- // Structured top-level configuration payload; if absent, built from defaults + topName.
- top?: TopCfg;
- // Optional on-demand match rules (template use-case).
- onDemandRules?: Rule[];
- // Optional additional certificate payloads embedded into profile.
- certificates?: CertCfg[];
- // Compact detached signature (hex). Generator rebuilds attached CMS signed/*.mobileconfig from this.
- signature?: string;
-};
-
-type Provider = {
- // Provider metadata for README table + generated links.
- id: string;
- profile: string;
- // Optional naming defaults consumed by providerFile()/normalize().
- name?: string;
- fullName?: string;
- ServerAddresses?: string[];
- // Optional output filename override (template provider).
- file?: string;
- // Hidden providers are excluded from README provider table.
- hidden?: boolean;
- website?: string;
- region?: string | string[];
- censorship?: boolean;
- // Localized labels and notes used in README rendering.
- names: Record;
- notes: Record;
- // Per-protocol profile definitions.
- https?: ProfileCfg;
- tls?: ProfileCfg;
- formats?: {
- unsigned: { https: boolean; tls: boolean };
- signed: { https: boolean; tls: boolean };
- };
- sourceFile?: string;
-};
-type ProviderFileInfo = Pick;
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-// Moved under scripts/: resolve repo-root data paths explicitly.
-const ROOT_DIR = path.join(__dirname, '..');
-const CERTS_DIR = path.join(ROOT_DIR, 'certs');
-const CERT_PEM_FILE = path.join(CERTS_DIR, 'cert.pem');
-const CHAIN_PEM_FILE = path.join(CERTS_DIR, 'chain.pem');
-// Shared CMS algorithm parameters for repo signing/building.
-// We intentionally omit signingTime and S/MIME capabilities for stable, minimal signed attributes.
-export const SIGN_OPTS = { extraEntropy: false } as const; // Deterministic signatures
-const LANGUAGES_DIR = path.join(ROOT_DIR, 'src-languages');
-const PROVIDERS_PATH = path.join(ROOT_DIR, 'src');
-const DEFAULT_LANG = 'en';
-const OUTPUT_DIR = ROOT_DIR;
-const REPO_RAW = 'https://github.com/paulmillr/encrypted-dns/raw/master';
-const outPath = (p: string) => path.join(ROOT_DIR, p);
-
-const REGIONS: Record = {
- US: '🇺🇸',
- CN: '🇨🇳',
- RU: '🇷🇺',
- NL: '🇳🇱',
- DE: '🇩🇪',
- SG: '🇸🇬',
- CA: '🇨🇦',
- FR: '🇫🇷',
- CH: '🇨🇭',
- SE: '🇸🇪',
- CZ: '🇨🇿',
-};
-
-const escapeXMLText = (s: string) =>
- s
- .replaceAll('&', '&')
- .replaceAll('<', '<')
- .replaceAll('>', '>')
- .replaceAll('"', '"')
- .replaceAll("'", ''');
-export const validId = (s: string) => /^[A-Za-z0-9.-]+$/.test(s);
-export const validHost = (s: string) =>
- /^(?=.{1,253}$)(?!-)(?:[A-Za-z0-9-]{1,63}\.)*[A-Za-z0-9-]{1,63}$/.test(s) && !s.includes('..');
-export const splitCsv = (s: string) =>
- s
- .split(',')
- .map((x) => x.trim())
- .filter(Boolean);
-const bad = (where: string, msg: string): never => {
- throw new Error(`${where}: ${msg}`);
-};
-const validateDnsInputFor = (
- x: DnsInput,
- where: string,
- protocol: 'https' | 'tls',
- opts: DnsValidateOpts = {}
-) => {
- const requireTlsAddresses =
- opts.requireTlsAddresses !== undefined ? opts.requireTlsAddresses : true;
- if (!x.server.trim()) bad(where, 'server is required');
- if (protocol === 'https') {
- let url: URL;
- try {
- url = new URL(x.server);
- } catch {
- bad(where, `https server must be a valid URL, got: ${x.server}`);
- }
- if (url.protocol !== 'https:')
- bad(where, `https server URL must use https://, got: ${x.server}`);
- } else if (!validHost(x.server)) bad(where, `tls server must be a hostname, got: ${x.server}`);
- for (const ip of x.addresses) if (!net.isIP(ip)) bad(where, `invalid IP address: ${ip}`);
- if (requireTlsAddresses && protocol === 'tls' && x.addresses.length === 0)
- bad(where, 'tls requires at least one IP in --addresses');
-};
-export const validateDnsInput = (x: DnsInput, where: string, opts: DnsValidateOpts = {}) => {
- const protocol = x.protocol.toLowerCase();
- if (protocol !== 'https' && protocol !== 'tls')
- bad(where, `protocol: expected https|tls, got ${x.protocol}`);
- validateDnsInputFor(x, where, protocol, opts);
-};
-export const validateProfileInput = (
- x: ProfileCfg,
- where: string,
- expectedProtocol?: 'https' | 'tls'
-) => {
- const dns = x.dns || {
- protocol: expectedProtocol || '',
- server: x.ServerURLOrName || '',
- addresses: x.ServerAddresses || [],
- };
- if (expectedProtocol)
- validateDnsInputFor(dns, where, expectedProtocol, { requireTlsAddresses: false });
- else validateDnsInput(dns, where);
- const payloadId = x.payload?.identifier || x.PayloadIdentifier;
- const topId = x.top?.identifier;
- const scope = x.top?.scope;
- if (payloadId && !validId(payloadId))
- bad(where, `payload identifier must match [A-Za-z0-9.-], got: ${payloadId}`);
- if (topId && !validId(topId))
- bad(where, `top payload identifier must match [A-Za-z0-9.-], got: ${topId}`);
- if (scope && scope !== 'System' && scope !== 'User')
- bad(where, `scope: expected System|User, got ${scope}`);
-};
-
-const certData = (src: string) =>
- src
- .replace(/-----BEGIN CERTIFICATE-----/g, '')
- .replace(/-----END CERTIFICATE-----/g, '')
- .replace(/\s/g, '');
-const UUID_DNS_NS = new Uint8Array([
- 0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8,
-]);
-const hex = (b: Uint8Array) => Buffer.from(b).toString('hex');
-const uuidFormat = (b: Uint8Array, upper: boolean) => {
- const s = hex(b);
- const out = `${s.slice(0, 8)}-${s.slice(8, 12)}-${s.slice(12, 16)}-${s.slice(16, 20)}-${s.slice(20, 32)}`;
- return upper ? out.toUpperCase() : out.toLowerCase();
-};
-const uuidV5 = (seed: string, upper: boolean) => {
- const msg = Buffer.from(seed, 'utf8');
- const h = createHash('sha1').update(Buffer.from(UUID_DNS_NS)).update(msg).digest();
- const out = new Uint8Array(h.subarray(0, 16));
- out[6] = (out[6] & 0x0f) | 0x50;
- out[8] = (out[8] & 0x3f) | 0x80;
- return uuidFormat(out, upper);
-};
-export const deterministicUuid = (
- rootIdentifier: string,
- tag: 'root' | 'payload',
- rel: string,
- i?: number
-) => {
- if (tag === 'root') return uuidV5(`${rootIdentifier}::root::${rel}`, true);
- return uuidV5(`${rootIdentifier}::payload::${i || 0}::${rel}`, true);
-};
-const deterministicPayloadIdentifier = (rootIdentifier: string, rel: string, i = 0) =>
- `com.apple.dnsSettings.managed.${uuidV5(`${rootIdentifier}::payload::${i}::${rel}`, false)}`;
-
-export const providerFile = (p: ProviderFileInfo, https: boolean, signed?: boolean) => {
- if (p.file) return `${signed ? 'signed' : 'profiles'}/${p.file}`;
- const postfix = (_pr: ProviderFileInfo, isHttps: boolean) => (isHttps ? 'https' : 'tls');
- const name = p.name || p.id;
- return `${signed ? 'signed' : 'profiles'}/${name}-${postfix(p, https)}.mobileconfig`;
-};
-
-const languages: Lang[] = fs
- .readdirSync(LANGUAGES_DIR)
- .filter((f: string) => f.endsWith('.json'))
- .sort()
- .map((f: string) => {
- const p = path.join(LANGUAGES_DIR, f);
- const data = JSON.parse(fs.readFileSync(p, 'utf8')) as LangData;
- return {
- code: data.code,
- name: data.name,
- mdFile: p.replace('.json', '.md'),
- jsonFile: p,
- data,
- };
- });
-
-const providers: Provider[] = fs
- .readdirSync(PROVIDERS_PATH)
- .sort()
- .map((name: string) => {
- const sourceFile = path.join(PROVIDERS_PATH, name);
- const p = JSON.parse(fs.readFileSync(sourceFile, 'utf8')) as Provider;
- const unsigned = { https: !!p.https, tls: !!p.tls };
- const signed = {
- https: !!p.https?.signature || fs.existsSync(outPath(providerFile(p, true, true))),
- tls: !!p.tls?.signature || fs.existsSync(outPath(providerFile(p, false, true))),
- };
- return { ...p, sourceFile, formats: { unsigned, signed } };
- });
-
-const generateSigned = () => {
- for (const p of providers) {
- if (!p.formats) continue;
- p.formats.signed.https = fs.existsSync(outPath(providerFile(p, true, true)));
- p.formats.signed.tls = fs.existsSync(outPath(providerFile(p, false, true)));
- }
-};
-
-const FULLWIDTH_PATTERN =
- /[\u1100-\u115F\u2329\u232A\u2E80-\u303E\u3040-\uA4CF\uAC00-\uD7A3\uF900-\uFAFF\uFE10-\uFE19\uFE30-\uFE6F\uFF00-\uFF60\uFFE0-\uFFE6]/u;
-const chrWidth = (str: string) => {
- let width = 0;
- for (const c of str) width += FULLWIDTH_PATTERN.test(c) || REGIONS[c] ? 2 : 1;
- return width;
-};
-const padEnd = (s: string, len: number, chr: string) =>
- `${s}${chr.repeat(Math.max(0, len - chrWidth(s)))}`;
-
-const genTable = (rows: string[][]) => {
- const widths = rows[0].map(() => 0);
- for (const r of rows)
- for (let i = 0; i < r.length; i++) widths[i] = Math.max(widths[i], chrWidth(r[i]));
- let table = '';
- rows.forEach((r, i) => {
- const cells = r.map((c, j) => padEnd(c, widths[j], ' ')).join(' | ');
- table += `| ${cells} |\n`;
- if (i === 0) table += `| ${r.map((_, j) => padEnd('', widths[j], '-')).join(' | ')} |\n`;
- });
- return table;
-};
-
-const TAGS: Record string> = {
- LANGUAGES: (currentLang: Lang) =>
- languages
- .map((lang) => {
- if (lang.code === currentLang.code) return lang.name;
- return `[${lang.name}](https://github.com/paulmillr/encrypted-dns/${lang.code === DEFAULT_LANG ? '' : `blob/master/README.${lang.code}.md`})`;
- })
- .join(' | '),
- PROVIDERS_TABLE: (currentLang: Lang) => {
- const rows: string[][] = [
- [
- currentLang.data.table_columns.name,
- currentLang.data.table_columns.region,
- currentLang.data.table_columns.censorship,
- currentLang.data.table_columns.notes,
- currentLang.data.table_columns.install_signed,
- currentLang.data.table_columns.install_unsigned,
- ],
- ];
- const sorted = Array.from(providers)
- .filter((p) => !p.hidden)
- .sort((a, b) => a.id.localeCompare(b.id));
- for (const provider of sorted) {
- const name = provider.names[currentLang.code] || provider.names[DEFAULT_LANG];
- const note = provider.notes[currentLang.code] || provider.notes[DEFAULT_LANG];
- const censorship = provider.censorship ? currentLang.data.yes : currentLang.data.no;
- const regionEmoji = (
- Array.isArray(provider.region) ? provider.region : [provider.region || '']
- )
- .map((r) => REGIONS[r] || '')
- .join(' ')
- .trim();
- const unsignedLinks: string[] = [];
- if (provider.formats?.unsigned?.https)
- unsignedLinks.push(`[HTTPS][${provider.profile}-https]`);
- if (provider.formats?.unsigned?.tls) unsignedLinks.push(`[TLS][${provider.profile}-tls]`);
- const signedLinks: string[] = [];
- if (provider.formats?.signed?.https)
- signedLinks.push(`[HTTPS][${provider.profile}-https-signed]`);
- if (provider.formats?.signed?.tls) signedLinks.push(`[TLS][${provider.profile}-tls-signed]`);
- rows.push([
- `[${name}][${provider.id}]`,
- regionEmoji,
- censorship,
- note,
- signedLinks.join(', '),
- unsignedLinks.join(', '),
- ]);
- }
- return genTable(rows).trim();
- },
- PROVIDERS_LINKS: (_currentLang: Lang) => {
- let res = '';
- const addLink = (p: Provider, https: boolean, signed?: boolean) => {
- const file = providerFile(p, https, signed);
- if (!fs.existsSync(outPath(file))) throw new Error(`missing: ${file}`);
- res += `[${p.profile}-${https ? 'https' : 'tls'}${signed ? '-signed' : ''}]: ${REPO_RAW}/${file}\n`;
- };
- for (const p of providers) {
- if (p.hidden) continue;
- if (p.website) res += `[${p.id}]: ${p.website}\n`;
- if (p.formats?.unsigned?.https) addLink(p, true);
- if (p.formats?.unsigned?.tls) addLink(p, false);
- }
- for (const p of providers) {
- if (p.hidden) continue;
- if (p.formats?.signed?.https) addLink(p, true, true);
- if (p.formats?.signed?.tls) addLink(p, false, true);
- }
- return res;
- },
-};
-
-const processTemplate = (templateContent: string, lang: Lang) => {
- let content = templateContent;
- for (const [tag, handler] of Object.entries(TAGS)) {
- const tagPattern = new RegExp(`<%${tag}%>`, 'g');
- if (content.match(tagPattern)) content = content.replace(tagPattern, handler(lang));
- }
- return content;
-};
-
-const generateReadmes = () => {
- for (const lang of languages) {
- if (!fs.existsSync(lang.mdFile)) throw new Error(`Template file not found: ${lang.mdFile}`);
- const tpl = fs.readFileSync(lang.mdFile, 'utf8');
- const processed = processTemplate(tpl, lang);
- const out = lang.code === DEFAULT_LANG ? 'README.md' : `README.${lang.code}.md`;
- fs.writeFileSync(path.join(OUTPUT_DIR, out), processed, 'utf8');
- console.log(`Generated ${out}`);
- }
-};
-
-type NormalizeOpts = {
- expectedProtocol?: 'https' | 'tls';
- serverAddresses?: string[];
- fullName?: string;
-};
-const normalize = (
- x: ProfileCfg,
- rel: string,
- opts: NormalizeOpts = {}
-): Required> & {
- escapeXML: boolean;
- signature?: string;
-} => {
- const escapeXML = x.escapeXML !== undefined ? x.escapeXML : true;
- const protocolDefault = opts.expectedProtocol ? opts.expectedProtocol.toUpperCase() : '';
- const rootIdentifier = x.top?.identifier || 'com.paulmillr.apple-dns';
- const defaultPayloadDesc = (name: string) => `Configures device to use ${name}`;
- const defaultTopDesc = (name: string) => `Adds the ${name} to Big Sur and iOS 14 based systems`;
- const proto = (x.dns?.protocol || protocolDefault).toUpperCase();
- const fullNameRaw = x.fullName || opts.fullName || '';
- const fullNameWithProto = (() => {
- if (!fullNameRaw) return '';
- if (/ over (HTTPS|TLS)$/.test(fullNameRaw)) return fullNameRaw;
- if (proto === 'HTTPS' || proto === 'TLS') return `${fullNameRaw} over ${proto}`;
- return fullNameRaw;
- })();
- const baseName = x.PayloadDisplayName || fullNameWithProto || x.name || '';
- const topName = x.top?.displayName || x.topName || baseName;
- const fullName = fullNameRaw || topName || baseName;
- // Mixed-shape input (e.g. CLI `new.ts`) may provide only `dns` and flat payload/top fields.
- // Only treat as fully-structured mode when all three nested blocks are present.
- if (x.payload && x.top && x.dns) {
- const dns = x.dns || {
- protocol: protocolDefault,
- server: x.ServerURLOrName || '',
- addresses: x.ServerAddresses !== undefined ? x.ServerAddresses : opts.serverAddresses || [],
- };
- return {
- dns,
- payload: x.payload!,
- top: x.top!,
- onDemandRules: x.onDemandRules || [],
- certificates: x.certificates || [],
- escapeXML,
- signature: x.signature,
- };
- }
- return {
- dns: x.dns || {
- protocol: protocolDefault,
- server: x.ServerURLOrName || '',
- addresses: x.ServerAddresses !== undefined ? x.ServerAddresses : opts.serverAddresses || [],
- },
- payload: {
- description: x.PayloadDescription || defaultPayloadDesc(x.name || baseName),
- displayName: baseName,
- identifier: x.PayloadIdentifier || deterministicPayloadIdentifier(rootIdentifier, rel, 0),
- uuid: x.PayloadUUID || deterministicUuid(rootIdentifier, 'payload', rel, 0),
- type: x.PayloadType || 'com.apple.dnsSettings.managed',
- version: x.PayloadVersion || 1,
- organization: undefined,
- prohibitDisablement: x.ProhibitDisablement !== undefined ? x.ProhibitDisablement : false,
- },
- top: {
- description: x.top?.description || defaultTopDesc(fullName),
- displayName: x.top?.displayName || topName,
- identifier: rootIdentifier,
- removalDisallowed: x.top?.removalDisallowed !== undefined ? x.top.removalDisallowed : false,
- scope: x.top?.scope || 'System',
- type: x.top?.type || 'Configuration',
- uuid: x.top?.uuid || deterministicUuid(rootIdentifier, 'root', rel),
- version: x.top?.version || 1,
- organization: x.top?.organization,
- consentTextDefault: x.top?.consentTextDefault || x.ConsentTextDefault,
- },
- onDemandRules: x.onDemandRules || [],
- certificates: x.certificates || [],
- escapeXML,
- signature: x.signature,
- };
-};
-
-type PlistData = { TAG: 'data'; data: string };
-type PlistNode =
- | string
- | number
- | boolean
- | PlistData
- | PlistNode[]
- | Record;
-const plistData = (x: string): PlistData => ({ TAG: 'data', data: x });
-const isPlistData = (x: PlistNode): x is PlistData =>
- typeof x === 'object' && !Array.isArray(x) && (x as PlistData).TAG === 'data';
-const plistNode = (x: PlistNode, level: number, esc: (s: string) => string): string => {
- const pad = ' '.repeat(level);
- if (typeof x === 'string') return `${pad}${esc(x)}\n`;
- if (typeof x === 'number') return `${pad}${x}\n`;
- if (typeof x === 'boolean') return `${pad}<${x ? 'true' : 'false'}/>\n`;
- if (Array.isArray(x)) {
- let out = `${pad}\n`;
- for (const i of x) out += plistNode(i, level + 1, esc);
- return `${out}${pad}\n`;
- }
- if (isPlistData(x)) return `${pad}${x.data}\n`;
- let out = `${pad}\n`;
- for (const [k, v] of Object.entries(x)) {
- if (v === undefined) continue;
- out += `${pad} ${k}\n`;
- out += plistNode(v, level + 1, esc);
- }
- return `${out}${pad}\n`;
-};
-const plistDoc = (root: PlistNode, rootLevel: number, esc: (s: string) => string) =>
- `
-
-
-${plistNode(root, rootLevel, esc)}
-`;
-const dnsNode = (d: DnsCfg): Record => ({
- DNSProtocol: d.protocol,
- ...(d.addresses.length ? { ServerAddresses: d.addresses } : {}),
- [d.server.startsWith('https://') ? 'ServerURL' : 'ServerName']: d.server,
-});
-const rulesNode = (rules: Rule[]): PlistNode[] =>
- rules.map((r) => ({
- Action: r.Action,
- ...(r.InterfaceTypeMatch ? { InterfaceTypeMatch: r.InterfaceTypeMatch } : {}),
- ...(r.SSIDMatch && r.SSIDMatch.length ? { SSIDMatch: r.SSIDMatch } : {}),
- ...(r.ActionParameters && r.ActionParameters.length
- ? {
- ActionParameters: r.ActionParameters.map((p) => ({
- DomainAction: p.DomainAction,
- Domains: p.Domains,
- })),
- }
- : {}),
- }));
-const certNodes = (certs: CertCfg[]): PlistNode[] =>
- certs.map((c) => ({
- PayloadCertificateFileName: c.fileName,
- PayloadContent: plistData(certData(c.data)),
- PayloadDisplayName: c.displayName,
- PayloadIdentifier: c.identifier,
- PayloadType: c.type || 'com.apple.security.pem',
- PayloadUUID: c.uuid,
- PayloadVersion: c.version || 1,
- }));
-const renderProfile = (cfg: ReturnType) => {
- const p = cfg.payload;
- const t = cfg.top;
- const esc = cfg.escapeXML ? escapeXMLText : (s: string) => s;
- const entry = (k: string, v: PlistNode | undefined): [string, PlistNode] | undefined =>
- v === undefined ? undefined : [k, v];
- const obj = (xs: Array<[string, PlistNode] | undefined>): Record =>
- Object.fromEntries(xs.filter(Boolean) as [string, PlistNode][]);
- const payload = obj([
- ['DNSSettings', dnsNode(cfg.dns)],
- entry('OnDemandRules', cfg.onDemandRules.length ? rulesNode(cfg.onDemandRules) : undefined),
- ['PayloadDescription', p.description || ''],
- ['PayloadDisplayName', p.displayName],
- entry('PayloadOrganization', p.organization),
- ['PayloadIdentifier', p.identifier],
- ['PayloadType', p.type || 'com.apple.dnsSettings.managed'],
- ['PayloadUUID', p.uuid],
- ['PayloadVersion', p.version || 1],
- entry('ProhibitDisablement', p.prohibitDisablement),
- ]);
- const payloadContent: PlistNode = [payload, ...certNodes(cfg.certificates)];
- const root = obj([
- ['PayloadContent', payloadContent],
- ['PayloadDescription', t.description],
- entry('ConsentText', t.consentTextDefault ? { default: t.consentTextDefault } : undefined),
- ['PayloadDisplayName', t.displayName],
- entry('PayloadOrganization', t.organization),
- ['PayloadIdentifier', t.identifier],
- entry('PayloadRemovalDisallowed', t.removalDisallowed),
- entry('PayloadScope', t.scope),
- ['PayloadType', t.type || 'Configuration'],
- ['PayloadUUID', t.uuid],
- ['PayloadVersion', t.version || 1],
- ]);
- return plistDoc(root, 0, esc);
-};
-
-export const generateSingle = (x: ProfileCfg) => {
- const cfg = normalize(x, '');
- return renderProfile(cfg);
-};
-export const normalizeProfile = (x: ProfileCfg, rel: string, opts: NormalizeOpts = {}) =>
- normalize(x, rel, opts);
-export const generateForRel = (x: ProfileCfg, rel: string, opts: NormalizeOpts = {}) => {
- const cfg = normalize(x, rel, opts);
- return renderProfile(cfg);
-};
-const generateSingleRel = (x: ProfileCfg, rel: string, opts: NormalizeOpts = {}) => {
- return generateForRel(x, rel, opts);
-};
-const withDefaults = (
- cfg: ProfileCfg,
- defaults: { serverAddresses?: string[]; fullName?: string } = {}
-): ProfileCfg => {
- const needAddrs = !!defaults.serverAddresses;
- const needFullName = !!defaults.fullName;
- if (!needAddrs && !needFullName) return cfg;
- let out = cfg;
- if (needFullName && out.fullName === undefined) out = { ...out, fullName: defaults.fullName };
- if (!needAddrs) return out;
- if (out.dns) {
- if (out.dns.addresses !== undefined) return out;
- return { ...out, dns: { ...out.dns, addresses: defaults.serverAddresses } };
- }
- if (out.ServerAddresses !== undefined) return out;
- return { ...out, ServerAddresses: defaults.serverAddresses };
-};
-
-const toBytes = (s: string): Uint8Array => new Uint8Array(Buffer.from(s, 'utf8'));
-const fromHex = (s: string): Uint8Array => new Uint8Array(Buffer.from(s, 'hex'));
-const fromSignature = (s: string): Uint8Array => {
- const txt = s.trim();
- if (/^[0-9a-f]+$/i.test(txt) && txt.length % 2 === 0) return fromHex(txt);
- throw new Error('expected compact signature in lowercase/uppercase hex');
-};
-let signerMaterialCache: { cert: string; chain: string } | undefined;
-const signerMaterial = (): { cert: string; chain: string } => {
- if (signerMaterialCache) return signerMaterialCache;
- if (!fs.existsSync(CERT_PEM_FILE)) throw new Error(`missing signer cert: ${CERT_PEM_FILE}`);
- if (!fs.existsSync(CHAIN_PEM_FILE)) throw new Error(`missing signer chain: ${CHAIN_PEM_FILE}`);
- signerMaterialCache = {
- cert: fs.readFileSync(CERT_PEM_FILE, 'utf8'),
- chain: fs.readFileSync(CHAIN_PEM_FILE, 'utf8'),
- };
- return signerMaterialCache;
-};
-const verifyDetached = (
- p: Provider,
- protocol: 'https' | 'tls',
- parsed: ProfileCfg,
- content: Uint8Array
-) => {
- if (!parsed.signature) return;
- const compactSig = fromSignature(parsed.signature);
- const mat = signerMaterial();
- const signed = CMS.compact.build(content, compactSig, mat.cert, mat.chain, SIGN_OPTS);
- try {
- CMS.verify(signed, { allowBER: true, checkSignatures: true, time: Date.now() });
- } catch (e) {
- throw new Error(`${p.id}/${protocol}: signature verify failed (${(e as Error).message})`);
- }
-};
-const signedFromDetached = (
- p: Provider,
- protocol: 'https' | 'tls',
- isHttps: boolean,
- parsed: ProfileCfg,
- content: Uint8Array
-) => {
- if (!parsed.signature) return;
- const compactSig = fromSignature(parsed.signature);
- const mat = signerMaterial();
- const out = providerFile(p, isHttps, true);
- const full = outPath(out);
- fs.mkdirSync(path.dirname(full), { recursive: true });
- const signed = CMS.compact.build(content, compactSig, mat.cert, mat.chain, SIGN_OPTS);
- fs.writeFileSync(full, signed);
- console.log(`Generated ${out}`);
-};
-
-const generateConfigs = () => {
- const generate = (
- file: string,
- parsed?: ProfileCfg,
- where?: string,
- expectedProtocol?: 'https' | 'tls',
- defaults: { serverAddresses?: string[]; fullName?: string } = {}
- ): Uint8Array | undefined => {
- if (!parsed) return;
- const input = withDefaults(parsed, defaults);
- validateProfileInput(input, where || file, expectedProtocol);
- const rel = file.startsWith('profiles/') ? file.slice('profiles/'.length) : file;
- const raw = generateSingleRel(input, rel, {
- expectedProtocol,
- serverAddresses: defaults.serverAddresses,
- fullName: defaults.fullName,
- });
- const out = outPath(file);
- fs.mkdirSync(path.dirname(out), { recursive: true });
- fs.writeFileSync(out, raw);
- console.log(`Generated ${file}`);
- return toBytes(raw);
- };
- for (const p of providers) {
- if (p.formats?.unsigned?.https) {
- const content = generate(
- providerFile(p, true),
- p.https,
- `${p.sourceFile || `provider:${p.id}`}:https`,
- 'https',
- { serverAddresses: p.ServerAddresses, fullName: p.fullName }
- );
- if (content && p.https) {
- verifyDetached(p, 'https', p.https, content);
- signedFromDetached(p, 'https', true, p.https, content);
- }
- }
- if (p.formats?.unsigned?.tls) {
- const content = generate(
- providerFile(p, false),
- p.tls,
- `${p.sourceFile || `provider:${p.id}`}:tls`,
- 'tls',
- { serverAddresses: p.ServerAddresses, fullName: p.fullName }
- );
- if (content && p.tls) {
- verifyDetached(p, 'tls', p.tls, content);
- signedFromDetached(p, 'tls', false, p.tls, content);
- }
- }
- }
-};
-
-const main = () => {
- generateConfigs();
- generateSigned();
- generateReadmes();
-};
-if (process.argv[1] && path.resolve(process.argv[1]) === __filename) main();
diff --git a/scripts/sign.ts b/scripts/sign.ts
deleted file mode 100755
index 7f40018..0000000
--- a/scripts/sign.ts
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/env node
-import { CMS } from 'micro-key-producer/x509.js';
-import fs from 'node:fs';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-import {
- generateForRel,
- providerFile,
- SIGN_OPTS,
- validateProfileInput,
- type ProfileCfg,
-} from './build.ts';
-
-type Provider = {
- id: string;
- name?: string;
- file?: string;
- fullName?: string;
- ServerAddresses?: string[];
- https?: ProfileCfg;
- tls?: ProfileCfg;
-};
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-const ROOT = path.join(__dirname, '..');
-const PROVIDERS = path.join(ROOT, 'src');
-const CERT_PEM = path.join(ROOT, 'certs', 'cert.pem');
-const CHAIN_PEM = path.join(ROOT, 'certs', 'chain.pem');
-const PRIVKEY_PEM = path.join(ROOT, 'certs', 'privkey.pem');
-const USAGE = `node sign.ts expects following files to exist:
-
-* ${path.relative(ROOT, CERT_PEM)}: pubkey certificate
-* ${path.relative(ROOT, CHAIN_PEM)}: pubkey certificate chain
-* ${path.relative(ROOT, PRIVKEY_PEM)}: PRIVATE key used to sign requests (never share this)
-`;
-
-const withDefaults = (
- cfg: ProfileCfg,
- defaults: { serverAddresses?: string[]; fullName?: string } = {}
-): ProfileCfg => {
- const needAddrs = !!defaults.serverAddresses;
- const needFullName = !!defaults.fullName;
- if (!needAddrs && !needFullName) return cfg;
- let out = cfg;
- if (needFullName && out.fullName === undefined) out = { ...out, fullName: defaults.fullName };
- if (!needAddrs) return out;
- if (out.dns) {
- if (out.dns.addresses !== undefined) return out;
- return { ...out, dns: { ...out.dns, addresses: defaults.serverAddresses } };
- }
- if (out.ServerAddresses !== undefined) return out;
- return { ...out, ServerAddresses: defaults.serverAddresses };
-};
-
-const main = () => {
- [PRIVKEY_PEM, CERT_PEM, CHAIN_PEM].forEach(filepath => {
- if (!fs.existsSync(filepath)) throw new Error(USAGE);
- });
-
- const key = fs.readFileSync(PRIVKEY_PEM, 'utf8');
- const cert = fs.readFileSync(CERT_PEM, 'utf8');
- const chain = fs.readFileSync(CHAIN_PEM, 'utf8');
- const files = fs
- .readdirSync(PROVIDERS)
- .filter((f) => f.endsWith('.json'))
- .sort();
- const enc = new TextEncoder();
- let updated = 0;
-
- for (const fileName of files) {
- const full = path.join(PROVIDERS, fileName);
- const provider = JSON.parse(fs.readFileSync(full, 'utf8')) as Provider;
- let changed = false;
- for (const protocol of ['https', 'tls'] as const) {
- const src = provider[protocol];
- if (!src) continue;
- const input = withDefaults(src, {
- serverAddresses: provider.ServerAddresses,
- fullName: provider.fullName,
- });
- validateProfileInput(input, `${fileName}:${protocol}`, protocol);
- const relPath = providerFile(provider, protocol === 'https').replace(/^profiles\//, '');
- const raw = generateForRel(input, relPath, {
- expectedProtocol: protocol,
- serverAddresses: provider.ServerAddresses,
- fullName: provider.fullName,
- });
- const content = enc.encode(raw);
- const compact = CMS.compact.sign(content, cert, key, SIGN_OPTS);
- const signed = CMS.compact.build(content, compact, cert, chain, SIGN_OPTS);
- CMS.verify(signed, { allowBER: true, checkSignatures: true, time: Date.now() });
- const sigHex = Buffer.from(compact).toString('hex');
- if (src.signature !== sigHex) {
- src.signature = sigHex;
- changed = true;
- }
- }
- if (!changed) continue;
- fs.writeFileSync(full, `${JSON.stringify(provider, undefined, 4)}\n`);
- updated++;
- console.log(`Updated ${fileName}`);
- }
- console.log(`${updated} mobileconfig files updated`);
- console.log(`signing done`);
-};
-
-main();
diff --git a/signed/360-https.mobileconfig b/signed/360-default-https.mobileconfig
similarity index 81%
rename from signed/360-https.mobileconfig
rename to signed/360-default-https.mobileconfig
index ceb43d9..3db2d81 100644
Binary files a/signed/360-https.mobileconfig and b/signed/360-default-https.mobileconfig differ
diff --git a/signed/adguard-default-https.mobileconfig b/signed/adguard-default-https.mobileconfig
index 369fa94..f69e3cf 100644
Binary files a/signed/adguard-default-https.mobileconfig and b/signed/adguard-default-https.mobileconfig differ
diff --git a/signed/adguard-default-tls.mobileconfig b/signed/adguard-default-tls.mobileconfig
index fa2beff..4603870 100644
Binary files a/signed/adguard-default-tls.mobileconfig and b/signed/adguard-default-tls.mobileconfig differ
diff --git a/signed/adguard-family-https.mobileconfig b/signed/adguard-family-https.mobileconfig
index b7a4d9c..4aac860 100644
Binary files a/signed/adguard-family-https.mobileconfig and b/signed/adguard-family-https.mobileconfig differ
diff --git a/signed/adguard-family-tls.mobileconfig b/signed/adguard-family-tls.mobileconfig
index ec54a62..791718a 100644
Binary files a/signed/adguard-family-tls.mobileconfig and b/signed/adguard-family-tls.mobileconfig differ
diff --git a/signed/adguard-nofilter-https.mobileconfig b/signed/adguard-nofilter-https.mobileconfig
index f30592b..96b9d10 100644
Binary files a/signed/adguard-nofilter-https.mobileconfig and b/signed/adguard-nofilter-https.mobileconfig differ
diff --git a/signed/adguard-nofilter-tls.mobileconfig b/signed/adguard-nofilter-tls.mobileconfig
index b75e67e..1b74dbf 100644
Binary files a/signed/adguard-nofilter-tls.mobileconfig and b/signed/adguard-nofilter-tls.mobileconfig differ
diff --git a/signed/alekberg-https.mobileconfig b/signed/alekberg-default-https.mobileconfig
similarity index 80%
rename from signed/alekberg-https.mobileconfig
rename to signed/alekberg-default-https.mobileconfig
index a2e9a9c..7164976 100644
Binary files a/signed/alekberg-https.mobileconfig and b/signed/alekberg-default-https.mobileconfig differ
diff --git a/signed/alibaba-https.mobileconfig b/signed/alibaba-default-https.mobileconfig
similarity index 80%
rename from signed/alibaba-https.mobileconfig
rename to signed/alibaba-default-https.mobileconfig
index e2e49dc..a1db8a9 100644
Binary files a/signed/alibaba-https.mobileconfig and b/signed/alibaba-default-https.mobileconfig differ
diff --git a/signed/alibaba-tls.mobileconfig b/signed/alibaba-default-tls.mobileconfig
similarity index 81%
rename from signed/alibaba-tls.mobileconfig
rename to signed/alibaba-default-tls.mobileconfig
index bc6c40f..c071265 100644
Binary files a/signed/alibaba-tls.mobileconfig and b/signed/alibaba-default-tls.mobileconfig differ
diff --git a/signed/blahdns-cdn-adblock-https.mobileconfig b/signed/blahdns-cdn-adblock-https.mobileconfig
index 3cb0534..389eeda 100644
Binary files a/signed/blahdns-cdn-adblock-https.mobileconfig and b/signed/blahdns-cdn-adblock-https.mobileconfig differ
diff --git a/signed/blahdns-cdn-unfiltered-https.mobileconfig b/signed/blahdns-cdn-unfiltered-https.mobileconfig
index 7cf8da5..8a39ffb 100644
Binary files a/signed/blahdns-cdn-unfiltered-https.mobileconfig and b/signed/blahdns-cdn-unfiltered-https.mobileconfig differ
diff --git a/signed/blahdns-germany-https.mobileconfig b/signed/blahdns-germany-https.mobileconfig
index 85e679d..3ef89dc 100644
Binary files a/signed/blahdns-germany-https.mobileconfig and b/signed/blahdns-germany-https.mobileconfig differ
diff --git a/signed/blahdns-singapore-https.mobileconfig b/signed/blahdns-singapore-https.mobileconfig
index d8b8aac..2562901 100644
Binary files a/signed/blahdns-singapore-https.mobileconfig and b/signed/blahdns-singapore-https.mobileconfig differ
diff --git a/signed/canadianshield-family-https.mobileconfig b/signed/canadianshield-family-https.mobileconfig
index 24fd591..f69ebe2 100644
Binary files a/signed/canadianshield-family-https.mobileconfig and b/signed/canadianshield-family-https.mobileconfig differ
diff --git a/signed/canadianshield-family-tls.mobileconfig b/signed/canadianshield-family-tls.mobileconfig
index 3c85725..9e935f9 100644
Binary files a/signed/canadianshield-family-tls.mobileconfig and b/signed/canadianshield-family-tls.mobileconfig differ
diff --git a/signed/canadianshield-private-https.mobileconfig b/signed/canadianshield-private-https.mobileconfig
index b330674..fc0a87c 100644
Binary files a/signed/canadianshield-private-https.mobileconfig and b/signed/canadianshield-private-https.mobileconfig differ
diff --git a/signed/canadianshield-private-tls.mobileconfig b/signed/canadianshield-private-tls.mobileconfig
index 1397147..19cc624 100644
Binary files a/signed/canadianshield-private-tls.mobileconfig and b/signed/canadianshield-private-tls.mobileconfig differ
diff --git a/signed/canadianshield-protected-https.mobileconfig b/signed/canadianshield-protected-https.mobileconfig
index 7095007..b694fc2 100644
Binary files a/signed/canadianshield-protected-https.mobileconfig and b/signed/canadianshield-protected-https.mobileconfig differ
diff --git a/signed/canadianshield-protected-tls.mobileconfig b/signed/canadianshield-protected-tls.mobileconfig
index 23a66e6..bb7d2e0 100644
Binary files a/signed/canadianshield-protected-tls.mobileconfig and b/signed/canadianshield-protected-tls.mobileconfig differ
diff --git a/signed/cleanbrowsing-adult-https.mobileconfig b/signed/cleanbrowsing-adult-https.mobileconfig
index c7895aa..1be22ce 100644
Binary files a/signed/cleanbrowsing-adult-https.mobileconfig and b/signed/cleanbrowsing-adult-https.mobileconfig differ
diff --git a/signed/cleanbrowsing-adult-tls.mobileconfig b/signed/cleanbrowsing-adult-tls.mobileconfig
index 829e430..2a5a296 100644
Binary files a/signed/cleanbrowsing-adult-tls.mobileconfig and b/signed/cleanbrowsing-adult-tls.mobileconfig differ
diff --git a/signed/cleanbrowsing-family-https.mobileconfig b/signed/cleanbrowsing-family-https.mobileconfig
index e92ba0e..15eeb2e 100644
Binary files a/signed/cleanbrowsing-family-https.mobileconfig and b/signed/cleanbrowsing-family-https.mobileconfig differ
diff --git a/signed/cleanbrowsing-family-tls.mobileconfig b/signed/cleanbrowsing-family-tls.mobileconfig
index 1984a2d..fc2c872 100644
Binary files a/signed/cleanbrowsing-family-tls.mobileconfig and b/signed/cleanbrowsing-family-tls.mobileconfig differ
diff --git a/signed/cleanbrowsing-security-https.mobileconfig b/signed/cleanbrowsing-security-https.mobileconfig
index f33fd41..b61c094 100644
Binary files a/signed/cleanbrowsing-security-https.mobileconfig and b/signed/cleanbrowsing-security-https.mobileconfig differ
diff --git a/signed/cleanbrowsing-security-tls.mobileconfig b/signed/cleanbrowsing-security-tls.mobileconfig
index 6f25c13..b608c12 100644
Binary files a/signed/cleanbrowsing-security-tls.mobileconfig and b/signed/cleanbrowsing-security-tls.mobileconfig differ
diff --git a/signed/cloudflare-https.mobileconfig b/signed/cloudflare-default-https.mobileconfig
similarity index 80%
rename from signed/cloudflare-https.mobileconfig
rename to signed/cloudflare-default-https.mobileconfig
index 8bb1dc4..5d9b9d5 100644
Binary files a/signed/cloudflare-https.mobileconfig and b/signed/cloudflare-default-https.mobileconfig differ
diff --git a/signed/cloudflare-tls.mobileconfig b/signed/cloudflare-default-tls.mobileconfig
similarity index 80%
rename from signed/cloudflare-tls.mobileconfig
rename to signed/cloudflare-default-tls.mobileconfig
index 0a06e64..d13f10d 100644
Binary files a/signed/cloudflare-tls.mobileconfig and b/signed/cloudflare-default-tls.mobileconfig differ
diff --git a/signed/cloudflare-family-https.mobileconfig b/signed/cloudflare-family-https.mobileconfig
index b70879c..ba5834c 100644
Binary files a/signed/cloudflare-family-https.mobileconfig and b/signed/cloudflare-family-https.mobileconfig differ
diff --git a/signed/cloudflare-malware-https.mobileconfig b/signed/cloudflare-malware-https.mobileconfig
index ba39d4c..b07898d 100644
Binary files a/signed/cloudflare-malware-https.mobileconfig and b/signed/cloudflare-malware-https.mobileconfig differ
diff --git a/signed/dns4eu-https.mobileconfig b/signed/dns4eu-default-https.mobileconfig
similarity index 84%
rename from signed/dns4eu-https.mobileconfig
rename to signed/dns4eu-default-https.mobileconfig
index 88c3963..708b866 100644
Binary files a/signed/dns4eu-https.mobileconfig and b/signed/dns4eu-default-https.mobileconfig differ
diff --git a/signed/dns4eu-tls.mobileconfig b/signed/dns4eu-default-tls.mobileconfig
similarity index 82%
rename from signed/dns4eu-tls.mobileconfig
rename to signed/dns4eu-default-tls.mobileconfig
index c1c092b..fc272ae 100644
Binary files a/signed/dns4eu-tls.mobileconfig and b/signed/dns4eu-default-tls.mobileconfig differ
diff --git a/signed/dns4eu-malware-https.mobileconfig b/signed/dns4eu-malware-https.mobileconfig
index 38f43d0..db90968 100644
Binary files a/signed/dns4eu-malware-https.mobileconfig and b/signed/dns4eu-malware-https.mobileconfig differ
diff --git a/signed/dns4eu-malware-tls.mobileconfig b/signed/dns4eu-malware-tls.mobileconfig
index 704047c..2eaa348 100644
Binary files a/signed/dns4eu-malware-tls.mobileconfig and b/signed/dns4eu-malware-tls.mobileconfig differ
diff --git a/signed/dns4eu-protective-ads-https.mobileconfig b/signed/dns4eu-protective-ads-https.mobileconfig
index c3f65e3..a60de36 100644
Binary files a/signed/dns4eu-protective-ads-https.mobileconfig and b/signed/dns4eu-protective-ads-https.mobileconfig differ
diff --git a/signed/dns4eu-protective-ads-tls.mobileconfig b/signed/dns4eu-protective-ads-tls.mobileconfig
index 494ea94..67897e6 100644
Binary files a/signed/dns4eu-protective-ads-tls.mobileconfig and b/signed/dns4eu-protective-ads-tls.mobileconfig differ
diff --git a/signed/dns4eu-protective-child-ads-https.mobileconfig b/signed/dns4eu-protective-child-ads-https.mobileconfig
index 88ab30b..feba3e4 100644
Binary files a/signed/dns4eu-protective-child-ads-https.mobileconfig and b/signed/dns4eu-protective-child-ads-https.mobileconfig differ
diff --git a/signed/dns4eu-protective-child-ads-tls.mobileconfig b/signed/dns4eu-protective-child-ads-tls.mobileconfig
index 6720fa4..5bb608e 100644
Binary files a/signed/dns4eu-protective-child-ads-tls.mobileconfig and b/signed/dns4eu-protective-child-ads-tls.mobileconfig differ
diff --git a/signed/dns4eu-protective-child-https.mobileconfig b/signed/dns4eu-protective-child-https.mobileconfig
index 6c0e1da..89ba4eb 100644
Binary files a/signed/dns4eu-protective-child-https.mobileconfig and b/signed/dns4eu-protective-child-https.mobileconfig differ
diff --git a/signed/dns4eu-protective-child-tls.mobileconfig b/signed/dns4eu-protective-child-tls.mobileconfig
index 6787137..867821c 100644
Binary files a/signed/dns4eu-protective-child-tls.mobileconfig and b/signed/dns4eu-protective-child-tls.mobileconfig differ
diff --git a/signed/dnspod-https.mobileconfig b/signed/dnspod-default-https.mobileconfig
similarity index 78%
rename from signed/dnspod-https.mobileconfig
rename to signed/dnspod-default-https.mobileconfig
index 660d8f8..9908d8d 100644
Binary files a/signed/dnspod-https.mobileconfig and b/signed/dnspod-default-https.mobileconfig differ
diff --git a/signed/dnspod-default-tls.mobileconfig b/signed/dnspod-default-tls.mobileconfig
new file mode 100644
index 0000000..7e4f080
Binary files /dev/null and b/signed/dnspod-default-tls.mobileconfig differ
diff --git a/signed/fdn-https.mobileconfig b/signed/fdn-default-https.mobileconfig
similarity index 83%
rename from signed/fdn-https.mobileconfig
rename to signed/fdn-default-https.mobileconfig
index 975cc3b..5d092c5 100644
Binary files a/signed/fdn-https.mobileconfig and b/signed/fdn-default-https.mobileconfig differ
diff --git a/signed/fdn-tls.mobileconfig b/signed/fdn-default-tls.mobileconfig
similarity index 83%
rename from signed/fdn-tls.mobileconfig
rename to signed/fdn-default-tls.mobileconfig
index 420c279..89a2b13 100644
Binary files a/signed/fdn-tls.mobileconfig and b/signed/fdn-default-tls.mobileconfig differ
diff --git a/signed/ffmucdns-https.mobileconfig b/signed/ffmuc-dns-default-https.mobileconfig
similarity index 81%
rename from signed/ffmucdns-https.mobileconfig
rename to signed/ffmuc-dns-default-https.mobileconfig
index a6055f3..ac72745 100644
Binary files a/signed/ffmucdns-https.mobileconfig and b/signed/ffmuc-dns-default-https.mobileconfig differ
diff --git a/signed/ffmucdns-tls.mobileconfig b/signed/ffmuc-dns-default-tls.mobileconfig
similarity index 82%
rename from signed/ffmucdns-tls.mobileconfig
rename to signed/ffmuc-dns-default-tls.mobileconfig
index f7a343d..4e45655 100644
Binary files a/signed/ffmucdns-tls.mobileconfig and b/signed/ffmuc-dns-default-tls.mobileconfig differ
diff --git a/signed/google-https.mobileconfig b/signed/google-default-https.mobileconfig
similarity index 80%
rename from signed/google-https.mobileconfig
rename to signed/google-default-https.mobileconfig
index 59823d7..f4817dd 100644
Binary files a/signed/google-https.mobileconfig and b/signed/google-default-https.mobileconfig differ
diff --git a/signed/google-tls.mobileconfig b/signed/google-default-tls.mobileconfig
similarity index 81%
rename from signed/google-tls.mobileconfig
rename to signed/google-default-tls.mobileconfig
index 2719784..4d091d3 100644
Binary files a/signed/google-tls.mobileconfig and b/signed/google-default-tls.mobileconfig differ
diff --git a/signed/keweondns-https.mobileconfig b/signed/keweondns-default-https.mobileconfig
similarity index 79%
rename from signed/keweondns-https.mobileconfig
rename to signed/keweondns-default-https.mobileconfig
index a753a74..1bea95e 100644
Binary files a/signed/keweondns-https.mobileconfig and b/signed/keweondns-default-https.mobileconfig differ
diff --git a/signed/dnspod-tls.mobileconfig b/signed/keweondns-default-tls.mobileconfig
similarity index 80%
rename from signed/dnspod-tls.mobileconfig
rename to signed/keweondns-default-tls.mobileconfig
index 427903a..f53cf76 100644
Binary files a/signed/dnspod-tls.mobileconfig and b/signed/keweondns-default-tls.mobileconfig differ
diff --git a/signed/keweondns-tls.mobileconfig b/signed/keweondns-tls.mobileconfig
deleted file mode 100644
index ce96e5f..0000000
Binary files a/signed/keweondns-tls.mobileconfig and /dev/null differ
diff --git a/signed/mullvad-adblock-https.mobileconfig b/signed/mullvad-adblock-https.mobileconfig
index 057a553..1de6e14 100644
Binary files a/signed/mullvad-adblock-https.mobileconfig and b/signed/mullvad-adblock-https.mobileconfig differ
diff --git a/signed/mullvad-https.mobileconfig b/signed/mullvad-default-https.mobileconfig
similarity index 80%
rename from signed/mullvad-https.mobileconfig
rename to signed/mullvad-default-https.mobileconfig
index 208236b..2c3a60a 100644
Binary files a/signed/mullvad-https.mobileconfig and b/signed/mullvad-default-https.mobileconfig differ
diff --git a/signed/opendns-https.mobileconfig b/signed/opendns-default-https.mobileconfig
similarity index 80%
rename from signed/opendns-https.mobileconfig
rename to signed/opendns-default-https.mobileconfig
index ec68948..6c3861b 100644
Binary files a/signed/opendns-https.mobileconfig and b/signed/opendns-default-https.mobileconfig differ
diff --git a/signed/opendns-family-https.mobileconfig b/signed/opendns-family-https.mobileconfig
index 35a0820..4550838 100644
Binary files a/signed/opendns-family-https.mobileconfig and b/signed/opendns-family-https.mobileconfig differ
diff --git a/signed/quad9-ECS-https.mobileconfig b/signed/quad9-ECS-https.mobileconfig
index c0c3633..02f65f9 100644
Binary files a/signed/quad9-ECS-https.mobileconfig and b/signed/quad9-ECS-https.mobileconfig differ
diff --git a/signed/quad9-ECS-tls.mobileconfig b/signed/quad9-ECS-tls.mobileconfig
index 625f705..4ffa17b 100644
Binary files a/signed/quad9-ECS-tls.mobileconfig and b/signed/quad9-ECS-tls.mobileconfig differ
diff --git a/signed/quad9-https.mobileconfig b/signed/quad9-default-https.mobileconfig
similarity index 85%
rename from signed/quad9-https.mobileconfig
rename to signed/quad9-default-https.mobileconfig
index 116ea82..9e48a05 100644
Binary files a/signed/quad9-https.mobileconfig and b/signed/quad9-default-https.mobileconfig differ
diff --git a/signed/quad9-tls.mobileconfig b/signed/quad9-default-tls.mobileconfig
similarity index 82%
rename from signed/quad9-tls.mobileconfig
rename to signed/quad9-default-tls.mobileconfig
index 26fd190..0450a7f 100644
Binary files a/signed/quad9-tls.mobileconfig and b/signed/quad9-default-tls.mobileconfig differ
diff --git a/signed/quad9-nofilter-https.mobileconfig b/signed/quad9-nofilter-https.mobileconfig
index 8f31fe8..c9df261 100644
Binary files a/signed/quad9-nofilter-https.mobileconfig and b/signed/quad9-nofilter-https.mobileconfig differ
diff --git a/signed/quad9-nofilter-tls.mobileconfig b/signed/quad9-nofilter-tls.mobileconfig
index 3333efa..bcb8e0f 100644
Binary files a/signed/quad9-nofilter-tls.mobileconfig and b/signed/quad9-nofilter-tls.mobileconfig differ
diff --git a/signed/template-on-demand.mobileconfig b/signed/template-on-demand-default-https.mobileconfig
similarity index 81%
rename from signed/template-on-demand.mobileconfig
rename to signed/template-on-demand-default-https.mobileconfig
index a5af5be..668c71f 100644
Binary files a/signed/template-on-demand.mobileconfig and b/signed/template-on-demand-default-https.mobileconfig differ
diff --git a/signed/tiarapp-https.mobileconfig b/signed/tiarapp-default-https.mobileconfig
similarity index 81%
rename from signed/tiarapp-https.mobileconfig
rename to signed/tiarapp-default-https.mobileconfig
index e21495e..827c09d 100644
Binary files a/signed/tiarapp-https.mobileconfig and b/signed/tiarapp-default-https.mobileconfig differ
diff --git a/signed/tiarapp-tls.mobileconfig b/signed/tiarapp-default-tls.mobileconfig
similarity index 81%
rename from signed/tiarapp-tls.mobileconfig
rename to signed/tiarapp-default-tls.mobileconfig
index 6bf8dba..74c8acd 100644
Binary files a/signed/tiarapp-tls.mobileconfig and b/signed/tiarapp-default-tls.mobileconfig differ
diff --git a/src/00-360.json b/src/00-360.json
index 44f7706..2092795 100644
--- a/src/00-360.json
+++ b/src/00-360.json
@@ -1,10 +1,4 @@
{
- "id": "360-dns",
- "profile": "360-dns-profile",
- "name": "360",
- "website": "https://sdns.360.net/dnsPublic.html",
- "region": "CN",
- "censorship": true,
"names": {
"en": "360 Security DNS",
"cmn-CN": "360 安全 DNS",
@@ -15,13 +9,19 @@
"cmn-CN": "由 360 数字安全集团运营",
"cmn-TW": "由 360 數位安全集團營運"
},
- "ServerAddresses": [
- "101.198.198.198",
- "101.198.199.200"
- ],
- "https": {
- "PayloadDisplayName": "360 Public Security DNS over HTTPS",
- "ServerURLOrName": "https://doh.360.cn/dns-query",
- "signature": "3045022000f1c4afee39b143a5b3193fc849d5b1775488e202ca6dc5ff9ab2e50b6d8bfb022100b19549425ff3a369ed6669f45bf2972bd8fcb85b96ad7013dda53494cc795941"
+ "website": "https://sdns.360.net/dnsPublic.html",
+ "region": "CN",
+ "censorship": true,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "101.198.198.198",
+ "101.198.199.200"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.360.cn/dns-query",
+ "signature": "3045022100cf0b6200ce7979bb818415db139aa97f6b6db8d717379c2ed523e485023a1e330220735fd05cbca306fe688503bec1fb2edcdd4688b8c95fe0e8b0e8e6db173b1de7"
+ }
+ }
}
}
diff --git a/src/01-adguard-default.json b/src/01-adguard-default.json
deleted file mode 100644
index 8e98882..0000000
--- a/src/01-adguard-default.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "id": "adguard-dns-default",
- "profile": "adguard-dns-default-profile",
- "name": "adguard-default",
- "website": "https://adguard-dns.io/kb/general/dns-providers/#default",
- "region": "RU",
- "censorship": true,
- "names": {
- "en": "AdGuard DNS Default",
- "cmn-CN": "AdGuard DNS 默认",
- "cmn-TW": "AdGuard DNS 預設"
- },
- "notes": {
- "en": "Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing",
- "cmn-CN": "由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站",
- "cmn-TW": "由 AdGuard 營運,阻擋廣告、追蹤器和釣魚網站"
- },
- "fullName": "Adguard Default DNS",
- "ServerAddresses": [
- "2a10:50c0::ad1:ff",
- "2a10:50c0::ad2:ff",
- "94.140.14.14",
- "94.140.15.15"
- ],
- "https": {
- "ServerURLOrName": "https://dns.adguard.com/dns-query",
- "PayloadDescription": "Configures device to use Adguard Default Encrypted DNS over HTTPS",
- "signature": "3046022100df21963cb87bd478cd7985c27eff370522620f349febe9bdc7046ca086da0f46022100f752055d9bca317503ef427103087a18aab012b9be057ff7717c6afb97f8c8ae"
- },
- "tls": {
- "ServerURLOrName": "dns.adguard.com",
- "PayloadDescription": "Configures device to use Adguard Default Encrypted DNS over TLS",
- "signature": "3045022100a5245519b88402ab2ee5d2763d7d547515b31eb50bc92ccc338a62b51d7d5dfc0220161eec1a9ea24f2f71c4231a00245704a5f1b67699a976eeb63a3ab20a472abb"
- }
-}
diff --git a/src/01-adguard.json b/src/01-adguard.json
new file mode 100644
index 0000000..174d1de
--- /dev/null
+++ b/src/01-adguard.json
@@ -0,0 +1,96 @@
+{
+ "names": {
+ "en": "AdGuard DNS"
+ },
+ "notes": {
+ "en": "Operated by AdGuard Software Ltd.",
+ "cmn-CN": "由 AdGuard 运营",
+ "cmn-TW": "由 AdGuard 營運"
+ },
+ "website": "https://adguard-dns.io/kb/general/dns-providers/#default",
+ "region": "RU",
+ "censorship": true,
+ "variants": {
+ "default": {
+ "names": {
+ "en": "Default",
+ "cmn-CN": "默认",
+ "cmn-TW": "預設"
+ },
+ "notes": {
+ "en": "Blocks ads, tracking & phishing",
+ "cmn-CN": "拦截广告、跟踪器和钓鱼网站",
+ "cmn-TW": "阻擋廣告、追蹤器和釣魚網站"
+ },
+ "ServerAddresses": [
+ "2a10:50c0::ad1:ff",
+ "2a10:50c0::ad2:ff",
+ "94.140.14.14",
+ "94.140.15.15"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns.adguard.com/dns-query",
+ "signature": "30440220375de2ae941e0cd18808a45a84441afe3bdc4b48546022965796123257afa5eb02201226d86321cc6346d4c404f466fa0fdd42b8e9ef5f893783216cbacc321505fc"
+ },
+ "tls": {
+ "ServerURLOrName": "dns.adguard.com",
+ "signature": "3046022100fa4420993bad29e01ea11240d5df3a5b2d531618e2553797bd7a402790ee663e0221008d90318c0e60b526c0ef231cf0a2b3cdec47e3f2c08c549fceca51ab08065403"
+ }
+ },
+ "family": {
+ "website": "https://adguard-dns.io/kb/general/dns-providers/#family-protection",
+ "names": {
+ "en": "Family Protection",
+ "cmn-CN": "家庭保护",
+ "cmn-TW": "家庭保護"
+ },
+ "notes": {
+ "en": "Blocks `Default` + malware & adult content",
+ "cmn-CN": "除默认规则外,额外拦截恶意软件和成人内容",
+ "cmn-TW": "除預設規則外,額外阻擋惡意軟體和成人內容"
+ },
+ "ServerAddresses": [
+ "2a10:50c0::bad1:ff",
+ "2a10:50c0::bad2:ff",
+ "94.140.14.15",
+ "94.140.15.16"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns-family.adguard.com/dns-query",
+ "signature": "3044022036dfca78ce0f7e24e04f299a96e9b8ce2fa563467c6fcf82cc2cf54be30f372b02206bb26c0740e8c117ad80e722f2a8d5a65bfdacdc967590a516d56e9d03a985af"
+ },
+ "tls": {
+ "ServerURLOrName": "dns-family.adguard.com",
+ "signature": "304502201271423ed65dd0a26d1c77032b80ee70aa692c62363e8ad088b5a89cf1be9405022100a615e2a22ae529891e1c86aff96620944b87afdd5b83e3d9c65e88fa613598be"
+ }
+ },
+ "nofilter": {
+ "website": "https://adguard-dns.io/kb/general/dns-providers/#non-filtering",
+ "names": {
+ "en": "Non-filtering",
+ "cmn-CN": "无过滤",
+ "cmn-TW": "無過濾"
+ },
+ "notes": {
+ "en": "Non-filtering",
+ "cmn-CN": "无过滤",
+ "cmn-TW": "無過濾"
+ },
+ "censorship": false,
+ "ServerAddresses": [
+ "2a10:50c0::1:ff",
+ "2a10:50c0::2:ff",
+ "94.140.14.140",
+ "94.140.14.141"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns-unfiltered.adguard.com/dns-query",
+ "signature": "3045022100ba4b7877563695b68bb3ab7b384a7efcd00cb8c365f0175e181f39f697916f3002203bccc566117ccbc73ff82d8139cbd9b703316d213d17637b4088a4124b99f62c"
+ },
+ "tls": {
+ "ServerURLOrName": "dns-unfiltered.adguard.com",
+ "signature": "304502207d32991b63ececdb6217056c9ce4af7d5a7caa7b540d36665ae0bf57234d2473022100c336269381b09ed2e3d5363a42f4599cc6c23f025a9156e9aae3081358e1e4dc"
+ }
+ }
+ }
+}
diff --git a/src/02-adguard-family.json b/src/02-adguard-family.json
deleted file mode 100644
index 4bd1326..0000000
--- a/src/02-adguard-family.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "id": "adguard-dns-family",
- "profile": "adguard-dns-family-profile",
- "website": "https://adguard-dns.io/kb/general/dns-providers/#family-protection",
- "name": "adguard-family",
- "region": "RU",
- "censorship": true,
- "names": {
- "en": "AdGuard DNS Family Protection",
- "cmn-CN": "AdGuard DNS 家庭保护",
- "cmn-TW": "AdGuard DNS 家庭保護"
- },
- "notes": {
- "en": "Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content",
- "cmn-CN": "由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容",
- "cmn-TW": "由 AdGuard 營運,除預設規則外,額外阻擋惡意軟體和成人內容"
- },
- "fullName": "AdGuard Family Protection DNS",
- "ServerAddresses": [
- "2a10:50c0::bad1:ff",
- "2a10:50c0::bad2:ff",
- "94.140.14.15",
- "94.140.15.16"
- ],
- "https": {
- "ServerURLOrName": "https://dns-family.adguard.com/dns-query",
- "PayloadDescription": "Configures device to use AdGuard Family Protection Encrypted DNS over HTTPS",
- "signature": "3044022074c179bc2590be09075be69de6db9a9aaa7cc767b37b4b5cc78c3e0b2e4b5af8022004054ccf3791385580848d180da5fd4f3f200bbc39dbbc6452a87d1171cd1408"
- },
- "tls": {
- "ServerURLOrName": "dns-family.adguard.com",
- "PayloadDescription": "Configures device to use AdGuard Family Protection Encrypted DNS over TLS",
- "signature": "304502203492132f78e8ba1aac60dadf80b00768dbdf952b9891baa342c6a1ae7be4bd3502210099d752d456f9ff3c6d06795926fd48c896de056e6b9fa5067be3c7d9680e698d"
- }
-}
diff --git a/src/02-alekberg.json b/src/02-alekberg.json
new file mode 100644
index 0000000..96da496
--- /dev/null
+++ b/src/02-alekberg.json
@@ -0,0 +1,28 @@
+{
+ "names": {
+ "en": "Alekberg Encrypted DNS",
+ "cmn-CN": "Alekberg 加密 DNS",
+ "cmn-TW": "Alekberg 加密 DNS"
+ },
+ "notes": {
+ "en": "Independent",
+ "cmn-CN": "由个人提供",
+ "cmn-TW": "由個人提供"
+ },
+ "website": "https://alekberg.net",
+ "region": "NL",
+ "censorship": false,
+ "consent": "Privacy policy: https://alekberg.net/privacy",
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "89.38.131.38",
+ "2a0c:b9c0:f:451d::1"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dnsnl.alekberg.net/dns-query",
+ "signature": "3044022005dac8a915cbafbd1e7eb7a118df0c206335fc4b49ec383b27361f1a3448cf5202205d5210e724aa386b7d28f9dd67471ae0e4df4ddb04d1fd2bf371ab392df206a8"
+ }
+ }
+ }
+}
diff --git a/src/03-adguard-nofilter.json b/src/03-adguard-nofilter.json
deleted file mode 100644
index 3bc2d00..0000000
--- a/src/03-adguard-nofilter.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "id": "adguard-dns-unfiltered",
- "profile": "adguard-dns-unfiltered-profile",
- "website": "https://adguard-dns.io/kb/general/dns-providers/#non-filtering",
- "name": "adguard-nofilter",
- "region": "RU",
- "censorship": false,
- "names": {
- "en": "AdGuard DNS Non-filtering",
- "cmn-CN": "AdGuard DNS 无过滤",
- "cmn-TW": "AdGuard DNS 無過濾"
- },
- "notes": {
- "en": "Operated by AdGuard Software Ltd. Non-filtering",
- "cmn-CN": "由 AdGuard 运营,无过滤",
- "cmn-TW": "由 AdGuard 營運,無過濾"
- },
- "fullName": "Adguard No Filter",
- "ServerAddresses": [
- "2a10:50c0::1:ff",
- "2a10:50c0::2:ff",
- "94.140.14.140",
- "94.140.14.141"
- ],
- "https": {
- "ServerURLOrName": "https://dns-unfiltered.adguard.com/dns-query",
- "PayloadDescription": "Configures device to use Adguard No Filter Encrypted DNS over TLS",
- "signature": "3045022100fdaed8c78e07649e838da505d99f0977c8c4c9acd0bbbbecf850d32b3cf59fbc02202aa3e3f3b8f534404a553067d09e42c3d3c1dc56e564add9aa1f575af66629aa"
- },
- "tls": {
- "ServerURLOrName": "dns-unfiltered.adguard.com",
- "PayloadDescription": "Configures device to use Adguard No Filter Encrypted DNS over TLS",
- "signature": "3045022100a98724a7b116b17a4298420cd6485094dd4ee7f99c205e5be3cdaf8ddb1f89d002202f030d4ab8db9892b4e616d5f40e5f34fc6c820d93dd8a53ba5807feeff2b9cf"
- }
-}
diff --git a/src/03-alibaba.json b/src/03-alibaba.json
new file mode 100644
index 0000000..55fc749
--- /dev/null
+++ b/src/03-alibaba.json
@@ -0,0 +1,33 @@
+{
+ "names": {
+ "en": "Aliyun Public DNS",
+ "cmn-CN": "阿里云公共 DNS",
+ "cmn-TW": "阿里雲公共 DNS"
+ },
+ "notes": {
+ "en": "Operated by Alibaba Cloud Ltd.",
+ "cmn-CN": "由阿里云计算运营",
+ "cmn-TW": "由阿里雲計算營運"
+ },
+ "website": "https://www.alidns.com/",
+ "region": "CN",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2400:3200::1",
+ "2400:3200:baba::1",
+ "223.5.5.5",
+ "223.6.6.6"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns.alidns.com/dns-query",
+ "signature": "3043022006a1f7c364f18b69de9a65ad82cc5647f6ec035a9efb7d84bb16237c656e8ea5021f7a0b048a82d147acfb2726cdc48a9bb5ce0c19b701d0b2dde23baf51b6b073"
+ },
+ "tls": {
+ "ServerURLOrName": "dns.alidns.com",
+ "signature": "3045022017e0041af2292d0f2d1e152faa7ae95902699a9d240350706e2febb7b8ef3fad022100c4686424fd5827bd250bb40964cd18154bc9fb862c5e63fd2e0a79fd1241768e"
+ }
+ }
+ }
+}
diff --git a/src/04-alekberg.json b/src/04-alekberg.json
deleted file mode 100644
index 7606da5..0000000
--- a/src/04-alekberg.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- "id": "alekberg-dns",
- "profile": "alekberg-dns-profile",
- "name": "alekberg",
- "website": "https://alekberg.net",
- "region": "NL",
- "censorship": false,
- "names": {
- "en": "Alekberg Encrypted DNS",
- "cmn-CN": "Alekberg 加密 DNS",
- "cmn-TW": "Alekberg 加密 DNS"
- },
- "notes": {
- "en": "Independent",
- "cmn-CN": "由个人提供",
- "cmn-TW": "由個人提供"
- },
- "ServerAddresses": [
- "89.38.131.38",
- "2a0c:b9c0:f:451d::1"
- ],
- "https": {
- "PayloadDisplayName": "Alekberg DNS over HTTPS (nl)",
- "ServerURLOrName": "https://dnsnl.alekberg.net/dns-query",
- "top": {
- "description": "This profile enables Alekberg DNS over HTTPS located in Amsterdam (DNSSEC enabled) on all networks using the iOS 14 / macOS Big Sur Encrypted DNS feature."
- },
- "ConsentTextDefault": "Privacy policy: https://alekberg.net/privacy",
- "signature": "3046022100e5a8e20dd6836cb41e74aa7a529f1bc6dabaccd0b191cbe09f973815c3d035fd022100a7250b2209274b5e0f54deed17a2d221e33dbe836e4f0cad08e5fa4bf5da20a4"
- }
-}
diff --git a/src/04-blahdns.json b/src/04-blahdns.json
new file mode 100644
index 0000000..e47513d
--- /dev/null
+++ b/src/04-blahdns.json
@@ -0,0 +1,91 @@
+{
+ "names": {
+ "en": "BlahDNS"
+ },
+ "notes": {
+ "en": "Independent.",
+ "cmn-CN": "由个人提供",
+ "cmn-TW": "由個人提供"
+ },
+ "website": "https://blahdns.com/",
+ "region": "US",
+ "censorship": true,
+ "consent": "Privacy policy:\nhttps://blahdns.com",
+ "variants": {
+ "cdn-adblock": {
+ "https": {
+ "ServerURLOrName": "https://doh1.blahdns.com/dns-query",
+ "signature": "3045022100d1197f91d4678bd68cfa78cfd487a37b3783a1e7aedfe6048f835b99d11ff2e902206ab8c2e060feab91f22166e9e874dbfcb9c95c6eadb88440ba95d2b58fd75313"
+ },
+ "names": {
+ "en": "CDN Filtered",
+ "cmn-CN": "CDN 过滤",
+ "cmn-TW": "CDN 過濾"
+ },
+ "notes": {
+ "en": "Blocks ads, tracking & malware",
+ "cmn-CN": "拦截广告、跟踪器和恶意软件",
+ "cmn-TW": "阻擋廣告、追蹤器和惡意軟體"
+ }
+ },
+ "cdn-unfiltered": {
+ "names": {
+ "en": "CDN Unfiltered",
+ "cmn-CN": "CDN 无过滤",
+ "cmn-TW": "CDN 無過濾"
+ },
+ "notes": {
+ "en": "Non-filtering",
+ "cmn-CN": "无过滤",
+ "cmn-TW": "無過濾"
+ },
+ "censorship": false,
+ "https": {
+ "ServerURLOrName": "https://doh1.blahdns.com/uncensor",
+ "signature": "304402203ff18b8ee33567f827fb9fbab11313653e88070f314fa95e40dc1558f39b733702204f9f5b74815023320b5d3e558257fdb135832425b384087e141a4995b8da75d3"
+ }
+ },
+ "germany": {
+ "region": "DE",
+ "names": {
+ "en": "Germany",
+ "cmn-CN": "德国",
+ "cmn-TW": "德國"
+ },
+ "ServerAddresses": [
+ "78.46.244.143",
+ "2a01:4f8:c17:ec67::1"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh-de.blahdns.com/dns-query",
+ "signature": "30460221009f91f2f5b4905134c7e4e0bbcbae1331b0f32283affdd911f33e86760ce2a3e0022100dca0ee0fda0c9ff9c5ec23b255c2bc4f90288a4bfc8b0091007470b7952369a0"
+ },
+ "notes": {
+ "en": "Blocks ads, tracking & malware",
+ "cmn-CN": "拦截广告、跟踪器和恶意软件",
+ "cmn-TW": "阻擋廣告、追蹤器和惡意軟體"
+ }
+ },
+ "singapore": {
+ "region": "SG",
+ "names": {
+ "en": "Singapore",
+ "cmn-CN": "新加坡",
+ "cmn-TW": "新加坡"
+ },
+ "ServerAddresses": [
+ "46.250.226.242",
+ "2407:3640:2205:1668::1"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh-sg.blahdns.com/dns-query",
+ "signature": "304402203afd29c961f211de6ff5b73896bdb7d7d3a9255a6147233df434ac371bf4a75e022053f66d018a48b159212cfb64382b7b0d0def6982a70be6526d8a05b087a3b20c"
+ },
+ "notes": {
+ "en": "Blocks ads, tracking & malware",
+ "cmn-CN": "拦截广告、跟踪器和恶意软件",
+ "cmn-TW": "阻擋廣告、追蹤器和惡意軟體"
+ }
+ }
+ }
+}
diff --git a/src/05-alibaba.json b/src/05-alibaba.json
deleted file mode 100644
index fed05f6..0000000
--- a/src/05-alibaba.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "id": "aliyun-dns",
- "profile": "aliyun-dns-profile",
- "name": "alibaba",
- "website": "https://www.alidns.com/",
- "region": "CN",
- "censorship": false,
- "names": {
- "en": "Aliyun Public DNS",
- "cmn-CN": "阿里云公共 DNS",
- "cmn-TW": "阿里雲公共 DNS"
- },
- "notes": {
- "en": "Operated by Alibaba Cloud Ltd.",
- "cmn-CN": "由阿里云计算运营",
- "cmn-TW": "由阿里雲計算營運"
- },
- "fullName": "AliDNS",
- "ServerAddresses": [
- "2400:3200::1",
- "2400:3200:baba::1",
- "223.5.5.5",
- "223.6.6.6"
- ],
- "https": {
- "topName": "AliDNS over HTTPS",
- "PayloadDisplayName": "AliDNS DNS over HTTPS",
- "ServerURLOrName": "https://dns.alidns.com/dns-query",
- "PayloadDescription": "Configures device to use AliDNS Encrypted DNS over TLS",
- "signature": "304502200170d17180aa1ae7c71775a5c1f79c0b1cf3e4edbf509f6e502a1c391feb1b280221009c90577368953b0025f316cbf40054bcf47c9b57da56d7b812847372746c3427"
- },
- "tls": {
- "topName": "AliDNS over TLS",
- "PayloadDisplayName": "AliDNS DNS over TLS",
- "ServerURLOrName": "dns.alidns.com",
- "PayloadDescription": "Configures device to use AliDNS Encrypted DNS over TLS",
- "signature": "3045022031d3b7452ed4555c68470a9f62c91836aa16dfc1fc615ecf835fb75fba8f3447022100f8081ce3e5c4f1227d9c79da26850ef595833c7133e6dce199d7936fd81c2365"
- }
-}
diff --git a/src/05-canadianshield.json b/src/05-canadianshield.json
new file mode 100644
index 0000000..73d0071
--- /dev/null
+++ b/src/05-canadianshield.json
@@ -0,0 +1,90 @@
+{
+ "names": {
+ "en": "Canadian Shield"
+ },
+ "notes": {
+ "en": "Operated by the Canadian Internet Registration Authority (CIRA)",
+ "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营",
+ "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運"
+ },
+ "website": "https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses",
+ "region": "CA",
+ "censorship": false,
+ "variants": {
+ "private": {
+ "ServerAddresses": [
+ "2620:10a:80bb::10",
+ "2620:10a:80bc::10",
+ "149.112.121.10",
+ "149.112.122.10"
+ ],
+ "https": {
+ "ServerURLOrName": "https://private.canadianshield.cira.ca/dns-query",
+ "signature": "3045022100eb0b5ecf39a8918c17be90210ba5515d385b27777afb75eb28046478016d123f022009c500ab97664e99fe82ab092a39f32518ae812c9661ed0db12d21421bdab829"
+ },
+ "tls": {
+ "ServerURLOrName": "private.canadianshield.cira.ca",
+ "signature": "3045022100e4a9a6f7eddd3db61efa16d68a44351c365bc751fe03974125f9de8c913fbd4102201c79a1826ad9d261a26a553a332ec751dccb09130d0c6983f0fe37c11f912e06"
+ },
+ "names": {
+ "en": "Private",
+ "cmn-CN": "私人",
+ "cmn-TW": "私人"
+ }
+ },
+ "protected": {
+ "names": {
+ "en": "Protected",
+ "cmn-CN": "保护",
+ "cmn-TW": "保護"
+ },
+ "notes": {
+ "en": "Blocks malware & phishing",
+ "cmn-CN": "拦截恶意软件和钓鱼网站",
+ "cmn-TW": "阻擋惡意軟體和釣魚網站"
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2620:10a:80bb::20",
+ "2620:10a:80bc::20",
+ "149.112.121.20",
+ "149.112.122.20"
+ ],
+ "https": {
+ "ServerURLOrName": "https://protected.canadianshield.cira.ca/dns-query",
+ "signature": "304402207ecc88b83c46bb83d3d37b8c0b4150ff66d0839ad1eba739ad25261ffc61a75802200b8ad6da7849f7a1a7d3c5cc635060c6191d9f0a4a7d96fae8367b2c06115e47"
+ },
+ "tls": {
+ "ServerURLOrName": "protected.canadianshield.cira.ca",
+ "signature": "304402206397986a7d3def4e12c25c3414f872a3de1dfd3a72b8e8e75b1e28441775fd9002200b240cbb7ec3b2a563d7304a0b9134e888d2694dc5e2df87c7037721c5b6dd2f"
+ }
+ },
+ "family": {
+ "names": {
+ "en": "Family",
+ "cmn-CN": "家庭",
+ "cmn-TW": "家庭"
+ },
+ "notes": {
+ "en": "Blocks malware, phishing & adult content",
+ "cmn-CN": "拦截恶意软件、钓鱼和成人内容",
+ "cmn-TW": "阻擋惡意軟體、釣魚和成人內容"
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2620:10a:80bb::30",
+ "2620:10a:80bc::30",
+ "149.112.121.30",
+ "149.112.122.30"
+ ],
+ "https": {
+ "ServerURLOrName": "https://family.canadianshield.cira.ca/dns-query",
+ "signature": "3045022070c870743bf71838de470b99667cdec2a804dbe3df7697040571d63272b19e57022100c3e1b42a48421ce522795ed9e79d05ec7fb7d88a697d5f18076e6ef283e0334e"
+ },
+ "tls": {
+ "ServerURLOrName": "family.canadianshield.cira.ca",
+ "signature": "304402202c6e7f0fe6f7362a12ba559771c24068448bca3faf06abd730da8be997e285f20220126d903ec2f98dcecdd46c7db18e5e3950af4b8b1f97868113dec088cb1e1846"
+ }
+ }
+ }
+}
diff --git a/src/06-blahdns-cdn-adblock.json b/src/06-blahdns-cdn-adblock.json
deleted file mode 100644
index 0bc249f..0000000
--- a/src/06-blahdns-cdn-adblock.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
- "id": "blahdns",
- "profile": "blahdns-cdn-filtered-profile",
- "name": "blahdns-cdn-adblock",
- "website": "https://blahdns.com/",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "BlahDNS CDN Filtered",
- "cmn-CN": "BlahDNS CDN 过滤",
- "cmn-TW": "BlahDNS CDN 過濾"
- },
- "notes": {
- "en": "Independent. Blocks ads, tracking & malware",
- "cmn-CN": "由个人提供,拦截广告、跟踪器和恶意软件",
- "cmn-TW": "由個人提供,阻擋廣告、追蹤器和惡意軟體"
- },
- "https": {
- "PayloadDisplayName": "BlahDNS (CDN / Adblock / Primary) DNS over HTTPS",
- "ServerURLOrName": "https://doh1.blahdns.com/dns-query",
- "top": {
- "description": "This profile enables BlahDNS (CDN / Adblock / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature."
- },
- "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com",
- "signature": "3045022038ea35dc1394f6c3664c23dfc2b8a938742bf03b1e4ad57f0b016a1ee26e7082022100d41aec4c912054d51a75533a0bffa18e53966898014834ea6392d8e11e2f5021"
- }
-}
diff --git a/src/06-cleanbrowsing.json b/src/06-cleanbrowsing.json
new file mode 100644
index 0000000..31fdea0
--- /dev/null
+++ b/src/06-cleanbrowsing.json
@@ -0,0 +1,88 @@
+{
+ "names": {
+ "en": "Cleanbrowsing"
+ },
+ "website": "https://cleanbrowsing.org/filters/",
+ "region": "US",
+ "censorship": true,
+ "variants": {
+ "family": {
+ "ServerAddresses": [
+ "2a0d:2a00:1::",
+ "2a0d:2a00:1::",
+ "185.228.169.168",
+ "185.228.168.168"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/family-filter/",
+ "signature": "3045022100e116667db75c84e7c224872a91110dbf175db1e307d13c0cb3fe903aed084ab402203a5addc46dfa935ab72bb2cf1be35ba44463c8358186d3e016e300328eb26ea0"
+ },
+ "tls": {
+ "ServerURLOrName": "family-filter-dns.cleanbrowsing.org",
+ "signature": "3046022100ce3eb2b2a462990326fdea4b6b7c2f771fd22ba2932efae72228c8d16b15f1a50221008d8640146bc45e1231ba3388d1a5f8019054b7454192b7f9825577f42d6cea2d"
+ },
+ "names": {
+ "en": "Family Filter",
+ "cmn-CN": "家庭过滤器",
+ "cmn-TW": "家庭過濾器"
+ },
+ "notes": {
+ "en": "Filters malware & adult, mixed content",
+ "cmn-CN": "过滤恶意软件、成人内容和混合内容",
+ "cmn-TW": "過濾惡意軟體、成人內容和混合內容"
+ }
+ },
+ "adult": {
+ "names": {
+ "en": "Adult Filter",
+ "cmn-CN": "成人过滤器",
+ "cmn-TW": "成人過濾器"
+ },
+ "notes": {
+ "en": "Filters malware & adult content",
+ "cmn-CN": "过滤恶意软件和成人内容",
+ "cmn-TW": "過濾惡意軟體和成人內容"
+ },
+ "ServerAddresses": [
+ "2a0d:2a00:1::1",
+ "2a0d:2a00:2::1",
+ "185.228.169.10",
+ "185.228.168.10"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/adult-filter/",
+ "signature": "304402201bcf2615d755b30a6c2b4e38a0b5f10e31c27ecb911f75931d9445d69890885f022077daa29854203da1ab48d1b52b837f003fc6bf08a5263b86fef07ca59b67c00d"
+ },
+ "tls": {
+ "ServerURLOrName": "adult-filter-dns.cleanbrowsing.org",
+ "signature": "30450221008ca3aa72e34af676d5ff24afe939a9ad5ce08bb695f33b572a7a970c29c2ba88022050909ba8c55dbb6e4eb3c36c24b0fa51a32e8056a46e822cc5618185cf073dc6"
+ }
+ },
+ "security": {
+ "names": {
+ "en": "Security Filter",
+ "cmn-CN": "安全过滤器",
+ "cmn-TW": "安全過濾器"
+ },
+ "notes": {
+ "en": "Filters malware",
+ "cmn-CN": "过滤恶意软件",
+ "cmn-TW": "過濾惡意軟體"
+ },
+ "ServerAddresses": [
+ "2a0d:2a00:1::2",
+ "2a0d:2a00:2::2",
+ "185.228.168.9",
+ "185.228.169.9"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/security-filter/",
+ "signature": "3046022100aff11ce818e66df55d4b59761c7714d23f1dc37d848f7a9e9d9135844ba5e2f8022100ac8cd28cccac15fbd7c9ef6a647200fbdde5aee299bd2ab8f11edc5127c20b38"
+ },
+ "tls": {
+ "ServerURLOrName": "security-filter-dns.cleanbrowsing.org",
+ "signature": "3045022100e746604c4b341d9563f14fc87658157e16737909e9836d6e748eeeb1ce5ee3db022053320f489c7d148a70356d0778086e4cb3d3bcefbbcf5b6f7d6a18ad741edb85"
+ }
+ }
+ }
+}
diff --git a/src/07-blahdns-cdn-unfiltered.json b/src/07-blahdns-cdn-unfiltered.json
deleted file mode 100644
index a14f062..0000000
--- a/src/07-blahdns-cdn-unfiltered.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- "id": "blahdns",
- "profile": "blahdns-cdn-unfiltered-profile",
- "name": "blahdns-cdn-unfiltered",
- "region": "US",
- "censorship": false,
- "names": {
- "en": "BlahDNS CDN Unfiltered",
- "cmn-CN": "BlahDNS CDN 无过滤",
- "cmn-TW": "BlahDNS CDN 無過濾"
- },
- "notes": {
- "en": "Independent. Non-filtering",
- "cmn-CN": "由个人提供,无过滤",
- "cmn-TW": "由個人提供,無過濾"
- },
- "https": {
- "PayloadDisplayName": "BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS",
- "ServerURLOrName": "https://doh1.blahdns.com/uncensor",
- "top": {
- "description": "This profile enables BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature."
- },
- "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com",
- "signature": "3046022100e7d9c2efa6e913f79fa26f324c95e06c855111ec723fd651f7f7b6ca1a0ab88b022100c78ee5cb36042c74068754fd00bfb0b1731fda08159dd672f824ba45e3b92b30"
- }
-}
diff --git a/src/07-cloudflare.json b/src/07-cloudflare.json
new file mode 100644
index 0000000..b6f41c5
--- /dev/null
+++ b/src/07-cloudflare.json
@@ -0,0 +1,78 @@
+{
+ "names": {
+ "en": "Cloudflare 1.1.1.1"
+ },
+ "notes": {
+ "en": "Operated by Cloudflare Inc.",
+ "cmn-CN": "由 Cloudflare 公司运营",
+ "cmn-TW": "由 Cloudflare 公司營運"
+ },
+ "website": "https://developers.cloudflare.com/1.1.1.1/encryption/",
+ "region": "US",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2606:4700:4700::1111",
+ "2606:4700:4700::1001",
+ "1.1.1.1",
+ "1.0.0.1"
+ ],
+ "https": {
+ "ServerURLOrName": "https://cloudflare-dns.com/dns-query",
+ "signature": "3046022100a02a5c33109ca27befc04ef356f2cf6bf108be7a90063ee58263f126e8de59bc022100fe97730bb1fc44d4995e201a0bbfc725d551cee28a4b44aa1292ce019a40f886"
+ },
+ "tls": {
+ "ServerURLOrName": "one.one.one.one",
+ "signature": "304402206bc315756e6167b9cddb2af35283b366e92a52dd972d8c6f231d53a143bcaeff022038325f16dda82a4e3539fb8da458c2d2f37f0b2bfd6e44120db039faf8c97f3c"
+ }
+ },
+ "malware": {
+ "names": {
+ "en": "Security",
+ "cmn-CN": "安全",
+ "cmn-TW": "安全"
+ },
+ "notes": {
+ "en": "Blocks malware & phishing",
+ "cmn-CN": "拦截恶意软件和钓鱼网站",
+ "cmn-TW": "阻擋惡意軟體和釣魚網站"
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2606:4700:4700::1112",
+ "2606:4700:4700::1002",
+ "1.1.1.2",
+ "1.0.0.2"
+ ],
+ "https": {
+ "ServerURLOrName": "https://security.cloudflare-dns.com/dns-query",
+ "signature": "304502206319ac3ea232414c6acffd2771a27b854e01c18b4a9f0b469d91b7f3dacc72a2022100fdd25c7b3565991e559b465a9c1ae088ab3fa2937be1cc7ad90dfca539e7034c"
+ }
+ },
+ "family": {
+ "website": "https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families",
+ "names": {
+ "en": "Family",
+ "cmn-CN": "家庭",
+ "cmn-TW": "家庭"
+ },
+ "notes": {
+ "en": "Blocks malware, phishing & adult content",
+ "cmn-CN": "拦截恶意软件、钓鱼和成人内容",
+ "cmn-TW": "阻擋惡意軟體、釣魚和成人內容"
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2606:4700:4700::1113",
+ "2606:4700:4700::1003",
+ "1.1.1.3",
+ "1.0.0.3"
+ ],
+ "https": {
+ "ServerURLOrName": "https://family.cloudflare-dns.com/dns-query",
+ "signature": "30450220020714ea5d23a024b1f021ade296da07e9f1b165df402938c571999d5e9e72eb02210094f10b12d8746caf66486e7dec454767d6fb58283b4914ae1607edc5b93abe54"
+ }
+ }
+ }
+}
diff --git a/src/08-blahdns-germany.json b/src/08-blahdns-germany.json
deleted file mode 100644
index ca4b301..0000000
--- a/src/08-blahdns-germany.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "id": "blahdns",
- "profile": "blahdns-germany-profile",
- "name": "blahdns-germany",
- "region": "DE",
- "censorship": true,
- "names": {
- "en": "BlahDNS Germany",
- "cmn-CN": "BlahDNS 德国",
- "cmn-TW": "BlahDNS 德國"
- },
- "notes": {
- "en": "Independent. Blocks ads, tracking & malware",
- "cmn-CN": "由个人提供,拦截广告、跟踪器和恶意软件",
- "cmn-TW": "由個人提供,阻擋廣告、追蹤器和惡意軟體"
- },
- "ServerAddresses": [
- "78.46.244.143",
- "2a01:4f8:c17:ec67::1"
- ],
- "https": {
- "PayloadDisplayName": "BlahDNS (Germany) DNS over HTTPS",
- "ServerURLOrName": "https://doh-de.blahdns.com/dns-query",
- "top": {
- "description": "This profile enables BlahDNS (Germany) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature."
- },
- "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com",
- "signature": "3045022100ad5a23f54ee2f57f8719b2958057029defac0c4a80bad51e93676f1b4c18f34302205c7ed04674652ccce814fc31b459bda8197c9c16c60c73d4fb2a7eefac1b860c"
- }
-}
diff --git a/src/08-dns4eu.json b/src/08-dns4eu.json
new file mode 100644
index 0000000..cdac242
--- /dev/null
+++ b/src/08-dns4eu.json
@@ -0,0 +1,122 @@
+{
+ "names": {
+ "en": "DNS4EU"
+ },
+ "notes": {
+ "en": "Operated by a consortium lead by Whalebone."
+ },
+ "website": "https://www.joindns4.eu/for-public",
+ "region": "CZ",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2a13:1001::86:54:11:100",
+ "2a13:1001::86:54:11:200",
+ "86.54.11.100",
+ "86.54.11.200"
+ ],
+ "https": {
+ "ServerURLOrName": "https://unfiltered.joindns4.eu/dns-query",
+ "signature": "3046022100aa46d30c0b2cb4c6f1d6a70bc5c8bd34cb4db765035eb322e065f84844bc7cef022100d94354875d46e9fadf7143b851323f9582c2426d78b264abb662aad1f92315d7"
+ },
+ "tls": {
+ "ServerURLOrName": "unfiltered.joindns4.eu",
+ "signature": "3045022100a55d8e2d7f9fca9bbcb61dc18b8bad6faebc4550481c6ebdfcb01c8b3a66b1af022067f8972c113c21e50954bda40ef916481d667f7a7a68c7e42d4aa71c3a6cbfa0"
+ },
+ "names": {}
+ },
+ "malware": {
+ "names": {
+ "en": "Protective"
+ },
+ "notes": {
+ "en": "Blocks Malware."
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2a13:1001::86:54:11:1",
+ "2a13:1001::86:54:11:201",
+ "86.54.11.1",
+ "86.54.11.201"
+ ],
+ "https": {
+ "ServerURLOrName": "https://protective.joindns4.eu/dns-query",
+ "signature": "304402200e1eb6214b3ce181603a4d0c6e3577412e78944e69e19cf6939c56d5c860f7d10220461e4700ac321a2ffab3b8c13dc65c6185ace5839c6c5c81cbdcdbc9a1a7a4c0"
+ },
+ "tls": {
+ "ServerURLOrName": "protective.joindns4.eu",
+ "signature": "3044022034b10d802760a49b0d6772c3914430b2af653605cc43b2939ce5b2f9fd21df2002206ea5b55414a5f015cc1c9cad0e72b2a4fbca41a0650e2c5e4b965a8436e978dc"
+ }
+ },
+ "protective-ads": {
+ "names": {
+ "en": "Protective ad-blocking"
+ },
+ "notes": {
+ "en": "Blocks Malware and Ads"
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2a13:1001::86:54:11:13",
+ "2a13:1001::86:54:11:213",
+ "86.54.11.13",
+ "86.54.11.213"
+ ],
+ "https": {
+ "ServerURLOrName": "https://noads.joindns4.eu/dns-query",
+ "signature": "3045022100c8ae72adf5b3bd0e61f0abf4497c88ff58d2de78eee33c1ca39bbbb5ed4953cb02204c0664b2b1355ca588cdccbfbf99e2957160f84d6664d2f166b6ac6a7aed9a91"
+ },
+ "tls": {
+ "ServerURLOrName": "noads.joindns4.eu",
+ "signature": "3045022100cb38254dfebf0791401d7d0ab155bc888f0c9e974080753f9f5e71ebcda0ea8702204b8b6315430e6ca4e7ee62ac79d21469ae0affdead708bf7c1b901e0b9f97d8c"
+ }
+ },
+ "protective-child": {
+ "names": {
+ "en": "Protective with child protection"
+ },
+ "notes": {
+ "en": "Blocks malware and explicit content."
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2a13:1001::86:54:11:12",
+ "2a13:1001::86:54:11:212",
+ "86.54.11.12",
+ "86.54.11.212"
+ ],
+ "https": {
+ "ServerURLOrName": "https://child.joindns4.eu/dns-query",
+ "signature": "304402201a899df9a468bb7d057316b65988520ca6b5f2007cc337f011990f68b91664b002207c64bc19b6f58d913d6dc701e7f034fa8dd1594b5f79794388637fe85d168bb3"
+ },
+ "tls": {
+ "ServerURLOrName": "child.joindns4.eu",
+ "signature": "30450220294497a83786624a1b24102b61de64b65701dd243e1aef5b3386d0836b9cf8e2022100c550c6824e2a027f01779db87bf07be2676710611b29e9be96f89733a13250c3"
+ }
+ },
+ "protective-child-ads": {
+ "names": {
+ "en": "Protective with child protection & ad-blocking"
+ },
+ "notes": {
+ "en": "Blocks Malware, Ads and explicit content"
+ },
+ "censorship": true,
+ "ServerAddresses": [
+ "2a13:1001::86:54:11:11",
+ "2a13:1001::86:54:11:211",
+ "86.54.11.11",
+ "86.54.11.211"
+ ],
+ "https": {
+ "ServerURLOrName": "https://child-noads.joindns4.eu/dns-query",
+ "signature": "30450220340142a0729934a351de8f6948ffa57c133549a2da78198ac422ff906f4e42b4022100a1b7dbe86dec0e7644c3c161bffda3b7d32de43b46180d42a92f0e30c6f3d82c"
+ },
+ "tls": {
+ "ServerURLOrName": "child-noads.joindns4.eu",
+ "signature": "304502210097d5ea662df171fab1ccce018539162c955aa56c5973072d7798664531d38f6902201883387630877a5091fdeb28cb9f2ac9bb0ce075098dfde2d378886af7383f71"
+ }
+ }
+ }
+}
diff --git a/src/09-blahdns-singapore.json b/src/09-blahdns-singapore.json
deleted file mode 100644
index 8c443aa..0000000
--- a/src/09-blahdns-singapore.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "id": "blahdns",
- "profile": "blahdns-singapore-profile",
- "name": "blahdns-singapore",
- "region": "SG",
- "censorship": true,
- "names": {
- "en": "BlahDNS Singapore",
- "cmn-CN": "BlahDNS 新加坡",
- "cmn-TW": "BlahDNS 新加坡"
- },
- "notes": {
- "en": "Independent. Blocks ads, tracking & malware",
- "cmn-CN": "由个人提供,拦截广告、跟踪器和恶意软件",
- "cmn-TW": "由個人提供,阻擋廣告、追蹤器和惡意軟體"
- },
- "ServerAddresses": [
- "46.250.226.242",
- "2407:3640:2205:1668::1"
- ],
- "https": {
- "PayloadDisplayName": "BlahDNS (Singapore) DNS over HTTPS",
- "ServerURLOrName": "https://doh-sg.blahdns.com/dns-query",
- "top": {
- "description": "This profile enables BlahDNS (Singapore) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature."
- },
- "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com",
- "signature": "30440220037e9ef25dfd24ff0ae65fcb2d52f2579054720d38b74c7463fe54f91dcdb451022065280f3dcffc75ec3d01fe12297355018c00ba6185a6b701a4dbe92c898d8717"
- }
-}
diff --git a/src/09-dnspod.json b/src/09-dnspod.json
new file mode 100644
index 0000000..e8f24b9
--- /dev/null
+++ b/src/09-dnspod.json
@@ -0,0 +1,31 @@
+{
+ "names": {
+ "en": "DNSPod Public DNS",
+ "cmn-CN": "DNSPod 公共 DNS",
+ "cmn-TW": "DNSPod 公共 DNS"
+ },
+ "notes": {
+ "en": "Operated by DNSPod Inc., a Tencent Cloud Company",
+ "cmn-CN": "由腾讯公司 DNSPod 运营",
+ "cmn-TW": "由騰訊公司 DNSPod 營運"
+ },
+ "website": "https://www.dnspod.com/products/public.dns",
+ "region": "CN",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "1.12.12.12",
+ "120.53.53.53"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.pub/dns-query",
+ "signature": "3046022100a1e11d6e6bd66005a345d35d87256ca7f4148996b15908f5bf9e7c8d368a9a1002210085f5dc0214602e8d53af50d3cdafac9068b9c5f16f1638095a929b830d09f655"
+ },
+ "tls": {
+ "ServerURLOrName": "dot.pub",
+ "signature": "3046022100eb47e3b0933d906768b49b77051f77392bb221850ddaf1b394e3af7a0830cba0022100ba015a8c9ab990afa499b93b9d63984d0e5e0c74ebaca84befa976c35cd938a3"
+ }
+ }
+ }
+}
diff --git a/src/10-canadianshield-private.json b/src/10-canadianshield-private.json
deleted file mode 100644
index f53e09c..0000000
--- a/src/10-canadianshield-private.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "id": "canadian-shield",
- "profile": "canadian-shield-private-profile",
- "name": "canadianshield-private",
- "website": "https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses",
- "region": "CA",
- "censorship": false,
- "names": {
- "en": "Canadian Shield Private",
- "cmn-CN": "Canadian Shield 私人",
- "cmn-TW": "Canadian Shield 私人"
- },
- "notes": {
- "en": "Operated by the Canadian Internet Registration Authority (CIRA)",
- "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营",
- "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運"
- },
- "fullName": "Canadian Shield DNS",
- "ServerAddresses": [
- "2620:10a:80bb::10",
- "2620:10a:80bc::10",
- "149.112.121.10",
- "149.112.122.10"
- ],
- "https": {
- "ServerURLOrName": "https://private.canadianshield.cira.ca/dns-query",
- "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over HTTPS",
- "signature": "3045022064d30f7786ac873e3124e4242c096f6c5ac09df6cbbe1e41a57e2da3909a9bdd022100feb8b7af5749d0641c221bda13b18efb6c4972788c0941c627a78f62f7ed00c4"
- },
- "tls": {
- "ServerURLOrName": "private.canadianshield.cira.ca",
- "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over TLS",
- "signature": "3045022100ccd427a95a8cf6a36759d7c3bed8971cbd307dbe2ddce55f5106a801577f269902203091115303e173af130b74424bed413b9a240a037e8d47a558d3414fae7d88ed"
- }
-}
diff --git a/src/10-fdn.json b/src/10-fdn.json
new file mode 100644
index 0000000..515ea6a
--- /dev/null
+++ b/src/10-fdn.json
@@ -0,0 +1,31 @@
+{
+ "names": {
+ "en": "FDN"
+ },
+ "notes": {
+ "en": "Operated by French Data Network",
+ "cmn-CN": "由法国数据网络运营",
+ "cmn-TW": "由法國資料網路營運"
+ },
+ "website": "https://www.fdn.fr/actions/dns/",
+ "region": "FR",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2001:910:800::12",
+ "2001:910:800::40",
+ "80.67.169.12",
+ "80.67.169.40"
+ ],
+ "https": {
+ "ServerURLOrName": "https://ns0.fdn.fr/dns-query",
+ "signature": "3045022100fe76e468888071eacb8bf94a1afb14ce152965c5f2bca0052c1493ccbb36d037022031bc9a1b508519f7827e0ee3903799dea0f5983b81bd3cea3d8e8bd2997a3da7"
+ },
+ "tls": {
+ "ServerURLOrName": "dns.fdn",
+ "signature": "3044022066e68e444d5c97c4ae03ed5b02790acce9dc156103d28e1299b7e51bef53f8a7022027805e23cc2abd2ac41b000399af91770713e8cd202b5dd44cfe8248f8f7b93f"
+ }
+ }
+ }
+}
diff --git a/src/11-canadianshield-protected.json b/src/11-canadianshield-protected.json
deleted file mode 100644
index c1742f5..0000000
--- a/src/11-canadianshield-protected.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id": "canadian-shield",
- "profile": "canadian-shield-protected-profile",
- "name": "canadianshield-protected",
- "region": "CA",
- "censorship": true,
- "names": {
- "en": "Canadian Shield Protected",
- "cmn-CN": "Canadian Shield 保护",
- "cmn-TW": "Canadian Shield 保護"
- },
- "notes": {
- "en": "Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing",
- "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件和钓鱼网站",
- "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體和釣魚網站"
- },
- "fullName": "Canadian Shield DNS",
- "ServerAddresses": [
- "2620:10a:80bb::20",
- "2620:10a:80bc::20",
- "149.112.121.20",
- "149.112.122.20"
- ],
- "https": {
- "ServerURLOrName": "https://protected.canadianshield.cira.ca/dns-query",
- "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over HTTPS",
- "signature": "3046022100ea3e2a32c9388934fadf4c2fa85a8fb7cda2e8b7c74d28d100bcd55cd6e7fdca022100d7534b66709250534837170435099564cd2171b1a2a6417eba4b0780306a0067"
- },
- "tls": {
- "ServerURLOrName": "protected.canadianshield.cira.ca",
- "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over TLS",
- "signature": "304402207fba8c60ec07e86af9f0a4af52824cf0f8b49e60ee08bd4fa11f6c3bb1d5f4ea02206749502bb42c7b0f0820902665b0e9277300ef673c8ffe54ee5b9dfec1debb73"
- }
-}
diff --git a/src/11-ffmuc-dns.json b/src/11-ffmuc-dns.json
new file mode 100644
index 0000000..324d542
--- /dev/null
+++ b/src/11-ffmuc-dns.json
@@ -0,0 +1,29 @@
+{
+ "names": {
+ "en": "FFMUC-DNS"
+ },
+ "notes": {
+ "en": "FFMUC free DNS servers provided by Freifunk München."
+ },
+ "website": "https://ffmuc.net/wiki/knb:dohdot_en",
+ "region": "DE",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2001:678:e68:f000::",
+ "2001:678:ed0:f000::",
+ "5.1.66.255",
+ "185.150.99.255"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.ffmuc.net/dns-query",
+ "signature": "3046022100bbbec5ffdcdaa53daa9ddc6907722684fa3307a23e73ce30ea3e9554d737e8a9022100e7bbcffe01d4258ed26710a5b37d88b45390848051f28d5e8f7fbef70de27988"
+ },
+ "tls": {
+ "ServerURLOrName": "dot.ffmuc.net",
+ "signature": "3046022100f68f3d200f876fd907021662cf128eb7d2029796b2af310e1bae226ed3c8fd82022100dc2fd434129265ae4f44e6747ec2074288147fddd49ad07eb42c54c2fc448ba3"
+ }
+ }
+ }
+}
diff --git a/src/12-canadianshield-family.json b/src/12-canadianshield-family.json
deleted file mode 100644
index 9637324..0000000
--- a/src/12-canadianshield-family.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id": "canadian-shield",
- "profile": "canadian-shield-family-profile",
- "name": "canadianshield-family",
- "region": "CA",
- "censorship": true,
- "names": {
- "en": "Canadian Shield Family",
- "cmn-CN": "Canadian Shield 家庭",
- "cmn-TW": "Canadian Shield 家庭"
- },
- "notes": {
- "en": "Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content",
- "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件、钓鱼和成人内容",
- "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體、釣魚和成人內容"
- },
- "fullName": "Canadian Shield DNS",
- "ServerAddresses": [
- "2620:10a:80bb::30",
- "2620:10a:80bc::30",
- "149.112.121.30",
- "149.112.122.30"
- ],
- "https": {
- "ServerURLOrName": "https://family.canadianshield.cira.ca/dns-query",
- "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over HTTPS",
- "signature": "3045022100e438440001c1efd68be7986f050e6b0376c982b6ea5948d1f4266839801628920220271416bfb37f6e0f9257648eb35a17c54059e60812d6e0c543921b47f7cc086e"
- },
- "tls": {
- "ServerURLOrName": "family.canadianshield.cira.ca",
- "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over TLS",
- "signature": "30450220273eb0f462105c04ce400559be7e5334139ee5791ec1295ff531adbecd633295022100ceb65d82f23c206098ba9d9d6637fd5368280f51d5801a42e6e909347ab3e238"
- }
-}
diff --git a/src/12-google.json b/src/12-google.json
new file mode 100644
index 0000000..9739a52
--- /dev/null
+++ b/src/12-google.json
@@ -0,0 +1,33 @@
+{
+ "names": {
+ "en": "Google Public DNS",
+ "cmn-CN": "Google 公共 DNS",
+ "cmn-TW": "Google 公共 DNS"
+ },
+ "notes": {
+ "en": "Operated by Google LLC",
+ "cmn-CN": "由谷歌公司运营",
+ "cmn-TW": "由谷歌公司營運"
+ },
+ "website": "https://developers.google.com/speed/public-dns/docs/secure-transports",
+ "region": "US",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2001:4860:4860::8888",
+ "2001:4860:4860::8844",
+ "8.8.8.8",
+ "8.8.4.4"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns.google/dns-query",
+ "signature": "30450220082db0be790fa00a8cec06c0d0f5df87bf84fd230014c49cad59d33df892e91c022100ea911e0f6bd8890095cc67c3ba19e9e83c661152841581f7e6012a2af17faa7a"
+ },
+ "tls": {
+ "ServerURLOrName": "dns.google",
+ "signature": "304402205e3224a88b1729aa91a9bfeaf3a6290f365449c8153e55f6a989e2a97ce91ae202206528f35e0fde9278bd2e01fb32f0c8bccb7ebf999e951f2ae042e1054299c5b0"
+ }
+ }
+ }
+}
diff --git a/src/13-cleanbrowsing-family.json b/src/13-cleanbrowsing-family.json
deleted file mode 100644
index fa067ac..0000000
--- a/src/13-cleanbrowsing-family.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
- "id": "cleanbrowsing",
- "profile": "cleanbrowsing-family",
- "name": "cleanbrowsing-family",
- "website": "https://cleanbrowsing.org/filters/",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "Cleanbrowsing Family Filter",
- "cmn-CN": "Cleanbrowsing 家庭过滤器",
- "cmn-TW": "Cleanbrowsing 家庭過濾器"
- },
- "notes": {
- "en": "Filters malware & adult, mixed content",
- "cmn-CN": "过滤恶意软件、成人内容和混合内容",
- "cmn-TW": "過濾惡意軟體、成人內容和混合內容"
- },
- "fullName": "Cleanbrowsing Family Filter DNS",
- "ServerAddresses": [
- "2a0d:2a00:1::",
- "2a0d:2a00:1::",
- "185.228.169.168",
- "185.228.168.168"
- ],
- "https": {
- "topName": "Cleanbrowsing Family DNS over HTTPS",
- "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/family-filter/",
- "PayloadDescription": "Configures device to use Cleanbrowsing Family Filter Encrypted DNS over HTTPS",
- "signature": "30460221009a8b3e836dcd59615a032bcdb5457c130d60de00a35e0a977ac4c00384c7c1e6022100aaf0bd19f4c8a525e12b2563f1a5482837bb9466b85e2584db607756d3a6a76c"
- },
- "tls": {
- "topName": "Cleanbrowsing Family DNS over TLS",
- "ServerURLOrName": "family-filter-dns.cleanbrowsing.org",
- "PayloadDescription": "Configures device to use Cleanbrowsing Family Filter Encrypted DNS over TLS",
- "signature": "30460221009d4ac8509bec6151edb7ba73a010f4821d1fea2d088a42c8bc927db82d2d0364022100bc688d2f963000e6dcaadfabc996ce9d6f3e74fc885b7dc5b924eaef8224409e"
- }
-}
diff --git a/src/13-keweondns.json b/src/13-keweondns.json
new file mode 100644
index 0000000..9f2fe6f
--- /dev/null
+++ b/src/13-keweondns.json
@@ -0,0 +1,25 @@
+{
+ "names": {
+ "en": "keweonDNS"
+ },
+ "notes": {
+ "en": "Operated by Aviontex. Blocks ads & tracking",
+ "cmn-CN": "由 Aviontex 运营,拦截广告和跟踪器",
+ "cmn-TW": "由 Aviontex 營運,阻擋廣告和追蹤器"
+ },
+ "website": "https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/",
+ "region": "DE",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "https": {
+ "ServerURLOrName": "https://dns.keweon.center/dns-query",
+ "signature": "304502202c1c48d486f50b90ac7570bcd562058e769c9569e34de87f75b696134fd209a302210089988f94bb6f708855f2a267ff60583bc1e46cecdc4d3005cd37d428786e7404"
+ },
+ "tls": {
+ "ServerURLOrName": "dns.keweon.center",
+ "signature": "3045022100933322f8ae95f6f5f096f5dcf63988b2c2d16de787f65d44a82f1406f391e24502203fac2ca76ba7f05c2f6132a33da47c73ea13ec849943cf6a46982a3b2bf3770c"
+ }
+ }
+ }
+}
diff --git a/src/14-cleanbrowsing-adult.json b/src/14-cleanbrowsing-adult.json
deleted file mode 100644
index 6cba483..0000000
--- a/src/14-cleanbrowsing-adult.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "id": "cleanbrowsing",
- "profile": "cleanbrowsing-adult",
- "name": "cleanbrowsing-adult",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "Cleanbrowsing Adult Filter",
- "cmn-CN": "Cleanbrowsing 成人过滤器",
- "cmn-TW": "Cleanbrowsing 成人過濾器"
- },
- "notes": {
- "en": "Filters malware & adult content",
- "cmn-CN": "过滤恶意软件和成人内容",
- "cmn-TW": "過濾惡意軟體和成人內容"
- },
- "fullName": "Cleanbrowsing Adult Filter DNS",
- "ServerAddresses": [
- "2a0d:2a00:1::1",
- "2a0d:2a00:2::1",
- "185.228.169.10",
- "185.228.168.10"
- ],
- "https": {
- "topName": "Cleanbrowsing Adult DNS over HTTPS",
- "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/adult-filter/",
- "PayloadDescription": "Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over HTTPS",
- "signature": "3044022011d99bf0bb586c483fa9ecb306cd5b70b62d811343e11dac856b390c7ffe70c90220086270a6f6940113a50bacae42b4c346bc705b414afc661c75b33f6b17a302c1"
- },
- "tls": {
- "topName": "Cleanbrowsing Adult DNS over TLS",
- "ServerURLOrName": "adult-filter-dns.cleanbrowsing.org",
- "PayloadDescription": "Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over TLS",
- "signature": "3046022100e42eb790e146e86a486b5c2758e8a76afe45d5ec60244d916df5a28540ceda57022100dd2408dc83df7975e1f163346e1201169f0386336d87149062fa3e8fd16799b7"
- }
-}
diff --git a/src/14-mullvad.json b/src/14-mullvad.json
new file mode 100644
index 0000000..fa57420
--- /dev/null
+++ b/src/14-mullvad.json
@@ -0,0 +1,45 @@
+{
+ "names": {
+ "en": "Mullvad DNS"
+ },
+ "notes": {
+ "en": "Operated by Mullvad VPN AB",
+ "cmn-CN": "由 Mullvad VPN AB 运营",
+ "cmn-TW": "由 Mullvad VPN AB 營運"
+ },
+ "website": "https://mullvad.net/help/dns-over-https-and-dns-over-tls/",
+ "region": "SE",
+ "censorship": true,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2a07:e340::2",
+ "194.242.2.2"
+ ],
+ "https": {
+ "ServerURLOrName": "https://doh.mullvad.net/dns-query",
+ "signature": "30450221008d2902dbedd10d4753813ebd0405eb84e3ddb96eb397c3d9a55b788136c191870220600f18d6807ca534b07a75f8b1760c5d7d2de232fb1dc62d4f915039fbcc6c3a"
+ }
+ },
+ "adblock": {
+ "names": {
+ "en": "Adblock",
+ "cmn-CN": "广告拦截",
+ "cmn-TW": "廣告阻擋"
+ },
+ "notes": {
+ "en": "Blocks ads & tracking",
+ "cmn-CN": "拦截广告和跟踪器",
+ "cmn-TW": "阻擋廣告和追蹤器"
+ },
+ "ServerAddresses": [
+ "2a07:e340::3",
+ "194.242.2.3"
+ ],
+ "https": {
+ "ServerURLOrName": "https://adblock.doh.mullvad.net/dns-query",
+ "signature": "304502205e6b97282de3fe8fb42f0a478d9bedbf574776588f7e361cff4ec591c153d367022100bca9c8fc1ff319f8010c7d7fb3e131b767568e9d6b42cd0e91a0980e13705f2e"
+ }
+ }
+ }
+}
diff --git a/src/15-cleanbrowsing-security.json b/src/15-cleanbrowsing-security.json
deleted file mode 100644
index 757f012..0000000
--- a/src/15-cleanbrowsing-security.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "id": "cleanbrowsing",
- "profile": "cleanbrowsing-security",
- "name": "cleanbrowsing-security",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "Cleanbrowsing Security Filter",
- "cmn-CN": "Cleanbrowsing 安全过滤器",
- "cmn-TW": "Cleanbrowsing 安全過濾器"
- },
- "notes": {
- "en": "Filters malware",
- "cmn-CN": "过滤恶意软件",
- "cmn-TW": "過濾惡意軟體"
- },
- "fullName": "Cleanbrowsing Security Filter DNS",
- "ServerAddresses": [
- "2a0d:2a00:1::2",
- "2a0d:2a00:2::2",
- "185.228.168.9",
- "185.228.169.9"
- ],
- "https": {
- "topName": "Cleanbrowsing Security DNS over HTTPS",
- "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/security-filter/",
- "PayloadDescription": "Configures device to use Cleanbrowsing Security Filter Encrypted DNS over HTTPS",
- "signature": "3045022100a029e18ed7d32aefb22ebe233a70e2da8a71f6cacf0a0a83832963137edb77500220583c5d5ec630aa95e0c93468489e52ff15198befc173d5c10b9d995636ae9b60"
- },
- "tls": {
- "topName": "Cleanbrowsing Security DNS over TLS",
- "ServerURLOrName": "security-filter-dns.cleanbrowsing.org",
- "PayloadDescription": "Configures device to use Cleanbrowsing Security Filter Encrypted DNS over TLS",
- "signature": "304402202e650e4cedf2daf322b7fe3c4ce79561e8f31b0b68404717c98db0aade007aa4022016affa44117b33b9a1529d9fd759ccfcaa0562e5a0fc565b0718212b5fd48161"
- }
-}
diff --git a/src/15-opendns.json b/src/15-opendns.json
new file mode 100644
index 0000000..960aa00
--- /dev/null
+++ b/src/15-opendns.json
@@ -0,0 +1,43 @@
+{
+ "names": {
+ "en": "OpenDNS"
+ },
+ "notes": {
+ "en": "Operated by Cisco OpenDNS LLC",
+ "cmn-CN": "由思科 OpenDNS 运营",
+ "cmn-TW": "由思科 OpenDNS 營運"
+ },
+ "website": "https://support.opendns.com/hc/articles/360038086532",
+ "region": "US",
+ "censorship": false,
+ "variants": {
+ "default": {
+ "https": {
+ "ServerURLOrName": "https://doh.opendns.com/dns-query",
+ "signature": "30440220714a5e3f10c6b14a8f12405a39eed00c408b648b5af603434a06fdacefddc64b02204e1273ddb49649e84cb7a667f7fa0f273eaf0e0a39d151c66cca2f9e83aa946e"
+ },
+ "names": {
+ "en": "Standard",
+ "cmn-CN": "标准版",
+ "cmn-TW": "標準版"
+ }
+ },
+ "family": {
+ "names": {
+ "en": "FamilyShield",
+ "cmn-CN": "家庭盾",
+ "cmn-TW": "家庭盾"
+ },
+ "notes": {
+ "en": "Blocks malware & adult content",
+ "cmn-CN": "拦截恶意软件和成人内容",
+ "cmn-TW": "阻擋惡意軟體和成人內容"
+ },
+ "censorship": true,
+ "https": {
+ "ServerURLOrName": "https://doh.familyshield.opendns.com/dns-query",
+ "signature": "304502201b7494f8fdbfe1ec83d99b960163eed13e040fc18c5ce3e00c254829661bae540221008cef5162f72d5f65534af2774c882288e627c4a8bb5ba2bf56e5047d628efff1"
+ }
+ }
+ }
+}
diff --git a/src/16-cloudflare.json b/src/16-cloudflare.json
deleted file mode 100644
index 1a31965..0000000
--- a/src/16-cloudflare.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- "id": "cloudflare-dns",
- "profile": "cloudflare-dns-profile",
- "website": "https://developers.cloudflare.com/1.1.1.1/encryption/",
- "name": "cloudflare",
- "region": "US",
- "censorship": false,
- "names": {
- "en": "Cloudflare 1.1.1.1"
- },
- "notes": {
- "en": "Operated by Cloudflare Inc.",
- "cmn-CN": "由 Cloudflare 公司运营",
- "cmn-TW": "由 Cloudflare 公司營運"
- },
- "fullName": "Cloudflare DNS",
- "ServerAddresses": [
- "2606:4700:4700::1111",
- "2606:4700:4700::1001",
- "1.1.1.1",
- "1.0.0.1"
- ],
- "https": {
- "ServerURLOrName": "https://cloudflare-dns.com/dns-query",
- "PayloadDescription": "Configures device to use Cloudflare Encrypted DNS over HTTPS",
- "signature": "3045022031401922bb29e7401c02d887ede3aa9e430b2ebc1bb3844a18069b55138b3880022100ae22be54a8c28de7dc8359de676d45dee601368868b46b5262f33c3761f2ad39"
- },
- "tls": {
- "ServerURLOrName": "one.one.one.one",
- "PayloadDescription": "Configures device to use Cloudflare Encrypted DNS over TLS",
- "signature": "3045022051cc48a51cde34e203894197096aa0143ac60f3000b1edb096b2fa551cb67cbb02210087b39e75efe47359b8fb5ba702b56e1495d0da52252e5f27b10b958ed568d028"
- }
-}
diff --git a/src/16-quad9.json b/src/16-quad9.json
new file mode 100644
index 0000000..f1dff6a
--- /dev/null
+++ b/src/16-quad9.json
@@ -0,0 +1,84 @@
+{
+ "names": {
+ "en": "Quad9"
+ },
+ "notes": {
+ "en": "Operated by Quad9 Foundation.",
+ "cmn-CN": "由 Quad9 基金会运营",
+ "cmn-TW": "由 Quad9 基金會營運"
+ },
+ "website": "https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/",
+ "region": "CH",
+ "censorship": true,
+ "variants": {
+ "default": {
+ "ServerAddresses": [
+ "2620:fe::fe",
+ "2620:fe::9",
+ "9.9.9.9",
+ "149.112.112.112"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns.quad9.net/dns-query",
+ "signature": "30440220449a8c668084c46a548138abc02602a41707822177b0254dde3f6375577cf38e022070761626257a056982438de6320102ae8f920e07b2f08e17087e76617edbe17a"
+ },
+ "tls": {
+ "ServerURLOrName": "dns.quad9.net",
+ "signature": "3046022100daab299a5f45b8cdafe59634d1c77253d83959f83d9105cd9d0538ccbff315e2022100c49acf66acbb9bcc01ef273ec13a39e8c5f03710b5e416250231ee2c68537464"
+ },
+ "notes": {
+ "en": "Blocks malware",
+ "cmn-CN": "拦截恶意软件",
+ "cmn-TW": "阻擋惡意軟體"
+ }
+ },
+ "ECS": {
+ "names": {
+ "en": "w/ ECS",
+ "cmn-CN": "带 ECS",
+ "cmn-TW": "帶 ECS"
+ },
+ "notes": {
+ "en": "Supports ECS. Blocks malware",
+ "cmn-CN": "支持 ECS,拦截恶意软件",
+ "cmn-TW": "支援 ECS,阻擋惡意軟體"
+ },
+ "ServerAddresses": [
+ "2620:fe::fe:11",
+ "2620:fe::11",
+ "9.9.9.11",
+ "149.112.112.11"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns11.quad9.net/dns-query",
+ "signature": "3044022005f241a5b427d1626d38f9beace5a44e8f12b6be7d0784401639fc770d27a49002204217f17085d238d103f638d18d9199aef2c796fc43bf8d0a9ae5676f6df187dc"
+ },
+ "tls": {
+ "ServerURLOrName": "dns11.quad9.net",
+ "signature": "3045022100be5d4f3d9d148c16ab5df0bf077d2f8acee7d724fe884e80f1534d7ef6d03525022020bdeca5d766b21f067af9d444089d156ca3e065a50d05f97f71eeb5de971809"
+ }
+ },
+ "nofilter": {
+ "names": {
+ "en": "Unfiltered",
+ "cmn-CN": "无过滤",
+ "cmn-TW": "無過濾"
+ },
+ "censorship": false,
+ "ServerAddresses": [
+ "2620:fe::10",
+ "2620:fe::fe:10",
+ "9.9.9.10",
+ "149.112.112.10"
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns10.quad9.net/dns-query",
+ "signature": "304402206ac2b4afafc2755d7df54b232718c098b096910845190646f8ed13fbac6376a6022041a18a6fe731c4d605a1cae368e039faa787400add22ab81008bb0212175a158"
+ },
+ "tls": {
+ "ServerURLOrName": "dns10.quad9.net",
+ "signature": "304502206d4226fdfd131bb192cb663147920dd717c6165817169f8584a80c3d731be0a20221008280f92c4b3a14c80500429b8ee73e05981c9ed46c1b2267a7acce2cff4feca0"
+ }
+ }
+ }
+}
diff --git a/src/17-cloudflare-malware.json b/src/17-cloudflare-malware.json
deleted file mode 100644
index a004234..0000000
--- a/src/17-cloudflare-malware.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "id": "cloudflare-dns-family",
- "profile": "cloudflare-dns-security-profile",
- "name": "cloudflare-malware",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "Cloudflare 1.1.1.1 Security",
- "cmn-CN": "Cloudflare 1.1.1.1 安全",
- "cmn-TW": "Cloudflare 1.1.1.1 安全"
- },
- "notes": {
- "en": "Operated by Cloudflare Inc. Blocks malware & phishing",
- "cmn-CN": "由 Cloudflare 公司运营,拦截恶意软件和钓鱼网站",
- "cmn-TW": "由 Cloudflare 公司營運,阻擋惡意軟體和釣魚網站"
- },
- "fullName": "Cloudflare no Malware DNS",
- "ServerAddresses": [
- "2606:4700:4700::1112",
- "2606:4700:4700::1002",
- "1.1.1.2",
- "1.0.0.2"
- ],
- "https": {
- "ServerURLOrName": "https://security.cloudflare-dns.com/dns-query",
- "PayloadDescription": "Configures device to use Cloudflare no Malware Encrypted DNS over HTTPS",
- "signature": "30440220401c2642d975f51d08e5e6acfc386205f13e6a6749263501549502978efd2baf022050c87718701658688fe2299d06edd06563d3152ec29a21ba3e8ec1e70ae73936"
- }
-}
diff --git a/src/17-tiarapp.json b/src/17-tiarapp.json
new file mode 100644
index 0000000..e7e8dc4
--- /dev/null
+++ b/src/17-tiarapp.json
@@ -0,0 +1,28 @@
+{
+ "names": {
+ "en": "Tiarap"
+ },
+ "notes": {
+ "en": "Operated by Tiarap Inc. Blocks ads, tracking, phising & malware",
+ "cmn-CN": "由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件",
+ "cmn-TW": "由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體"
+ },
+ "website": "https://doh.tiar.app",
+ "region": [
+ "SG",
+ "US"
+ ],
+ "censorship": true,
+ "variants": {
+ "default": {
+ "https": {
+ "ServerURLOrName": "https://doh.tiar.app/dns-query",
+ "signature": "3045022100e23af03cb0a254c250ec9d6b7ffa6041b60735b1f2459b7f18cafba5452939c902201b9320e62777df3b720904983542dfe3be41abb0f728735c0f29defd83cee937"
+ },
+ "tls": {
+ "ServerURLOrName": "dot.tiar.app",
+ "signature": "3045022075fba1923446ee05daa54b20c90b771a3a52b0614d69d98082e14e2c51736d5e0221008b59f0b0e1922ac14e3f983b7e49be355280b3035cce456da14d07c7337c5208"
+ }
+ }
+ }
+}
diff --git a/src/18-cloudflare-family.json b/src/18-cloudflare-family.json
deleted file mode 100644
index 7d78003..0000000
--- a/src/18-cloudflare-family.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- "id": "cloudflare-dns-family",
- "profile": "cloudflare-dns-family-profile",
- "name": "cloudflare-family",
- "website": "https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "Cloudflare 1.1.1.1 Family",
- "cmn-CN": "Cloudflare 1.1.1.1 家庭",
- "cmn-TW": "Cloudflare 1.1.1.1 家庭"
- },
- "notes": {
- "en": "Operated by Cloudflare Inc. Blocks malware, phishing & adult content",
- "cmn-CN": "由 Cloudflare 公司运营,拦截恶意软件、钓鱼和成人内容",
- "cmn-TW": "由 Cloudflare 公司營運,阻擋惡意軟體、釣魚和成人內容"
- },
- "fullName": "Cloudflare DNS",
- "ServerAddresses": [
- "2606:4700:4700::1113",
- "2606:4700:4700::1003",
- "1.1.1.3",
- "1.0.0.3"
- ],
- "https": {
- "PayloadDisplayName": "Cloudflare Family DNS over HTTPS",
- "ServerURLOrName": "https://family.cloudflare-dns.com/dns-query",
- "PayloadDescription": "Configures device to use Cloudflare Family Encrypted DNS over HTTPS",
- "signature": "3045022100d38f6fac850cf25c3e7eecd854117bb89c625b88a9c0abdaf9c66d229394d8bf022012156579494761c67484f5837bf6add97ec2d8a411a99277aadd44ba7cc7dce1"
- }
-}
diff --git a/src/19-dnspod.json b/src/19-dnspod.json
deleted file mode 100644
index 072c4df..0000000
--- a/src/19-dnspod.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- "id": "dnspod-dns",
- "profile": "dnspod-dns-profile",
- "website": "https://www.dnspod.com/products/public.dns",
- "name": "dnspod",
- "region": "CN",
- "censorship": false,
- "names": {
- "en": "DNSPod Public DNS",
- "cmn-CN": "DNSPod 公共 DNS",
- "cmn-TW": "DNSPod 公共 DNS"
- },
- "notes": {
- "en": "Operated by DNSPod Inc., a Tencent Cloud Company",
- "cmn-CN": "由腾讯公司 DNSPod 运营",
- "cmn-TW": "由騰訊公司 DNSPod 營運"
- },
- "fullName": "DNSPod",
- "ServerAddresses": [
- "1.12.12.12",
- "120.53.53.53"
- ],
- "https": {
- "ServerURLOrName": "https://doh.pub/dns-query",
- "PayloadDescription": "Configures device to use DNSPod Encrypted DNS over HTTPS",
- "signature": "304502203c4a4b2d09d6ac37740d42930b74e2a975c5b229c2f4eb709ea0e78caf50c06f02210096f9a367d9aa8c9f8dde330a48d812d258b80f41007e06f8e97cb76b0583db6f"
- },
- "tls": {
- "ServerURLOrName": "dot.pub",
- "PayloadDescription": "Configures device to use DNSPod Encrypted DNS over TLS",
- "signature": "30450221008410ec40a129258e730892e1da04d3c57feb3db2f288fed9f518bd26fced82c902200adcf30ab1d8bb91379b68bf64d95d3cdb380c8ac4fa5dccdb8fad8843e77f60"
- }
-}
diff --git a/src/20-fdn.json b/src/20-fdn.json
deleted file mode 100644
index 8b9e2ec..0000000
--- a/src/20-fdn.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "id": "fdn-dns",
- "profile": "fdn",
- "website": "https://www.fdn.fr/actions/dns/",
- "name": "fdn",
- "region": "FR",
- "censorship": false,
- "names": {
- "en": "FDN"
- },
- "notes": {
- "en": "Operated by French Data Network",
- "cmn-CN": "由法国数据网络运营",
- "cmn-TW": "由法國資料網路營運"
- },
- "fullName": "FDN DNS",
- "ServerAddresses": [
- "2001:910:800::12",
- "2001:910:800::40",
- "80.67.169.12",
- "80.67.169.40"
- ],
- "https": {
- "topName": "FDN Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://ns0.fdn.fr/dns-query",
- "PayloadDescription": "Configures device to use Google Encrypted DNS over HTTPS",
- "signature": "3045022100a35e60382af4ed71ca90e44d4c8819462631e431486d1a100898ce42e1e4229702201a759920577ea480f74d4689c2f251e1fbe662042b6c28bec531030a464fb22a"
- },
- "tls": {
- "topName": "FDN Encrypted DNS over TLS",
- "ServerURLOrName": "dns.fdn",
- "PayloadDescription": "Configures device to use FDN Encrypted DNS over TLS",
- "signature": "3046022100e83f6ebda04a7440e10fbc1801bca35dae016d6f75b04f292c111990c0c3ee95022100c01fb44e36d3136b05aa3856573f28bb7e56ea9b4a0b5895ad9124295655339e"
- }
-}
diff --git a/src/21-google.json b/src/21-google.json
deleted file mode 100644
index 802d322..0000000
--- a/src/21-google.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
- "id": "google-dns",
- "profile": "google-dns-profile",
- "name": "google",
- "website": "https://developers.google.com/speed/public-dns/docs/secure-transports",
- "region": "US",
- "censorship": false,
- "names": {
- "en": "Google Public DNS",
- "cmn-CN": "Google 公共 DNS",
- "cmn-TW": "Google 公共 DNS"
- },
- "notes": {
- "en": "Operated by Google LLC",
- "cmn-CN": "由谷歌公司运营",
- "cmn-TW": "由谷歌公司營運"
- },
- "fullName": "Google DNS",
- "ServerAddresses": [
- "2001:4860:4860::8888",
- "2001:4860:4860::8844",
- "8.8.8.8",
- "8.8.4.4"
- ],
- "https": {
- "topName": "Google Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://dns.google/dns-query",
- "PayloadDescription": "Configures device to use Google Encrypted DNS over HTTPS",
- "signature": "3044022100f4648f2e0ba7d04e8e3da24cb02fbdc4d9f81ba9603b007c561314137eb1478e021f460943164fb4d769603a8324ecdb1dfff45c31bd79065741a27e6877de5d67"
- },
- "tls": {
- "topName": "Google Encrypted DNS over TLS",
- "ServerURLOrName": "dns.google",
- "PayloadDescription": "Configures device to use Google Encrypted DNS over TLS",
- "signature": "30440220327b0b3297a16252639e0ebb52cfd367d16a361ee36fa5dd3862cf6a923285ae02203b6ef52222d7dea9c6d7ab1858c27294b0003175fb851409fcfab4870651b79e"
- }
-}
diff --git a/src/22-keweondns.json b/src/22-keweondns.json
deleted file mode 100644
index c3c548a..0000000
--- a/src/22-keweondns.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- "id": "keweondns",
- "profile": "keweondns-profile",
- "website": "https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/",
- "region": "DE",
- "censorship": false,
- "names": {
- "en": "keweonDNS"
- },
- "notes": {
- "en": "Operated by Aviontex. Blocks ads & tracking",
- "cmn-CN": "由 Aviontex 运营,拦截广告和跟踪器",
- "cmn-TW": "由 Aviontex 營運,阻擋廣告和追蹤器"
- },
- "https": {
- "top": {
- "description": "Adds keweonDNS encrypted DNS configurations to Apple based systems"
- },
- "PayloadDisplayName": "keweonDNS (DoH)",
- "PayloadDescription": "Configures device to use keweonDNS physical DNS Server to encrypt DNS over HTTPS",
- "ServerURLOrName": "https://dns.keweon.center/dns-query",
- "signature": "304402201e335ba4d461eb9ea00ae1bcc3b450844a07f872011b6bf9452e33af2f52c16e02202ae086dae36f6f3b2f70e9dbe1d8ebd8f34aa421e4c8616468ba525f12a5c9a7"
- },
- "tls": {
- "top": {
- "description": "Adds keweonDNS encrypted DNS configurations to Apple based systems"
- },
- "PayloadDisplayName": "keweonDNS (DoT)",
- "PayloadDescription": "Configures device to use keweonDNS physical DNS Server to encrypt DNS over TLS",
- "ServerURLOrName": "dns.keweon.center",
- "signature": "3046022100dc0d3e6c0a294f7665ec241ef01ff11839da5ba249c70c3759d51e53309d2deb022100a5f963b15507b29910d24ab29cc0cb8aceaee776605074959b612c5fe5bbf3c7"
- }
-}
diff --git a/src/23-mullvad.json b/src/23-mullvad.json
deleted file mode 100644
index 9b4cada..0000000
--- a/src/23-mullvad.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- "id": "mullvad-dns",
- "profile": "mullvad-dns-profile",
- "name": "mullvad",
- "website": "https://mullvad.net/help/dns-over-https-and-dns-over-tls/",
- "region": "SE",
- "censorship": true,
- "names": {
- "en": "Mullvad DNS"
- },
- "notes": {
- "en": "Operated by Mullvad VPN AB",
- "cmn-CN": "由 Mullvad VPN AB 运营",
- "cmn-TW": "由 Mullvad VPN AB 營運"
- },
- "fullName": "Mullvad DNS",
- "ServerAddresses": [
- "2a07:e340::2",
- "194.242.2.2"
- ],
- "https": {
- "ServerURLOrName": "https://doh.mullvad.net/dns-query",
- "signature": "3046022100c4e5e9e69ff01276049fb36b06df3042b2179608cb395d0443352ed4e36e11a4022100e1d77e7ab13a9a0ba5e037f15702a77fd7d21838cd87aba6c6f0e139023988df"
- }
-}
diff --git a/src/24-mullvad-adblock.json b/src/24-mullvad-adblock.json
deleted file mode 100644
index 3c06e1f..0000000
--- a/src/24-mullvad-adblock.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
- "id": "mullvad-dns",
- "profile": "mullvad-dns-adblock-profile",
- "name": "mullvad-adblock",
- "region": "SE",
- "censorship": true,
- "names": {
- "en": "Mullvad DNS Adblock",
- "cmn-CN": "Mullvad DNS 广告拦截",
- "cmn-TW": "Mullvad DNS 廣告阻擋"
- },
- "notes": {
- "en": "Operated by Mullvad VPN AB. Blocks ads & tracking",
- "cmn-CN": "由 Mullvad VPN AB 运营,拦截广告和跟踪器",
- "cmn-TW": "由 Mullvad VPN AB 營運,阻擋廣告和追蹤器"
- },
- "fullName": "Mullvad DNS with ad blocking",
- "ServerAddresses": [
- "2a07:e340::3",
- "194.242.2.3"
- ],
- "https": {
- "PayloadDisplayName": "Mullvad DNS over HTTPS",
- "ServerURLOrName": "https://adblock.doh.mullvad.net/dns-query",
- "signature": "3046022100fb68c3b2f7a20faba344b70a227b2ecbadc354a29165c43adbb19fcc28601dc5022100d7c007414b1c5b56ea0e07e4d21ffcec9ce4de2a2dd8b983dbc52601a75786dc"
- }
-}
diff --git a/src/25-opendns.json b/src/25-opendns.json
deleted file mode 100644
index 7cd2867..0000000
--- a/src/25-opendns.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "id": "opendns",
- "profile": "opendns-standard-profile",
- "website": "https://support.opendns.com/hc/articles/360038086532",
- "region": "US",
- "censorship": false,
- "names": {
- "en": "OpenDNS Standard",
- "cmn-CN": "OpenDNS 标准版",
- "cmn-TW": "OpenDNS 標準版"
- },
- "notes": {
- "en": "Operated by Cisco OpenDNS LLC",
- "cmn-CN": "由思科 OpenDNS 运营",
- "cmn-TW": "由思科 OpenDNS 營運"
- },
- "https": {
- "PayloadDisplayName": "OpenDNS DNS over HTTPS Standard",
- "PayloadDescription": "Configures device to use OpenDNS Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://doh.opendns.com/dns-query",
- "topName": "OpenDNS Encrypted DNS",
- "signature": "304402204affca5bb1d7939ce042c08a7eb3d428b11691f895d6096f55aa8d74bdb873d50220347312163eb30c9e5f971471eb435190a97c505fb2d74c2496b85c32b6895473"
- }
-}
diff --git a/src/26-opendns-family.json b/src/26-opendns-family.json
deleted file mode 100644
index 2e14ce8..0000000
--- a/src/26-opendns-family.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "id": "opendns",
- "profile": "opendns-familyshield-profile",
- "name": "opendns-family",
- "region": "US",
- "censorship": true,
- "names": {
- "en": "OpenDNS FamilyShield",
- "cmn-CN": "OpenDNS 家庭盾",
- "cmn-TW": "OpenDNS 家庭盾"
- },
- "notes": {
- "en": "Operated by Cisco OpenDNS LLC. Blocks malware & adult content",
- "cmn-CN": "由思科 OpenDNS 运营,拦截恶意软件和成人内容",
- "cmn-TW": "由思科 OpenDNS 營運,阻擋惡意軟體和成人內容"
- },
- "https": {
- "PayloadDisplayName": "OpenDNS DNS over HTTPS Standard",
- "PayloadDescription": "Configures device to use OpenDNS Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://doh.familyshield.opendns.com/dns-query",
- "topName": "OpenDNS Encrypted DNS Family Shield",
- "signature": "304402206c22993e532e134d74d6b2f9b166cac10442709ef83d287725d34057dff416eb02206b58b919cd30710306924953e3b748df23d5a8636d88e8d89fadb0c23d0c1150"
- }
-}
diff --git a/src/27-quad9.json b/src/27-quad9.json
deleted file mode 100644
index 464cded..0000000
--- a/src/27-quad9.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id": "quad9",
- "profile": "quad9-profile",
- "website": "https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/",
- "region": "CH",
- "censorship": true,
- "names": {
- "en": "Quad9"
- },
- "notes": {
- "en": "Operated by Quad9 Foundation. Blocks malware",
- "cmn-CN": "由 Quad9 基金会运营,拦截恶意软件",
- "cmn-TW": "由 Quad9 基金會營運,阻擋惡意軟體"
- },
- "fullName": "Quad9 DNS",
- "ServerAddresses": [
- "2620:fe::fe",
- "2620:fe::9",
- "9.9.9.9",
- "149.112.112.112"
- ],
- "https": {
- "topName": "Quad9 Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://dns.quad9.net/dns-query",
- "PayloadDescription": "Configures device to use Quad9 Encrypted DNS over HTTPS",
- "signature": "304402200907ab690f38036aa05b7661f1290ee512d951aeef706bdf7178d64ce02b2720022008bad55511fbc647354aad3875329f9c1356a601b3c2a05cd11e76ac9335dee4"
- },
- "tls": {
- "topName": "Quad9 Encrypted DNS over TLS",
- "ServerURLOrName": "dns.quad9.net",
- "PayloadDescription": "Configures device to use Quad9 Encrypted DNS over HTTPS",
- "signature": "3045022100ed942feb36a94df5e8f022a9a1bf2b5f43a0a857ad310c5ce384691eb24f945802200cc0dae3515e8bb2d0c2718c65f34fe59e68ff7ef803da8a41ca1fdf33faed0d"
- }
-}
diff --git a/src/28-quad9-ECS.json b/src/28-quad9-ECS.json
deleted file mode 100644
index 1641be2..0000000
--- a/src/28-quad9-ECS.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
- "id": "quad9",
- "profile": "quad9-ecs-profile",
- "name": "quad9-ECS",
- "region": "CH",
- "censorship": true,
- "names": {
- "en": "Quad9 w/ ECS",
- "cmn-CN": "Quad9 带 ECS",
- "cmn-TW": "Quad9 帶 ECS"
- },
- "notes": {
- "en": "Operated by Quad9 Foundation. Supports ECS. Blocks malware",
- "cmn-CN": "由 Quad9 基金会运营,支持 ECS,拦截恶意软件",
- "cmn-TW": "由 Quad9 基金會營運,支援 ECS,阻擋惡意軟體"
- },
- "fullName": "Quad9 with ECS DNS",
- "ServerAddresses": [
- "2620:fe::fe:11",
- "2620:fe::11",
- "9.9.9.11",
- "149.112.112.11"
- ],
- "https": {
- "topName": "Quad9 with ECS Encrypted DNS over HTTPS",
- "PayloadDisplayName": "Quad9 DNS over HTTPS with ECS",
- "ServerURLOrName": "https://dns11.quad9.net/dns-query",
- "PayloadDescription": "Configures device to use Quad9 Encrypted DNS over HTTPS with ECS",
- "signature": "3045022100ed0a0feff22496cf9e67678ed3401a4586b00e76e68e89aedd201a3268502c44022016f3755477287f51e4ae95a69d074d929053868c529f6a156037c6a23d83d3d9"
- },
- "tls": {
- "topName": "Quad9 with ECS Encrypted DNS over TLS",
- "PayloadDisplayName": "Quad9 DNS over TLS with ECS",
- "ServerURLOrName": "dns11.quad9.net",
- "PayloadDescription": "Configures device to use Quad9 with ECS Encrypted DNS over HTTPS",
- "signature": "304502200ffc0c911615ee9345b73711478b4bdd6bfdd9a3d209ee0e2ff70eef067ef676022100e6ef2efe613cd716e41876f1e30ee49fbc4ca4948b66e6cb13485963cb25ef75"
- }
-}
diff --git a/src/29-quad9-nofilter.json b/src/29-quad9-nofilter.json
deleted file mode 100644
index 87d79f7..0000000
--- a/src/29-quad9-nofilter.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "id": "quad9",
- "profile": "quad9-profile-unfiltered",
- "name": "quad9-nofilter",
- "region": "CH",
- "censorship": false,
- "names": {
- "en": "Quad9 Unfiltered",
- "cmn-CN": "Quad9 无过滤",
- "cmn-TW": "Quad9 無過濾"
- },
- "notes": {
- "en": "Operated by Quad9 Foundation.",
- "cmn-CN": "由 Quad9 基金会运营",
- "cmn-TW": "由 Quad9 基金會營運"
- },
- "fullName": "Quad9 No Filter DNS",
- "ServerAddresses": [
- "2620:fe::10",
- "2620:fe::fe:10",
- "9.9.9.10",
- "149.112.112.10"
- ],
- "https": {
- "topName": "Quad9 No Filter Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://dns10.quad9.net/dns-query",
- "PayloadDescription": "Configures device to use Quad9 No Filter Encrypted DNS over HTTPS",
- "signature": "3044022012cacb6ec89ba64de6b899e9c732dffbff7029bae9cb65680d999f20760d9a050220431339b37cfd7ee8bba856dd7a8e9577bf5da357c6677a6effb8c1b2bd27aad1"
- },
- "tls": {
- "topName": "Quad9 No Filter Encrypted DNS over TLS",
- "ServerURLOrName": "dns10.quad9.net",
- "PayloadDescription": "Configures device to use Quad9 No Filter Encrypted DNS over HTTPS",
- "signature": "304402205fdc0c11fab426cd5f302b66a13ae7fb590540166e29d97f475870eeb8fcb9d602205ec77522860ac13359b8bad5c93f923803396b019bff8e22f14a10e52aac1490"
- }
-}
diff --git a/src/30-tiarapp.json b/src/30-tiarapp.json
deleted file mode 100644
index 04e1b02..0000000
--- a/src/30-tiarapp.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- "id": "tiarap",
- "profile": "tiarap-profile",
- "website": "https://doh.tiar.app",
- "name": "tiarapp",
- "region": [
- "SG",
- "US"
- ],
- "censorship": true,
- "names": {
- "en": "Tiarap"
- },
- "notes": {
- "en": "Operated by Tiarap Inc. Blocks ads, tracking, phising & malware",
- "cmn-CN": "由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件",
- "cmn-TW": "由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體"
- },
- "https": {
- "PayloadDisplayName": "Tiarap DNS over HTTPS",
- "PayloadDescription": "Configures device to use Tiarap Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://doh.tiar.app/dns-query",
- "signature": "3044022065da27b3576b68f7e744b3a2e1f0186525c11202d144aa3bd1a881a0914baae202205f9aa3c07a4106be7458be38140ce7e219707cc546b9440d9f4f36df2582a2e4"
- },
- "tls": {
- "PayloadDisplayName": "Tiarap DNS over TLS",
- "PayloadDescription": "Configures device to use Tiarap Encrypted DNS over TLS",
- "ServerURLOrName": "dot.tiar.app",
- "signature": "3046022100b2b7abd52d7b6a515ee716bcd8174ca28a241f8adc536a44d3253d7a46ae6be5022100eff5351a1b6a0a63225a5e869dbd9ace6e76f2f70acc184558b96a0738ca62fa"
- }
-}
diff --git a/src/31-dns4eu.json b/src/31-dns4eu.json
deleted file mode 100644
index df06337..0000000
--- a/src/31-dns4eu.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id": "dns4eu",
- "profile": "dns4eu-profile",
- "website": "https://www.joindns4.eu/for-public",
- "region": "CZ",
- "censorship": false,
- "names": {
- "en": "DNS4EU"
- },
- "notes": {
- "en": "Operated by a consortium lead by Whalebone.",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "fullName": "DNS4EU DNS",
- "ServerAddresses": [
- "2a13:1001::86:54:11:100",
- "2a13:1001::86:54:11:200",
- "86.54.11.100",
- "86.54.11.200"
- ],
- "https": {
- "topName": "DNS4EU Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://unfiltered.joindns4.eu/dns-query",
- "PayloadDescription": "Configures device to use DNS4EU Encrypted DNS over HTTPS",
- "signature": "304502201ed6130d132aaafd59169a4d13ab7c09005860ee854a6da45c607791631f9bac022100f568b6e5e1995ebc85525cbbd2df94b0e0d2c93365bf57032388cee7ff7a03eb"
- },
- "tls": {
- "topName": "DNS4EU Encrypted DNS over TLS",
- "ServerURLOrName": "unfiltered.joindns4.eu",
- "PayloadDescription": "Configures device to use DNS4EU Encrypted DNS over HTTPS",
- "signature": "304602210090224ed109c2dea3bb58a84eda2f99a552d3db0c0762fbe85217aaac2b19c4c002210094be4a9c3586b48186d66068baccddaafa3bfaf0da3e48a42989381c9e55eed5"
- }
-}
diff --git a/src/32-dns4eu-malware.json b/src/32-dns4eu-malware.json
deleted file mode 100644
index 5271b90..0000000
--- a/src/32-dns4eu-malware.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "id": "dns4eu-malware",
- "profile": "dns4eu-profile-malware",
- "website": "https://www.joindns4.eu/for-public",
- "region": "CZ",
- "censorship": true,
- "names": {
- "en": "DNS4EU Protective",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "notes": {
- "en": "Operated by a consortium lead by Whalebone. Blocks Malware.",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "fullName": "DNS4EU Protective DNS",
- "ServerAddresses": [
- "2a13:1001::86:54:11:1",
- "2a13:1001::86:54:11:201",
- "86.54.11.1",
- "86.54.11.201"
- ],
- "https": {
- "topName": "DNS4EU Protective Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://protective.joindns4.eu/dns-query",
- "PayloadDescription": "Configures device to use DNS4EU Protective Encrypted DNS over HTTPS",
- "signature": "304402205ef316c9aae8890cae8a5cdc9a24bd1597700b34a4ca970b454221b86007e9610220570ad7ac074c952db2c45729781b3847a564d8cf1e42f8014d067e91aa4163f7"
- },
- "tls": {
- "topName": "DNS4EU Protective Encrypted DNS over TLS",
- "ServerURLOrName": "protective.joindns4.eu",
- "PayloadDescription": "Configures device to use DNS4EU Protective Encrypted DNS over HTTPS",
- "signature": "30450220268649de115c6fef7490f68ccb59e6f4fab3aa0beee4002435d5d8315c93b9ef02210090dfa69ec21b2e150812aee68b3d9783e378c45e532ba96aa96670bfe202a63c"
- }
-}
diff --git a/src/33-dns4eu-protective-ads.json b/src/33-dns4eu-protective-ads.json
deleted file mode 100644
index 7f3a3b7..0000000
--- a/src/33-dns4eu-protective-ads.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "id": "dns4eu-protective-ads",
- "profile": "dns4eu-profile-protective-ads",
- "website": "https://www.joindns4.eu/for-public",
- "region": "CZ",
- "censorship": true,
- "names": {
- "en": "DNS4EU Protective ad-blocking",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "notes": {
- "en": "Operated by a consortium lead by Whalebone. Blocks Malware and Ads",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "fullName": "DNS4EU Protective ad-blocking DNS",
- "ServerAddresses": [
- "2a13:1001::86:54:11:13",
- "2a13:1001::86:54:11:213",
- "86.54.11.13",
- "86.54.11.213"
- ],
- "https": {
- "topName": "DNS4EU Protective ad-blocking Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://noads.joindns4.eu/dns-query",
- "PayloadDescription": "Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS",
- "signature": "3046022100aa97ca22a94c98972fd66a19d8a4c7cbc52a0498d57684e1ec39f1cab1b3f084022100fc2f065b3a66260bd0d124df2cd357733c00b9993f16761523d5a28b1dd48808"
- },
- "tls": {
- "topName": "DNS4EU Protective ad-blocking Encrypted DNS over TLS",
- "ServerURLOrName": "noads.joindns4.eu",
- "PayloadDescription": "Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS",
- "signature": "3046022100c2ee880f90a82996aa02b2ca1b4595e758349caf45dccb1c78ccdaab228a6c6b022100ec8b1d84801c0e8c049028578ff9ea3b2f69292e0f168ef56a71acb6b7edae80"
- }
-}
diff --git a/src/34-dns4eu-protective-child.json b/src/34-dns4eu-protective-child.json
deleted file mode 100644
index 445bd1c..0000000
--- a/src/34-dns4eu-protective-child.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "id": "dns4eu-protective-child",
- "profile": "dns4eu-profile-protective-child",
- "website": "https://www.joindns4.eu/for-public",
- "region": "CZ",
- "censorship": true,
- "names": {
- "en": "DNS4EU Protective with child protection",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "notes": {
- "en": "Operated by a consortium lead by Whalebone. Blocks malware and explicit content.",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "fullName": "DNS4EU Protective with child protection DNS",
- "ServerAddresses": [
- "2a13:1001::86:54:11:12",
- "2a13:1001::86:54:11:212",
- "86.54.11.12",
- "86.54.11.212"
- ],
- "https": {
- "topName": "DNS4EU Protective with child protection Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://child.joindns4.eu/dns-query",
- "PayloadDescription": "Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS",
- "signature": "3045022100d637cc4d384e0602f73b0f2eefb38083db074e76b64b36093d1afcffdfa3be6f0220317d9fc318cbc793951f91380014776f908f885a42ab2724ce5b1f3ede6d9050"
- },
- "tls": {
- "topName": "DNS4EU Protective with child protection Encrypted DNS over TLS",
- "ServerURLOrName": "child.joindns4.eu",
- "PayloadDescription": "Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS",
- "signature": "3045022008529e9404b95800a6f265378a7e533d5d1741e0a4d16ab05c32a9ffd251d4a3022100cd43521f5f591997f486d363e3b7dbdd0f121c2c15fa06e74327cda5af162829"
- }
-}
diff --git a/src/35-dns4eu-protective-child-ads.json b/src/35-dns4eu-protective-child-ads.json
deleted file mode 100644
index da06414..0000000
--- a/src/35-dns4eu-protective-child-ads.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id": "dns4eu-protective-child-ads",
- "profile": "dns4eu-profile-protective-child-ads",
- "website": "https://www.joindns4.eu/for-public",
- "region": "CZ",
- "censorship": true,
- "names": {
- "en": "DNS4EU Protective with child protection & ad-blocking",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "notes": {
- "en": "Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "fullName": "DNS4EU Protective with child protection & ad-blocking DNS",
- "ServerAddresses": [
- "2a13:1001::86:54:11:11",
- "2a13:1001::86:54:11:211",
- "86.54.11.11",
- "86.54.11.211"
- ],
- "https": {
- "topName": "DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://child-noads.joindns4.eu/dns-query",
- "signature": "3044022022249ca7d49793e66f84f1c514dc6403cb3ec7f795341ef08ecebef10d23471602201bd96e0f3c139568e5e59620f87dc1043ce9883a85f21165d6e791a866f1accf"
- },
- "tls": {
- "topName": "DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS",
- "ServerURLOrName": "child-noads.joindns4.eu",
- "signature": "3045022100e75287cb476364dde6a6b4cd5cc336171fd5f1b0d44533f5f81097997b7de3f2022026f611f590ba2b382a39187252b2dd63f05a03d2ea9158af936e215fff5c998f"
- }
-}
diff --git a/src/36-ffmuc-dns.json b/src/36-ffmuc-dns.json
deleted file mode 100644
index f1227e3..0000000
--- a/src/36-ffmuc-dns.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id": "ffmucdns",
- "profile": "ffmuc-profile",
- "website": "https://ffmuc.net/wiki/knb:dohdot_en",
- "region": "DE",
- "censorship": false,
- "names": {
- "en": "FFMUC-DNS"
- },
- "notes": {
- "en": "FFMUC free DNS servers provided by Freifunk München.",
- "cmn-CN": "",
- "cmn-TW": ""
- },
- "fullName": "FFMUC DNS",
- "ServerAddresses": [
- "2001:678:e68:f000::",
- "2001:678:ed0:f000::",
- "5.1.66.255",
- "185.150.99.255"
- ],
- "https": {
- "topName": "FFMUC Encrypted DNS over HTTPS",
- "ServerURLOrName": "https://doh.ffmuc.net/dns-query",
- "PayloadDescription": "Configures device to use FFMUC-DNS Encrypted DNS over HTTPS",
- "signature": "30450220550d5ca4a7155bc0d1f538901632301205cc93c8e3f751edbb79bf41fc003baa02210090ddd8103db3bc20cede5896367176c16cb726bfb2e9016ab8240fd4d17a8a9b"
- },
- "tls": {
- "topName": "FFMUC Encrypted DNS over TLS",
- "ServerURLOrName": "dot.ffmuc.net",
- "PayloadDescription": "Configures device to use FFMUC-DNS Encrypted DNS over TLS",
- "signature": "304502204f299167019fc2163a348fb73cb998993f94e9e23a4cde345d3249d819e2dfaf022100a0e425676f080529887dfdef3e33c56ed167b071d73fa729030689dd28f1ab32"
- }
-}
diff --git a/src/99-template-on-demand.json b/src/99-template-on-demand.json
index 99dbbf2..d010a00 100644
--- a/src/99-template-on-demand.json
+++ b/src/99-template-on-demand.json
@@ -1,33 +1,36 @@
{
- "id": "template-on-demand",
- "profile": "template-on-demand",
- "name": "template-on-demand",
- "file": "template-on-demand.mobileconfig",
+ "names": {
+ "en": "Example Encrypted DNS"
+ },
"hidden": true,
- "ServerAddresses": [
- "2001:db8::1",
- "2001:db8::2",
- "192.0.0.1",
- "192.0.0.2"
- ],
- "https": {
- "ServerURLOrName": "https://dns.example/dns-query",
- "PayloadDisplayName": "Example DNS over HTTPS",
- "PayloadDescription": "Configures device to use Example Encrypted DNS over HTTPS",
- "onDemandRules": [
- {
- "Action": "Disconnect",
- "SSIDMatch": [
- "TRUSTED_NETWORK_1",
- "TRUSTED_NETWORK_2",
- "TRUSTED_NETWORK_3"
- ]
+ "variants": {
+ "default": {
+ "notes": {
+ "en": "Adds the Example Encrypted DNS over HTTPS to Big Sur and iOS 14 based systems"
},
- {
- "Action": "Connect"
+ "ServerAddresses": [
+ "2001:db8::1",
+ "2001:db8::2",
+ "192.0.0.1",
+ "192.0.0.2"
+ ],
+ "onDemandRules": [
+ {
+ "Action": "Disconnect",
+ "SSIDMatch": [
+ "TRUSTED_NETWORK_1",
+ "TRUSTED_NETWORK_2",
+ "TRUSTED_NETWORK_3"
+ ]
+ },
+ {
+ "Action": "Connect"
+ }
+ ],
+ "https": {
+ "ServerURLOrName": "https://dns.example/dns-query",
+ "signature": "3046022100df99d84fc1178fecf5bb818f43b85a964ab4c208d232db6e76a5cdb204905201022100cf3cde149fe64a47dddf09dde9c812bfbcbc4d10ccd31ea4c879d859e4b711db"
}
- ],
- "topName": "Example Encrypted DNS over HTTPS",
- "signature": "30450220757106da272dbf93c121df2f4a40214bd00f6348b08de3515f5acf158de44263022100892a901a757b8d136a31babeeee3025caae7e0a111de7e42fba8b5d7b2ec3236"
+ }
}
}
diff --git a/src-languages/01-en.json b/src/languages/01-en.json
similarity index 100%
rename from src-languages/01-en.json
rename to src/languages/01-en.json
diff --git a/src-languages/01-en.md b/src/languages/01-en.md
similarity index 88%
rename from src-languages/01-en.md
rename to src/languages/01-en.md
index c87033a..f64a6bf 100644
--- a/src-languages/01-en.md
+++ b/src/languages/01-en.md
@@ -64,12 +64,11 @@ Censorship (also known as "filtering") means the profile will not send true info
- `npm run new` - interactively creates new profile from CLI options. Can also be ran with flags.
- `scripts/new.test.ts` includes CLI snapshot tests and a PTY interactive flow test.
- PTY test runs by default; set `NEW_TEST_PTY=0` to opt out.
-- `node scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig
-- `node scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL.
+- `src/scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig
+- `src/scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL.
- Uses `-nosmimecap` to match local CMS signing policy.
-- `node scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout.
-- `node test/sign-single.test.ts` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`.
- - Runs under `npm run test`.
+- `src/scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout.
+- `npm run test` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`.
- Generates temporary test root/signer certificates and keys via OpenSSL.
- Signs the same profile with `scripts/sign.ts` and `scripts/sign_openssl.sh`.
- Verifies detached content and embedded certificate set parity.
diff --git a/src-languages/02-cmn-CN.json b/src/languages/02-cmn-CN.json
similarity index 100%
rename from src-languages/02-cmn-CN.json
rename to src/languages/02-cmn-CN.json
diff --git a/src-languages/02-cmn-CN.md b/src/languages/02-cmn-CN.md
similarity index 100%
rename from src-languages/02-cmn-CN.md
rename to src/languages/02-cmn-CN.md
diff --git a/src-languages/03-cmn-TW.json b/src/languages/03-cmn-TW.json
similarity index 100%
rename from src-languages/03-cmn-TW.json
rename to src/languages/03-cmn-TW.json
diff --git a/src-languages/03-cmn-TW.md b/src/languages/03-cmn-TW.md
similarity index 100%
rename from src-languages/03-cmn-TW.md
rename to src/languages/03-cmn-TW.md
diff --git a/src/scripts/build.ts b/src/scripts/build.ts
new file mode 100644
index 0000000..f863488
--- /dev/null
+++ b/src/scripts/build.ts
@@ -0,0 +1,557 @@
+#!/usr/bin/env node
+import { sha1 } from '@noble/hashes/legacy.js';
+import { bytesToHex, concatBytes, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js';
+import { CMS } from 'micro-key-producer/x509.js';
+import fs from 'node:fs';
+import net from 'node:net';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+type LangData = {
+ code: string;
+ name: string;
+ table_columns: {
+ name: string;
+ region: string;
+ censorship: string;
+ notes: string;
+ install_signed: string;
+ install_unsigned: string;
+ };
+ yes: string;
+ no: string;
+};
+type Lang = { code: string; name: string; mdFile: string; data: LangData };
+// Per-protocol endpoint configuration used to generate Apple DNSSettings payload.
+type Endpoint = {
+ ServerURLOrName: string;
+ ServerAddresses?: string[];
+ signature?: string;
+ onDemandRules?: Array>;
+};
+
+// Variant extends provider defaults (names/notes/censorship/region/website) for one profile family slice.
+type Variant = {
+ names?: Record;
+ notes?: Record;
+ consent?: string;
+ onDemandRules?: Array>;
+ censorship?: boolean;
+ website?: string;
+ region?: string | string[];
+ ServerAddresses?: string[];
+ https?: Endpoint;
+ tls?: Endpoint;
+};
+
+// Provider-level metadata and a set of variants used for table rows and profile generation.
+type Provider = {
+ names: Record;
+ notes?: Record;
+ consent?: string;
+ onDemandRules?: Array>;
+ hidden?: boolean;
+ website?: string;
+ region?: string | string[];
+ censorship?: boolean;
+ variants: Record;
+};
+
+// Flattened generated profile entry (provider + variant + protocol) used for plist/sign output.
+type Profile = {
+ name: string;
+ description: string;
+ consent?: string;
+ onDemanRules?: Array>;
+ protocol: 'https' | 'tls';
+ ServerURLOrName: string;
+ ServerAddresses?: string[];
+ signature?: string;
+};
+type DnsInput = { protocol: string; server: string; addresses: string[] };
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const ROOT = path.join(__dirname, '..', '..');
+const SRC = path.join(ROOT, 'src');
+const PROFILES = path.join(ROOT, 'profiles');
+const SIGNED = path.join(ROOT, 'signed');
+const CERT = path.join(SRC, 'certificates', 'cert.pem');
+const CHAIN = path.join(SRC, 'certificates', 'chain.pem');
+const LANGUAGES_DIR = path.join(SRC, 'languages');
+const DEFAULT_LANG = 'en';
+const OUTPUT_DIR = ROOT;
+const REPO_RAW = 'https://github.com/paulmillr/encrypted-dns/raw/master';
+const SIGN_OPTS = { extraEntropy: false } as const;
+const ROOT_IDENTIFIER = 'com.paulmillr.apple-dns';
+const SENTENCE_SEPARATOR: Record = {
+ en: '. ',
+ 'cmn-CN': ',',
+ 'cmn-TW': ',',
+};
+const REGIONS: Record = {
+ US: '🇺🇸',
+ CN: '🇨🇳',
+ RU: '🇷🇺',
+ NL: '🇳🇱',
+ DE: '🇩🇪',
+ CH: '🇨🇭',
+ FR: '🇫🇷',
+ CA: '🇨🇦',
+ SE: '🇸🇪',
+ CZ: '🇨🇿',
+ EU: '🇪🇺',
+ SG: '🇸🇬',
+ TW: '🇹🇼',
+};
+
+const validateIdent = (v: string, where = 'ident') => {
+ if (!/^[A-Za-z0-9-]+$/.test(v)) throw new Error(`${where}: expected [A-Za-z0-9-], got ${v}`);
+ return v;
+};
+const validId = (s: string) => /^[A-Za-z0-9.-]+$/.test(s);
+const validHost = (s: string) =>
+ /^(?=.{1,253}$)(?!-)(?:[A-Za-z0-9-]{1,63}\.)*[A-Za-z0-9-]{1,63}$/.test(s) && !s.includes('..');
+const splitCsv = (s: string) =>
+ s
+ .split(',')
+ .map((x) => x.trim())
+ .filter(Boolean);
+const validateDnsInput = (x: DnsInput, where: string) => {
+ const protocol = x.protocol.toUpperCase();
+ if (protocol !== 'HTTPS' && protocol !== 'TLS')
+ throw new Error(`${where}: expected protocol HTTPS|TLS, got ${x.protocol}`);
+ if (!x.server.trim()) throw new Error(`${where}: server is required`);
+ if (protocol === 'HTTPS') {
+ let url: URL;
+ try {
+ url = new URL(x.server);
+ } catch {
+ throw new Error(`${where}: https server must be a valid URL, got: ${x.server}`);
+ }
+ if (url.protocol !== 'https:')
+ throw new Error(`${where}: https server URL must use https://, got: ${x.server}`);
+ } else if (!validHost(x.server))
+ throw new Error(`${where}: tls server must be a hostname, got: ${x.server}`);
+ for (const ip of x.addresses)
+ if (!net.isIP(ip)) throw new Error(`${where}: invalid IP address: ${ip}`);
+ if (protocol === 'TLS' && x.addresses.length === 0)
+ throw new Error(`${where}: tls requires at least one IP in addresses`);
+};
+const validateLangMap = (
+ m: Record | undefined,
+ where: string,
+ requireEn: boolean
+) => {
+ if (!m) {
+ if (requireEn) throw new Error(`${where}: missing map`);
+ return;
+ }
+ if (typeof m !== 'object') throw new Error(`${where}: expected object`);
+ if (requireEn) {
+ if (typeof m.en !== 'string' || !m.en.trim()) throw new Error(`${where}: missing non-empty en`);
+ }
+ for (const k in m) {
+ if (k === 'en') continue;
+ if (typeof m[k] !== 'string' || !m[k].trim())
+ throw new Error(`${where}.${k}: expected non-empty string`);
+ }
+};
+const mergeText = (base: string | undefined, extra: string | undefined, joiner: string) => {
+ const a = base ? base.trim() : '';
+ const b = extra ? extra.trim() : '';
+ if (a && b) {
+ if ((joiner === '. ' || joiner === '。') && /[.!?。!?]$/.test(a)) return `${a} ${b}`;
+ if (joiner === ',' && /[,。!?]$/.test(a)) return `${a}${b}`;
+ return `${a}${joiner}${b}`;
+ }
+ return a || b || '';
+};
+const mergeMap = (
+ base: Record | undefined,
+ extra: Record | undefined,
+ joiner: string | Record
+) => {
+ const out: Record = {};
+ const keys = new Set();
+ keys.add(DEFAULT_LANG);
+ if (base) for (const k in base) keys.add(k);
+ if (extra) for (const k in extra) keys.add(k);
+ for (const k of keys) {
+ const b = base ? base[k] || base[DEFAULT_LANG] : undefined;
+ const e = extra ? extra[k] || extra[DEFAULT_LANG] : undefined;
+ const j = typeof joiner === 'string' ? joiner : joiner[k] || joiner[DEFAULT_LANG] || '. ';
+ const merged = mergeText(b, e, j);
+ if (merged) out[k] = merged;
+ }
+ return Object.keys(out).length ? out : undefined;
+};
+const regionList = (region: string | string[] | undefined): string[] =>
+ Array.isArray(region) ? region : region ? [region] : [];
+const formatFlags = (region: string | string[] | undefined): string =>
+ regionList(region)
+ .map((x) => REGIONS[x] || x)
+ .filter(Boolean)
+ .join(' ');
+const getVariants = (name: string, provider: Provider): Record => {
+ validateIdent(name, `provider (${name})`);
+ const out: Record = {};
+ for (const variantName in provider.variants) {
+ validateIdent(variantName, `${name}.variants.${variantName}`);
+ const variant = provider.variants[variantName];
+ out[variantName] = {
+ names: mergeMap(provider.names, variant.names, ' '),
+ notes: mergeMap(provider.notes, variant.notes, SENTENCE_SEPARATOR),
+ consent: variant.consent !== undefined ? variant.consent : provider.consent,
+ onDemandRules:
+ variant.onDemandRules !== undefined ? variant.onDemandRules : provider.onDemandRules,
+ censorship: variant.censorship !== undefined ? variant.censorship : provider.censorship,
+ website: variant.website || provider.website,
+ region: variant.region !== undefined ? variant.region : provider.region,
+ ServerAddresses: variant.ServerAddresses,
+ https: variant.https,
+ tls: variant.tls,
+ };
+ }
+ return out;
+};
+const getProfiles = (name: string, variant: Variant): Record => {
+ validateIdent(name, `profile prefix (${name})`);
+ const out: Record = {};
+ const add = (protocol: 'https' | 'tls', endpoint: Endpoint | undefined) => {
+ if (!endpoint) return;
+ const key = `${name}-${protocol}`;
+ validateIdent(key, `profiles.${key}`);
+ const profileName = (variant.names && variant.names.en) || name;
+ const note = (variant.notes && variant.notes.en) || '';
+ const noteLine = note ? (/[.!?]$/.test(note.trim()) ? note.trim() : `${note.trim()}.`) : '';
+ const flags = formatFlags(variant.region);
+ const profileDescription = `Configures device to use ${profileName} over ${protocol.toUpperCase()}
+${noteLine}
+Server location: ${flags}.
+Filtering: ${variant.censorship ? 'yes' : 'no'}`;
+ out[key] = {
+ name: profileName,
+ description: profileDescription,
+ consent: variant.consent,
+ onDemanRules:
+ endpoint.onDemandRules !== undefined ? endpoint.onDemandRules : variant.onDemandRules,
+ protocol,
+ ServerURLOrName: endpoint.ServerURLOrName,
+ ServerAddresses: endpoint.ServerAddresses || variant.ServerAddresses,
+ signature: endpoint.signature,
+ };
+ };
+ add('https', variant.https);
+ add('tls', variant.tls);
+ return out;
+};
+const uuidV5 = (seed: string) => {
+ // UUID v5 is defined as SHA-1(namespace || name) with v5/variant bits set
+ // (RFC 4122 / RFC 9562). This is used here for stable deterministic IDs,
+ // not as a cryptographic integrity primitive.
+ const ns = new Uint8Array([
+ 0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8,
+ ]);
+ const out = sha1(concatBytes(ns, utf8ToBytes(seed))).subarray(0, 16);
+ out[6] = (out[6] & 0x0f) | 0x50; // byte 6 high nibble = 0101 (version 5), low nibble keeps hash entropy
+ out[8] = (out[8] & 0x3f) | 0x80; // byte 8 high bits = 10 (RFC 4122/9562 variant), low 6 bits keep hash entropy
+ const s = bytesToHex(out);
+ return `${s.slice(0, 8)}-${s.slice(8, 12)}-${s.slice(12, 16)}-${s.slice(16, 20)}-${s.slice(20, 32)}`.toUpperCase();
+};
+const escapeXML = (s: string) =>
+ s
+ .replaceAll('&', '&')
+ .replaceAll('<', '<')
+ .replaceAll('>', '>')
+ .replaceAll('"', '"')
+ .replaceAll("'", ''');
+type PlistNode = string | number | boolean | PlistNode[] | Record;
+const plistNode = (x: PlistNode, level: number): string => {
+ const pad = '\t'.repeat(level);
+ if (typeof x === 'string') return `${pad}${escapeXML(x)}\n`;
+ if (typeof x === 'number') return `${pad}${x}\n`;
+ if (typeof x === 'boolean') return `${pad}<${x ? 'true' : 'false'}/>\n`;
+ if (Array.isArray(x)) {
+ let out = `${pad}\n`;
+ for (const i of x) out += plistNode(i, level + 1);
+ return `${out}${pad}\n`;
+ }
+ let out = `${pad}\n`;
+ for (const [k, v] of Object.entries(x)) {
+ if (v === undefined) continue;
+ out += `${pad}\t${k}\n`;
+ out += plistNode(v, level + 1);
+ }
+ return `${out}${pad}\n`;
+};
+const genProfile = (name: string, profile: Profile): string => {
+ const key = name;
+ const p = profile;
+ const title = p.name;
+ const proto = p.protocol.toUpperCase();
+ const display = `${title} Encrypted DNS over ${proto}`;
+ const rel = `${key}.mobileconfig`;
+ const payloadUUID = uuidV5(`${ROOT_IDENTIFIER}::payload::0::${rel}`);
+ const payloadId = `com.apple.dnsSettings.managed.${payloadUUID.toLowerCase()}`;
+ const topUUID = uuidV5(`${ROOT_IDENTIFIER}::root::${rel}`);
+ const topId = ROOT_IDENTIFIER;
+ const serverKey = p.ServerURLOrName.startsWith('https://') ? 'ServerURL' : 'ServerName';
+ const dns: Record = { DNSProtocol: proto };
+ if (p.ServerAddresses && p.ServerAddresses.length) dns.ServerAddresses = p.ServerAddresses;
+ dns[serverKey] = p.ServerURLOrName;
+ const payload: Record = {
+ DNSSettings: dns,
+ ...(p.onDemanRules ? { OnDemandRules: p.onDemanRules as PlistNode } : {}),
+ PayloadDescription: `Configures device to use ${display}`,
+ PayloadDisplayName: display,
+ PayloadIdentifier: payloadId,
+ PayloadType: 'com.apple.dnsSettings.managed',
+ PayloadUUID: payloadUUID,
+ PayloadVersion: 1,
+ ProhibitDisablement: false,
+ };
+ const root: Record = {
+ PayloadContent: [payload],
+ PayloadDescription: p.description,
+ ...(p.consent ? { ConsentText: { default: p.consent } } : {}),
+ PayloadDisplayName: display,
+ PayloadIdentifier: topId,
+ PayloadRemovalDisallowed: false,
+ PayloadScope: 'System',
+ PayloadType: 'Configuration',
+ PayloadUUID: topUUID,
+ PayloadVersion: 1,
+ };
+ return `
+
+
+${plistNode(root, 0)}
+`;
+};
+const fromSig = (s: string) => {
+ const txt = s.trim();
+ if (!/^[0-9a-f]+$/i.test(txt) || txt.length % 2) throw new Error(`bad signature hex`);
+ return hexToBytes(txt);
+};
+const FULLWIDTH =
+ /[\u1100-\u115F\u2329\u232A\u2E80-\u303E\u3040-\uA4CF\uAC00-\uD7A3\uF900-\uFAFF\uFE10-\uFE19\uFE30-\uFE6F\uFF00-\uFF60\uFFE0-\uFFE6]/u;
+const chrWidth = (str: string) => {
+ let width = 0;
+ for (const c of str) width += FULLWIDTH.test(c) || REGIONS[c] ? 2 : 1;
+ return width;
+};
+const padEnd = (s: string, len: number, chr: string) =>
+ `${s}${chr.repeat(Math.max(0, len - chrWidth(s)))}`;
+const genTable = (rows: string[][]) => {
+ const widths = rows[0].map(() => 0);
+ for (const r of rows)
+ for (let i = 0; i < r.length; i++) widths[i] = Math.max(widths[i], chrWidth(r[i]));
+ let table = '';
+ rows.forEach((r, i) => {
+ const cells = r.map((c, j) => padEnd(c, widths[j], ' ')).join(' | ');
+ table += `| ${cells} |\n`;
+ if (i === 0) table += `| ${r.map((_, j) => padEnd('', widths[j], '-')).join(' | ')} |\n`;
+ });
+ return table;
+};
+const languages: Lang[] = fs
+ .readdirSync(LANGUAGES_DIR)
+ .filter((name) => name.endsWith('.json'))
+ .sort()
+ .map((name) => {
+ const data = JSON.parse(fs.readFileSync(path.join(LANGUAGES_DIR, name), 'utf8')) as LangData;
+ return {
+ code: data.code,
+ name: data.name,
+ mdFile: path.join(LANGUAGES_DIR, name.replace('.json', '.md')),
+ data,
+ };
+ });
+
+const PROVIDERS: Record = Object.fromEntries(
+ fs
+ .readdirSync(SRC)
+ .filter((f) => f.endsWith('.json'))
+ .map((file) => {
+ const m = /^(\d+)-(.+)\.json$/.exec(file);
+ if (!m) throw new Error(`bad provider file name: ${file} (expected NN-slug.json)`);
+ const ord = Number(m[1]);
+ if (!Number.isSafeInteger(ord)) throw new Error(`bad numeric prefix in ${file}`);
+ const slug = validateIdent(m[2], `file slug (${file})`);
+ return { file, ord, slug };
+ })
+ .sort((a, b) => a.ord - b.ord || a.slug.localeCompare(b.slug))
+ .map(({ file, slug }) => {
+ const src = path.join(SRC, file);
+ const provider = JSON.parse(fs.readFileSync(src, 'utf8')) as Provider;
+ if (!provider || typeof provider !== 'object') throw new Error(`${file}: expected object`);
+ if (!provider.names || typeof provider.names !== 'object')
+ throw new Error(`${file}: missing names`);
+ if (provider.notes !== undefined && typeof provider.notes !== 'object')
+ throw new Error(`${file}: notes must be object`);
+ if (provider.consent !== undefined && typeof provider.consent !== 'string')
+ throw new Error(`${file}: consent must be string`);
+ validateLangMap(provider.names, `${file}.names`, true);
+ validateLangMap(provider.notes, `${file}.notes`, false);
+ if (!provider.variants || typeof provider.variants !== 'object')
+ throw new Error(`${file}: missing variants`);
+ for (const k in provider.variants) {
+ validateIdent(k, `${file}.variants.${k}`);
+ const v = provider.variants[k];
+ if (!v || typeof v !== 'object') throw new Error(`${file}.variants.${k}: expected object`);
+ if (v.consent !== undefined && typeof v.consent !== 'string')
+ throw new Error(`${file}.variants.${k}.consent: expected string`);
+ validateLangMap(v.names, `${file}.variants.${k}.names`, k !== 'default');
+ validateLangMap(v.notes, `${file}.variants.${k}.notes`, false);
+ }
+ return [slug, provider] as const;
+ })
+);
+type TableRow = {
+ id: string;
+ profileBase: string;
+ hidden: boolean;
+ website?: string;
+ names: Record;
+ notes: Record;
+ region: string[];
+ censorship: boolean;
+ unsigned: { https: boolean; tls: boolean };
+ signed: { https: boolean; tls: boolean };
+};
+let tableRows: TableRow[] = [];
+const tags: Record string> = {
+ LANGUAGES: (lang) =>
+ languages
+ .map((x) => {
+ if (x.code === lang.code) return x.name;
+ return `[${x.name}](https://github.com/paulmillr/encrypted-dns/${x.code === DEFAULT_LANG ? '' : `blob/master/README.${x.code}.md`})`;
+ })
+ .join(' | '),
+ PROVIDERS_TABLE: (lang) => {
+ const mat: string[][] = [
+ [
+ lang.data.table_columns.name,
+ lang.data.table_columns.region,
+ lang.data.table_columns.censorship,
+ lang.data.table_columns.notes,
+ lang.data.table_columns.install_signed,
+ lang.data.table_columns.install_unsigned,
+ ],
+ ];
+ for (const r of tableRows.filter((x) => !x.hidden)) {
+ const name = r.names[lang.code] || r.names[DEFAULT_LANG] || r.id;
+ const note = r.notes[lang.code] || r.notes[DEFAULT_LANG] || '';
+ const region = r.region
+ .map((x) => REGIONS[x] || '')
+ .join(' ')
+ .trim();
+ const c = r.censorship ? lang.data.yes : lang.data.no;
+ const s: string[] = [];
+ if (r.signed.https) s.push(`[HTTPS][${r.profileBase}-https-signed]`);
+ if (r.signed.tls) s.push(`[TLS][${r.profileBase}-tls-signed]`);
+ const u: string[] = [];
+ if (r.unsigned.https) u.push(`[HTTPS][${r.profileBase}-https]`);
+ if (r.unsigned.tls) u.push(`[TLS][${r.profileBase}-tls]`);
+ mat.push([`[${name}][${r.id}]`, region, c, note, s.join(', '), u.join(', ')]);
+ }
+ return genTable(mat).trim();
+ },
+ PROVIDERS_LINKS: () => {
+ let out = '';
+ for (const r of tableRows.filter((x) => !x.hidden)) {
+ if (r.website) out += `[${r.id}]: ${r.website}\n`;
+ if (r.unsigned.https)
+ out += `[${r.profileBase}-https]: ${REPO_RAW}/profiles/${r.profileBase}-https.mobileconfig\n`;
+ if (r.unsigned.tls)
+ out += `[${r.profileBase}-tls]: ${REPO_RAW}/profiles/${r.profileBase}-tls.mobileconfig\n`;
+ }
+ for (const r of tableRows.filter((x) => !x.hidden)) {
+ if (r.signed.https)
+ out += `[${r.profileBase}-https-signed]: ${REPO_RAW}/signed/${r.profileBase}-https.mobileconfig\n`;
+ if (r.signed.tls)
+ out += `[${r.profileBase}-tls-signed]: ${REPO_RAW}/signed/${r.profileBase}-tls.mobileconfig\n`;
+ }
+ return out;
+ },
+};
+const main = () => {
+ tableRows = [];
+ const enc = new TextEncoder();
+ const signerMaterial =
+ fs.existsSync(CERT) && fs.existsSync(CHAIN)
+ ? { cert: fs.readFileSync(CERT, 'utf8'), chain: fs.readFileSync(CHAIN, 'utf8') }
+ : undefined;
+ if (!fs.existsSync(PROFILES)) fs.mkdirSync(PROFILES);
+ if (!fs.existsSync(SIGNED)) fs.mkdirSync(SIGNED);
+ for (const [providerName, provider] of Object.entries(PROVIDERS)) {
+ const variants = getVariants(providerName, provider);
+ for (const [variantName, variant] of Object.entries(variants)) {
+ const base = `${providerName}-${variantName}`;
+ const all = getProfiles(base, variant);
+ const row: TableRow = {
+ id: base,
+ profileBase: base,
+ hidden: !!provider.hidden,
+ website: variant.website,
+ names: variant.names || { en: base },
+ notes: variant.notes || { en: '' },
+ region: regionList(variant.region),
+ censorship: !!variant.censorship,
+ unsigned: { https: false, tls: false },
+ signed: { https: false, tls: false },
+ };
+ for (const [profileName, profile] of Object.entries(all)) {
+ const xml = genProfile(profileName, profile);
+ const profilePath = path.join(PROFILES, `${profileName}.mobileconfig`);
+ fs.writeFileSync(profilePath, xml);
+ console.log(`Generated profiles/${profileName}.mobileconfig`);
+ let hasSigned = false;
+ if (profile.signature) {
+ const compact = fromSig(profile.signature);
+ if (!signerMaterial) {
+ console.log(
+ `WARN missing cert/chain; skipping signed/${profileName}.mobileconfig (need certificates/cert.pem + certificates/chain.pem)`
+ );
+ row.unsigned[profile.protocol] = true;
+ row.signed[profile.protocol] = false;
+ continue;
+ }
+ const der = CMS.compact.build(
+ enc.encode(xml),
+ compact,
+ signerMaterial.cert,
+ signerMaterial.chain,
+ SIGN_OPTS
+ );
+ CMS.verify(der, { allowBER: true, checkSignatures: true, time: Date.now() });
+ fs.writeFileSync(path.join(SIGNED, `${profileName}.mobileconfig`), der);
+ console.log(`Generated signed/${profileName}.mobileconfig`);
+ hasSigned = true;
+ }
+ row.unsigned[profile.protocol] = true;
+ row.signed[profile.protocol] = hasSigned;
+ }
+ tableRows.push(row);
+ }
+ }
+ for (const lang of languages) {
+ const tpl = fs.readFileSync(lang.mdFile, 'utf8');
+ let out = tpl;
+ for (const [k, fn] of Object.entries(tags))
+ out = out.replace(new RegExp(`<%${k}%>`, 'g'), fn(lang));
+ const file = lang.code === DEFAULT_LANG ? 'README.md' : `README.${lang.code}.md`;
+ fs.writeFileSync(path.join(OUTPUT_DIR, file), out, 'utf8');
+ console.log(`Generated ${file}`);
+ }
+ console.log(`providers: ${Object.keys(PROVIDERS).length}`);
+ console.log(`rows: ${tableRows.length}`);
+};
+
+if (process.argv[1] && path.resolve(process.argv[1]) === __filename) {
+ main();
+}
+
+export { genProfile, getProfiles, getVariants, SIGN_OPTS, splitCsv, validateDnsInput, validId };
+export type { Profile, Provider, Variant };
diff --git a/src/scripts/check-fields.ts b/src/scripts/check-fields.ts
new file mode 100755
index 0000000..71eb62e
--- /dev/null
+++ b/src/scripts/check-fields.ts
@@ -0,0 +1,112 @@
+#!/usr/bin/env node
+import fs from 'node:fs';
+import path from 'node:path';
+
+type Seen = { count: number; where: string[] };
+
+const ROOT = path.join(path.dirname(new URL(import.meta.url).pathname), '..', '..');
+const DIR = path.join(ROOT, 'src');
+const files = fs
+ .readdirSync(DIR)
+ .filter((f) => f.endsWith('.json'))
+ .sort();
+const showWhere = process.argv.includes('--where');
+
+const add = (map: Map, key: string, where: string) => {
+ const cur = map.get(key);
+ if (cur) {
+ cur.count++;
+ cur.where.push(where);
+ return;
+ }
+ map.set(key, { count: 1, where: [where] });
+};
+
+const walk = (v: unknown, prefix: string, where: string, map: Map) => {
+ if (!v || typeof v !== 'object' || Array.isArray(v)) return;
+ for (const [k, val] of Object.entries(v)) {
+ const p = prefix ? `${prefix}.${k}` : k;
+ add(map, p, where);
+ if (!val || typeof val !== 'object' || Array.isArray(val)) continue;
+ walk(val, p, where, map);
+ }
+};
+
+const providerFields = new Map();
+const variantFields = new Map();
+const endpointFields = new Map();
+let totalVariants = 0;
+let totalEndpoints = 0;
+
+for (const f of files) {
+ const full = path.join(DIR, f);
+ const p = JSON.parse(fs.readFileSync(full, 'utf8')) as Record;
+ for (const [k, val] of Object.entries(p)) {
+ if (k === 'variants') continue;
+ add(providerFields, k, f);
+ if (!val || typeof val !== 'object' || Array.isArray(val)) continue;
+ walk(val, k, f, providerFields);
+ }
+ const variants = p.variants;
+ if (!variants || typeof variants !== 'object' || Array.isArray(variants)) continue;
+ for (const variant of Object.values(variants as Record)) {
+ if (!variant || typeof variant !== 'object' || Array.isArray(variant)) continue;
+ const variantObj = variant as Record;
+ totalVariants++;
+ for (const [k, val] of Object.entries(variantObj)) {
+ if (k === 'https' || k === 'tls') continue;
+ add(variantFields, k, f);
+ if (!val || typeof val !== 'object' || Array.isArray(val)) continue;
+ walk(val, k, f, variantFields);
+ }
+ for (const proto of ['https', 'tls'] as const) {
+ const cfg = variantObj[proto];
+ if (!cfg || typeof cfg !== 'object' || Array.isArray(cfg)) continue;
+ totalEndpoints++;
+ // Intentionally ignore variant name in field path: aggregate by endpoint shape only.
+ walk(cfg, '', `${f}:${proto}`, endpointFields);
+ }
+ }
+}
+
+const print = (title: string, map: Map, total: number, showWhereArg: boolean) => {
+ console.log(`\n${title}`);
+ const rows = Array.from(map.entries());
+ const groups = new Map>();
+ for (const row of rows) {
+ const root = row[0].split('.')[0];
+ const cur = groups.get(root);
+ if (cur) {
+ cur.push(row);
+ continue;
+ }
+ groups.set(root, [row]);
+ }
+ const order = Array.from(groups.keys()).sort((a, b) => {
+ const ca = map.get(a)?.count || 0;
+ const cb = map.get(b)?.count || 0;
+ if (cb !== ca) return cb - ca;
+ return a.localeCompare(b);
+ });
+ for (const root of order) {
+ const list = groups.get(root) || [];
+ list.sort((a, b) => {
+ if (a[0] === root && b[0] !== root) return -1;
+ if (b[0] === root && a[0] !== root) return 1;
+ if (b[1].count !== a[1].count) return b[1].count - a[1].count;
+ return a[0].localeCompare(b[0]);
+ });
+ for (const [field, info] of list) {
+ const indent = field === root ? '' : ' ';
+ const label = field === root ? field : field.slice(root.length + 1);
+ const pct = total ? Math.round((info.count / total) * 100) : 0;
+ console.log(`${indent}${label} -> ${info.count}/${total} (${pct}%)`);
+ if (showWhereArg) for (const w of info.where) console.log(` ${w}`);
+ }
+ }
+};
+
+console.log(`providers: ${files.length}`);
+print('provider-fields', providerFields, files.length, showWhere);
+print('variant-fields', variantFields, totalVariants, showWhere);
+print('endpoint-fields(https/tls)', endpointFields, totalEndpoints, showWhere);
diff --git a/src/scripts/new.test.ts b/src/scripts/new.test.ts
new file mode 100644
index 0000000..8bf91af
--- /dev/null
+++ b/src/scripts/new.test.ts
@@ -0,0 +1,323 @@
+import { deepStrictEqual } from 'node:assert';
+import { spawn, spawnSync } from 'node:child_process';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { describe, it } from 'node:test';
+
+const ROOT = path.join(path.dirname(new URL(import.meta.url).pathname), '..', '..');
+const NEW = path.join(ROOT, 'src', 'scripts', 'new.ts');
+
+const run = (args: string[], input = '', cwd?: string) => {
+ const res = spawnSync('node', [NEW, ...args], {
+ cwd: cwd || ROOT,
+ input,
+ encoding: 'utf8',
+ });
+ if (res.status !== 0)
+ throw new Error(`new.ts failed (${res.status}):\n${res.stdout}\n${res.stderr}`);
+ return res;
+};
+const runRaw = (args: string[], input = '', cwd?: string) =>
+ spawnSync('node', [NEW, ...args], {
+ cwd: cwd || ROOT,
+ input,
+ encoding: 'utf8',
+ });
+
+type PtyRes = {
+ code: number | null;
+ signal: NodeJS.Signals | null;
+ sent: number;
+ outTail: string;
+ errTail: string;
+};
+const runPtyFlow = async (
+ argv: string[],
+ cwd: string,
+ answers: string[],
+ opts: { timeoutMs?: number } = {}
+): Promise => {
+ const timeoutMs = opts.timeoutMs || 15000;
+ const cmd = argv.map((a) => JSON.stringify(a)).join(' ');
+ const p = spawn('bash', ['-lc', cmd], {
+ cwd,
+ stdio: ['pipe', 'pipe', 'pipe'],
+ });
+ let sent = 0;
+ let out = '';
+ let err = '';
+ const send = () => {
+ if (sent >= answers.length) return;
+ if (!p.stdin.writable) return;
+ p.stdin.write(`${answers[sent++]}\n`);
+ if (sent === answers.length) p.stdin.end();
+ };
+ p.stdout.on('data', (d) => {
+ out += d.toString();
+ if (/(?:\]: |: )$/.test(out)) send();
+ });
+ p.stderr.on('data', (d) => {
+ err += d.toString();
+ });
+ return await new Promise((resolve, reject) => {
+ const timer = setTimeout(() => {
+ p.kill('SIGKILL');
+ reject(
+ new Error(
+ `PTY interactive flow timed out\nstdout:\n${out.slice(-800)}\nstderr:\n${err.slice(-800)}`
+ )
+ );
+ }, timeoutMs);
+ p.on('error', (e) => {
+ clearTimeout(timer);
+ reject(e);
+ });
+ p.on('exit', (code, signal) => {
+ clearTimeout(timer);
+ resolve({ code, signal, sent, outTail: out.slice(-800), errTail: err.slice(-800) });
+ });
+ });
+};
+
+const EXPECT_ARGS = `
+
+
+
+\tPayloadContent
+\t
+\t\t
+\t\t\tDNSSettings
+\t\t\t
+\t\t\t\tDNSProtocol
+\t\t\t\tHTTPS
+\t\t\t\tServerAddresses
+\t\t\t\t
+\t\t\t\t\t1.1.1.1
+\t\t\t\t\t1.0.0.1
+\t\t\t\t
+\t\t\t\tServerURL
+\t\t\t\thttps://dns.example.test/dns-query
+\t\t\t
+\t\t\tPayloadDescription
+\t\t\tConfigures device to use Args DNS Encrypted DNS over HTTPS
+\t\t\tPayloadDisplayName
+\t\t\tArgs DNS Encrypted DNS over HTTPS
+\t\t\tPayloadIdentifier
+\t\t\tcom.apple.dnsSettings.managed.a25bcc3b-655b-58d4-b883-dce8ca57b701
+\t\t\tPayloadType
+\t\t\tcom.apple.dnsSettings.managed
+\t\t\tPayloadUUID
+\t\t\tA25BCC3B-655B-58D4-B883-DCE8CA57B701
+\t\t\tPayloadVersion
+\t\t\t1
+\t\t\tProhibitDisablement
+\t\t\t
+\t\t
+\t
+\tPayloadDescription
+\tArgs top description
+\tPayloadDisplayName
+\tArgs DNS Encrypted DNS over HTTPS
+\tPayloadIdentifier
+\tcom.paulmillr.apple-dns
+\tPayloadRemovalDisallowed
+\t
+\tPayloadScope
+\tSystem
+\tPayloadType
+\tConfiguration
+\tPayloadUUID
+\tA41DCCF5-F126-5CF4-83A3-76151FDA864F
+\tPayloadVersion
+\t1
+
+
+`;
+const EXPECT_INTERACTIVE = `
+
+
+
+\tPayloadContent
+\t
+\t\t
+\t\t\tDNSSettings
+\t\t\t
+\t\t\t\tDNSProtocol
+\t\t\t\tHTTPS
+\t\t\t\tServerAddresses
+\t\t\t\t
+\t\t\t\t\t1.1.1.1
+\t\t\t\t\t1.0.0.1
+\t\t\t\t
+\t\t\t\tServerURL
+\t\t\t\thttps://dns.interactive.test/dns-query
+\t\t\t
+\t\t\tPayloadDescription
+\t\t\tConfigures device to use Interactive DNS Encrypted DNS over HTTPS
+\t\t\tPayloadDisplayName
+\t\t\tInteractive DNS Encrypted DNS over HTTPS
+\t\t\tPayloadIdentifier
+\t\t\tcom.apple.dnsSettings.managed.da5947a2-98fc-5296-a77b-ad12511af53e
+\t\t\tPayloadType
+\t\t\tcom.apple.dnsSettings.managed
+\t\t\tPayloadUUID
+\t\t\tDA5947A2-98FC-5296-A77B-AD12511AF53E
+\t\t\tPayloadVersion
+\t\t\t1
+\t\t\tProhibitDisablement
+\t\t\t
+\t\t
+\t
+\tPayloadDescription
+\tAdds the Interactive DNS to Big Sur and iOS 14 based systems
+\tPayloadDisplayName
+\tInteractive DNS Encrypted DNS over HTTPS
+\tPayloadIdentifier
+\tcom.paulmillr.apple-dns
+\tPayloadRemovalDisallowed
+\t
+\tPayloadScope
+\tSystem
+\tPayloadType
+\tConfiguration
+\tPayloadUUID
+\t24F6FD9B-B466-5565-9896-6F398ADD8741
+\tPayloadVersion
+\t1
+
+
+`;
+
+describe('new.ts', () => {
+ it('args flow generates expected profile shape', () => {
+ const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-args-'));
+ try {
+ const out = path.join(dir, 'args.mobileconfig');
+ run(
+ [
+ '--name',
+ 'Args DNS',
+ '--protocol',
+ 'https',
+ '--server',
+ 'https://dns.example.test/dns-query',
+ '--addresses',
+ '1.1.1.1,1.0.0.1',
+ '--description',
+ 'Args top description',
+ '--out',
+ out,
+ ],
+ '',
+ dir
+ );
+ const got = fs.readFileSync(out, 'utf8');
+ deepStrictEqual(got, EXPECT_ARGS);
+ } finally {
+ fs.rmSync(dir, { recursive: true, force: true });
+ }
+ });
+
+ it('uses deterministic UUIDs for same output filename', () => {
+ const aDir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-det-a-'));
+ const bDir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-det-b-'));
+ try {
+ const outA = path.join(aDir, 'same.mobileconfig');
+ const outB = path.join(bDir, 'same.mobileconfig');
+ const args = [
+ '--name',
+ 'Det DNS',
+ '--protocol',
+ 'https',
+ '--server',
+ 'https://dns.det.test/dns-query',
+ '--addresses',
+ '1.1.1.1',
+ ];
+ run([...args, '--out', outA], '', aDir);
+ run([...args, '--out', outB], '', bDir);
+ deepStrictEqual(fs.readFileSync(outA, 'utf8'), fs.readFileSync(outB, 'utf8'));
+ } finally {
+ fs.rmSync(aDir, { recursive: true, force: true });
+ fs.rmSync(bDir, { recursive: true, force: true });
+ }
+ });
+
+ it('fails on invalid https server URL', () => {
+ const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-retry-'));
+ try {
+ const res = runRaw(
+ [
+ '--name',
+ 'Retry DNS',
+ '--protocol',
+ 'https',
+ '--server',
+ 'bad-url',
+ '--addresses',
+ '1.1.1.1',
+ ],
+ '',
+ dir
+ );
+ deepStrictEqual(res.status, 1);
+ deepStrictEqual(fs.readdirSync(dir).filter((x) => x.endsWith('.mobileconfig')).length, 0);
+ } finally {
+ fs.rmSync(dir, { recursive: true, force: true });
+ }
+ });
+
+ it('appends .mobileconfig when output has no extension', () => {
+ const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-ext-'));
+ try {
+ const outNoExt = path.join(dir, 'noext');
+ const res = run(
+ [
+ '--name',
+ 'NoExt DNS',
+ '--protocol',
+ 'https',
+ '--server',
+ 'https://dns.noext.test/dns-query',
+ '--addresses',
+ '1.1.1.1',
+ '--out',
+ outNoExt,
+ ],
+ '',
+ dir
+ );
+ deepStrictEqual(res.status, 0);
+ deepStrictEqual(fs.existsSync(`${outNoExt}.mobileconfig`), true);
+ } finally {
+ fs.rmSync(dir, { recursive: true, force: true });
+ }
+ });
+
+ it('full interactive flow', async () => {
+ if (process.env.NEW_TEST_PTY === '0') return;
+ const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-pty-'));
+ try {
+ const out = path.join(dir, 'interactive.mobileconfig');
+ const answers = [
+ 'Interactive DNS',
+ 'https',
+ 'https://dns.interactive.test/dns-query',
+ '1.1.1.1,1.0.0.1',
+ 'no',
+ 'Adds the Interactive DNS to Big Sur and iOS 14 based systems',
+ out,
+ ];
+ const res = await runPtyFlow(['node', NEW], dir, answers);
+ deepStrictEqual(res.code, 0);
+ deepStrictEqual(res.signal, null);
+ deepStrictEqual(res.sent, answers.length);
+ deepStrictEqual(fs.existsSync(out), true);
+ const xml = fs.readFileSync(out, 'utf8');
+ deepStrictEqual(xml, EXPECT_INTERACTIVE);
+ } finally {
+ fs.rmSync(dir, { recursive: true, force: true });
+ }
+ });
+});
diff --git a/scripts/new.ts b/src/scripts/new.ts
similarity index 63%
rename from scripts/new.ts
rename to src/scripts/new.ts
index ce7affd..9b33e04 100755
--- a/scripts/new.ts
+++ b/src/scripts/new.ts
@@ -3,31 +3,18 @@ import fs from 'node:fs';
import path from 'node:path';
import { stdin as input, stdout as output } from 'node:process';
import { createInterface } from 'node:readline/promises';
-import {
- deterministicUuid,
- generateSingle,
- splitCsv,
- validId,
- validateDnsInput,
- type ProfileCfg,
-} from './build.ts';
+import { genProfile, splitCsv, validateDnsInput } from './build.ts';
import { signFile } from './sign-single.ts';
type Proto = 'https' | 'tls';
type Input = {
name: string;
- organizationName: string;
- profileIdentifier: string;
protocol: Proto;
server: string;
- addresses: string[];
- certs: string[];
+ addresses?: string[];
out: string;
description: string;
- topDescription: string;
- prohibitDisablement: boolean;
- scope: string;
ca?: string;
priv_key?: string;
chain?: string;
@@ -36,24 +23,17 @@ type PartialInput = Partial;
const usage = () => {
console.error(`usage:
- node scripts/new.ts --name --protocol --server --addresses [--organization ] [--profile-identifier ] [--certs ] [--out ] [--description ] [--top-description ] [--prohibit-disablement ] [--scope ] [--ca --priv_key [--chain ]]
+ new.ts --name --protocol --server --addresses [--out ] [--description ] [--ca --priv_key [--chain ]]
notes:
- if no args are passed, interactive mode starts
- --addresses may be empty only for https
- - --prohibit-disablement: true prevents users from disabling encrypted DNS
- - --scope: System applies to all users, User applies to current user
- - PayloadRemovalDisallowed is fixed to false (same as dns-profile-generator UI flow)`);
+ - profile identifier is derived from output file name (same key scheme as build.ts)`);
};
const die = (msg: string): never => {
throw new Error(msg);
};
-const parseBool = (v: string, name: string) => {
- if (v === 'true') return true;
- if (v === 'false') return false;
- return die(`${name}: expected true|false, got ${v}`);
-};
const parseYesNo = (v: string, name: string) => {
const x = v.toLowerCase();
if (x === 'yes' || x === 'y') return true;
@@ -67,14 +47,11 @@ const slug = (s: string) =>
.replace(/(^-|-$)/g, '') || 'dns-profile';
const validate = (x: Input): Input => {
if (!x.name.trim()) die('name is required');
- if (!x.profileIdentifier.trim()) die('profile-identifier is required');
- if (!validId(x.profileIdentifier))
- die(`profile-identifier must match [A-Za-z0-9.-], got: ${x.profileIdentifier}`);
if (!x.out.trim()) die('out is required');
- if (x.scope !== 'System' && x.scope !== 'User')
- die(`scope: expected System|User, got ${x.scope}`);
- validateDnsInput({ protocol: x.protocol, server: x.server, addresses: x.addresses }, 'cli input');
- for (const f of x.certs) if (!fs.existsSync(f)) die(`missing file: ${f}`);
+ validateDnsInput(
+ { protocol: x.protocol, server: x.server, addresses: x.addresses || [] },
+ 'cli input'
+ );
if ((x.ca && !x.priv_key) || (!x.ca && x.priv_key))
die('signing requires both --ca and --priv_key');
if (x.chain && (!x.ca || !x.priv_key)) die('--chain requires both --ca and --priv_key');
@@ -91,71 +68,25 @@ const withDefaults = (x: PartialInput): Input => {
name,
protocol,
server: x.server || '',
- addresses: x.addresses || [],
- certs: x.certs || [],
- organizationName: x.organizationName || '',
+ addresses: x.addresses,
out: x.out || `${slug(name)}-${protocol}.mobileconfig`,
- profileIdentifier: x.profileIdentifier || 'com.example.dns',
- description: x.description || `Configures device to use ${name}`,
- topDescription: x.topDescription || `Adds ${name} to Big Sur and iOS 14 based systems`,
- prohibitDisablement: x.prohibitDisablement !== undefined ? x.prohibitDisablement : false,
- scope: x.scope || 'System',
+ description: x.description || `Adds the ${name} to Big Sur and iOS 14 based systems`,
ca: x.ca,
priv_key: x.priv_key,
chain: x.chain,
};
};
-const asProfile = (x: Input): ProfileCfg => ({
- dns: {
- protocol: x.protocol.toUpperCase(),
- server: x.server,
- addresses: x.addresses,
- },
- PayloadDisplayName: x.name,
- PayloadDescription: x.description,
- PayloadIdentifier: `${x.profileIdentifier}.dns`,
- PayloadUUID: deterministicUuid(x.profileIdentifier, 'payload', 'cli', 0),
- ProhibitDisablement: x.prohibitDisablement,
- top: {
- displayName: x.name,
- description: x.topDescription,
- identifier: x.profileIdentifier,
- uuid: deterministicUuid(x.profileIdentifier, 'root', 'cli'),
- removalDisallowed: false,
- scope: x.scope,
- organization: x.organizationName || undefined,
- },
- certificates: x.certs.map((f, i) => {
- const data = fs.readFileSync(f, 'utf8');
- const name = path.basename(f).replace(/\.(pem|cer|crt)$/i, '');
- return {
- fileName: path.basename(f),
- data,
- displayName: name || `Certificate ${i + 1}`,
- identifier: `${x.profileIdentifier}.cert.${i}`,
- uuid: deterministicUuid(x.profileIdentifier, 'payload', 'cert', i + 1),
- };
- }),
- escapeXML: true,
-});
-
const parseArgs = (argv: string[]): PartialInput => {
if (!argv.length) return {};
const out: Record = {};
const allowed = new Set([
'name',
- 'organization',
- 'profile-identifier',
'protocol',
'server',
'addresses',
- 'certs',
'out',
'description',
- 'top-description',
- 'prohibit-disablement',
- 'scope',
'ca',
'priv_key',
'chain',
@@ -171,22 +102,13 @@ const parseArgs = (argv: string[]): PartialInput => {
i++;
}
const protocol = out.protocol as Proto | undefined;
- const name = out.name;
return {
- name,
- organizationName: out.organization,
- profileIdentifier: out['profile-identifier'],
+ name: out.name,
protocol,
server: out.server,
addresses: out.addresses !== undefined ? splitCsv(out.addresses) : undefined,
- certs: out.certs !== undefined ? splitCsv(out.certs) : undefined,
description: out.description,
- topDescription: out['top-description'],
out: out.out,
- prohibitDisablement: out['prohibit-disablement']
- ? parseBool(out['prohibit-disablement'], 'prohibit-disablement')
- : undefined,
- scope: out.scope,
ca: out.ca,
priv_key: out.priv_key,
chain: out.chain,
@@ -213,7 +135,7 @@ const askRequired = async (seed: PartialInput = {}): Promise => {
try {
const name =
seed.name ||
- (await retry('Display name', '', (v) => {
+ (await retry('Provider name', '', (v) => {
if (!v) throw new Error('name is required');
return v;
}));
@@ -276,7 +198,7 @@ const askFull = async (): Promise => {
}
};
try {
- const name = await retry('Display name', '', (v) => {
+ const name = await retry('Provider name', '', (v) => {
if (!v) throw new Error('name is required');
return v;
});
@@ -304,22 +226,11 @@ const askFull = async (): Promise => {
}
);
const sign = await retry('Sign profile? (yes/no)', 'no', (v) => parseYesNo(v, 'sign'));
- const organizationName = await q('Organization name (optional)');
- const profileIdentifier = await retry('Profile identifier', 'com.example.dns', (v) => {
- if (!validId(v)) throw new Error(`profile-identifier must match [A-Za-z0-9.-], got: ${v}`);
- return v;
- });
- const out = await q('Output file', `${slug(name)}-${protocol}.mobileconfig`);
- const prohibitDisablement = await retry(
- 'Prohibit disabling encrypted DNS? (true|false)',
- 'false',
- (v) => parseBool(v.toLowerCase(), 'ProhibitDisablement')
+ const description = await q(
+ 'Profile description',
+ `Adds the ${name} to Big Sur and iOS 14 based systems`
);
- const scope = await retry('Payload scope (System|User)', 'System', (v) => {
- const x = v[0]?.toUpperCase() + v.slice(1).toLowerCase();
- if (x !== 'System' && x !== 'User') throw new Error(`scope: expected System|User, got ${v}`);
- return x;
- });
+ const out = await q('Output file', `${slug(name)}-${protocol}.mobileconfig`);
let ca = '';
let priv_key = '';
let chain = '';
@@ -345,11 +256,8 @@ const askFull = async (): Promise => {
protocol,
server,
addresses,
- organizationName,
- profileIdentifier,
+ description,
out,
- prohibitDisablement,
- scope,
ca: ca || undefined,
priv_key: priv_key || undefined,
chain: chain || undefined,
@@ -367,8 +275,20 @@ const main = async () => {
}
const parsed = parseArgs(argv);
const cfg = validate(withDefaults(argv.length ? await askRequired(parsed) : await askFull()));
- const xml = generateSingle(asProfile(cfg));
const out = path.resolve(cfg.out);
+ const outFile = path.basename(out);
+ const key = outFile.endsWith('.mobileconfig')
+ ? outFile.slice(0, -'.mobileconfig'.length)
+ : outFile;
+ if (!/^[A-Za-z0-9-]+$/.test(key))
+ throw new Error(`output file stem must match [A-Za-z0-9-], got: ${key}`);
+ const xml = genProfile(key, {
+ name: cfg.name,
+ description: cfg.description,
+ protocol: cfg.protocol,
+ ServerURLOrName: cfg.server,
+ ServerAddresses: cfg.addresses,
+ });
fs.mkdirSync(path.dirname(out), { recursive: true });
fs.writeFileSync(out, xml);
console.log(out);
diff --git a/src/scripts/sign-single-openssl.sh b/src/scripts/sign-single-openssl.sh
new file mode 100755
index 0000000..08476af
--- /dev/null
+++ b/src/scripts/sign-single-openssl.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ "$#" -lt 5 ]; then
+ echo "usage: scripts/sign-single-openssl.sh --ca --priv_key [--chain ] " >&2
+ exit 1
+fi
+
+ca=""
+priv_key=""
+chain=""
+input=""
+
+while [ "$#" -gt 0 ]; do
+ case "$1" in
+ --ca)
+ ca="$2"
+ shift 2
+ ;;
+ --priv_key)
+ priv_key="$2"
+ shift 2
+ ;;
+ --chain)
+ chain="$2"
+ shift 2
+ ;;
+ *)
+ input="$1"
+ shift
+ ;;
+ esac
+done
+
+if [ -z "$ca" ] || [ -z "$priv_key" ] || [ -z "$input" ]; then
+ echo "usage: scripts/sign-single-openssl.sh --ca --priv_key [--chain ] " >&2
+ exit 1
+fi
+
+for f in "$ca" "$priv_key" "$input"; do
+ if [ ! -f "$f" ]; then
+ echo "missing file: $f" >&2
+ exit 1
+ fi
+done
+if [ -n "$chain" ] && [ ! -f "$chain" ]; then
+ echo "missing file: $chain" >&2
+ exit 1
+fi
+
+if [[ "$input" == *.mobileconfig ]]; then
+ out="${input%.mobileconfig}.signed.mobileconfig"
+else
+ out="$input.signed.mobileconfig"
+fi
+
+cmd=(openssl cms -sign -binary -nodetach -nosmimecap -in "$input" -signer "$ca" -inkey "$priv_key" -outform DER -out "$out")
+if [ -n "$chain" ]; then
+ cmd+=( -certfile "$chain" )
+fi
+"${cmd[@]}"
+echo "$out"
diff --git a/src/scripts/sign-single.test.ts b/src/scripts/sign-single.test.ts
new file mode 100644
index 0000000..ddc0f6b
--- /dev/null
+++ b/src/scripts/sign-single.test.ts
@@ -0,0 +1,162 @@
+import { CMS } from 'micro-key-producer/x509.js';
+import { deepStrictEqual } from 'node:assert';
+import { execFileSync } from 'node:child_process';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { describe, it } from 'node:test';
+
+const root = path.join(path.dirname(new URL(import.meta.url).pathname), '..');
+const scriptSign = path.join(root, 'scripts', 'sign-single.ts');
+const scriptOpenSSL = path.join(root, 'scripts', 'sign-single-openssl.sh');
+
+const opensslUsable = () => {
+ try {
+ execFileSync('openssl', ['version'], { stdio: 'pipe', encoding: 'utf8' });
+ } catch (e) {
+ const err = e as NodeJS.ErrnoException;
+ if (err.code === 'EPERM' || err.code === 'ENOENT')
+ throw new Error(`OpenSSL is required for sign.test.ts (${err.code})`);
+ throw e;
+ }
+};
+const openssl = (args: string[], cwd: string) =>
+ execFileSync('openssl', args, { cwd, stdio: 'pipe', encoding: 'utf8' });
+const genCerts = (dir: string) => {
+ const rootKeyEc = path.join(dir, 'root.key.ec.pem');
+ const rootKey = path.join(dir, 'root.key.pem');
+ const rootPem = path.join(dir, 'root.pem');
+ const signerKeyEc = path.join(dir, 'signer.key.ec.pem');
+ const signerKey = path.join(dir, 'signer.key.pem');
+ const signerCsr = path.join(dir, 'signer.csr.pem');
+ const signerPem = path.join(dir, 'signer.pem');
+ const chainPem = path.join(dir, 'chain.pem');
+ const ext = path.join(dir, 'signer.ext');
+ openssl(['ecparam', '-name', 'prime256v1', '-genkey', '-noout', '-out', rootKeyEc], dir);
+ openssl(['pkcs8', '-topk8', '-nocrypt', '-in', rootKeyEc, '-out', rootKey], dir);
+ openssl(
+ [
+ 'req',
+ '-x509',
+ '-new',
+ '-key',
+ rootKeyEc,
+ '-sha256',
+ '-days',
+ '3650',
+ '-subj',
+ '/CN=Test Root',
+ '-out',
+ rootPem,
+ ],
+ dir
+ );
+ openssl(['ecparam', '-name', 'prime256v1', '-genkey', '-noout', '-out', signerKeyEc], dir);
+ openssl(['pkcs8', '-topk8', '-nocrypt', '-in', signerKeyEc, '-out', signerKey], dir);
+ openssl(['req', '-new', '-key', signerKey, '-subj', '/CN=Test Signer', '-out', signerCsr], dir);
+ fs.writeFileSync(ext, 'basicConstraints=critical,CA:FALSE\nkeyUsage=critical,digitalSignature\n');
+ openssl(
+ [
+ 'x509',
+ '-req',
+ '-in',
+ signerCsr,
+ '-CA',
+ rootPem,
+ '-CAkey',
+ rootKey,
+ '-CAcreateserial',
+ '-out',
+ signerPem,
+ '-days',
+ '365',
+ '-sha256',
+ '-extfile',
+ ext,
+ ],
+ dir
+ );
+ fs.copyFileSync(rootPem, chainPem);
+ return { signerPem, signerKey, chainPem, rootPem };
+};
+const firstProfile = () => {
+ const dir = path.join(root, '..', 'profiles');
+ const list = fs
+ .readdirSync(dir)
+ .filter((x) => x.endsWith('.mobileconfig'))
+ .sort();
+ if (!list.length) throw new Error(`no profiles found in ${dir}`);
+ return path.join(dir, list[0]);
+};
+const verifyOpenSSL = (signed: string, ca: string, out: string, cwd: string) =>
+ openssl(
+ [
+ 'cms',
+ '-verify',
+ '-binary',
+ '-inform',
+ 'DER',
+ '-in',
+ signed,
+ '-CAfile',
+ ca,
+ '-purpose',
+ 'any',
+ '-out',
+ out,
+ ],
+ cwd
+ );
+
+describe('sign.ts parity', () => {
+ it('matches OpenSSL detached content/certs and verifies in both implementations', () => {
+ opensslUsable();
+ const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-sign-parity-'));
+ try {
+ const { signerPem, signerKey, chainPem, rootPem } = genCerts(dir);
+ const profile = firstProfile();
+ const tsInput = path.join(dir, 'in.ts.mobileconfig');
+ const osInput = path.join(dir, 'in.ossl.mobileconfig');
+ fs.copyFileSync(profile, tsInput);
+ fs.copyFileSync(profile, osInput);
+ execFileSync(
+ 'node',
+ [scriptSign, '--ca', signerPem, '--priv_key', signerKey, '--chain', chainPem, tsInput],
+ {
+ stdio: 'pipe',
+ cwd: dir,
+ }
+ );
+ execFileSync(
+ scriptOpenSSL,
+ ['--ca', signerPem, '--priv_key', signerKey, '--chain', chainPem, osInput],
+ {
+ stdio: 'pipe',
+ cwd: dir,
+ }
+ );
+ const tsSigned = tsInput.replace(/\.mobileconfig$/, '.signed.mobileconfig');
+ const osSigned = osInput.replace(/\.mobileconfig$/, '.signed.mobileconfig');
+ const tsDer = fs.readFileSync(tsSigned);
+ const osDer = fs.readFileSync(osSigned);
+ const tsDetached = CMS.detach(new Uint8Array(tsDer), { allowBER: true });
+ const osDetached = CMS.detach(new Uint8Array(osDer), { allowBER: true });
+ deepStrictEqual(
+ Buffer.from(tsDetached.content).toString('hex'),
+ Buffer.from(osDetached.content).toString('hex')
+ );
+ deepStrictEqual(tsDetached.certs, osDetached.certs);
+ const now = Date.now();
+ CMS.verify(new Uint8Array(tsDer), { allowBER: true, checkSignatures: true, time: now });
+ CMS.verify(new Uint8Array(osDer), { allowBER: true, checkSignatures: true, time: now });
+ const outTs = path.join(dir, 'verify.ts.out.mobileconfig');
+ const outOs = path.join(dir, 'verify.ossl.out.mobileconfig');
+ verifyOpenSSL(tsSigned, rootPem, outTs, dir);
+ verifyOpenSSL(osSigned, rootPem, outOs, dir);
+ deepStrictEqual(fs.readFileSync(outTs), fs.readFileSync(profile));
+ deepStrictEqual(fs.readFileSync(outOs), fs.readFileSync(profile));
+ } finally {
+ fs.rmSync(dir, { recursive: true, force: true });
+ }
+ });
+});
diff --git a/src/scripts/sign-single.ts b/src/scripts/sign-single.ts
new file mode 100644
index 0000000..514dd38
--- /dev/null
+++ b/src/scripts/sign-single.ts
@@ -0,0 +1,59 @@
+#!/usr/bin/env node
+import { CMS } from 'micro-key-producer/x509.js';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { SIGN_OPTS } from './build.ts';
+
+export type SignArgs = { ca: string; priv_key: string; chain?: string; input: string };
+
+const usage = () => {
+ console.error(
+ 'usage: node sign-single.ts --ca --priv_key [--chain ] '
+ );
+ process.exit(1);
+};
+
+const parse = (argv: string[]): SignArgs => {
+ const args: Record = {};
+ const rest: string[] = [];
+ for (let i = 0; i < argv.length; i++) {
+ const a = argv[i];
+ if (!a.startsWith('--')) {
+ rest.push(a);
+ continue;
+ }
+ const k = a.slice(2);
+ const v = argv[++i];
+ if (!v || v.startsWith('--')) usage();
+ args[k] = v;
+ }
+ if (!args.ca || !args.priv_key || rest.length !== 1) usage();
+ return { ca: args.ca, priv_key: args.priv_key, chain: args.chain, input: rest[0] };
+};
+
+export const outPath = (file: string) =>
+ file.endsWith('.mobileconfig')
+ ? file.slice(0, -'.mobileconfig'.length) + '.signed.mobileconfig'
+ : `${file}.signed.mobileconfig`;
+
+export const signFile = (a: SignArgs): string => {
+ for (const f of [a.ca, a.priv_key, a.input])
+ if (!fs.existsSync(f)) throw new Error(`missing file: ${f}`);
+ if (a.chain && !fs.existsSync(a.chain)) throw new Error(`missing file: ${a.chain}`);
+ const content = new Uint8Array(fs.readFileSync(a.input));
+ const cert = fs.readFileSync(a.ca, 'utf8');
+ const key = fs.readFileSync(a.priv_key, 'utf8');
+ const chain = a.chain ? fs.readFileSync(a.chain, 'utf8') : '';
+ const compact = CMS.compact.sign(content, cert, key, SIGN_OPTS);
+ const signed = CMS.compact.build(content, compact, cert, chain, SIGN_OPTS);
+ const out = outPath(a.input);
+ fs.writeFileSync(out, signed);
+ return out;
+};
+
+const __filename = fileURLToPath(import.meta.url);
+if (process.argv[1] && path.resolve(process.argv[1]) === __filename) {
+ const out = signFile(parse(process.argv.slice(2)));
+ console.log(out);
+}
diff --git a/src/scripts/sign.ts b/src/scripts/sign.ts
new file mode 100644
index 0000000..271b619
--- /dev/null
+++ b/src/scripts/sign.ts
@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+import { bytesToHex } from '@noble/hashes/utils.js';
+import { CMS } from 'micro-key-producer/x509.js';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { SIGN_OPTS, genProfile, getProfiles, getVariants, type Provider } from './build.ts';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const ROOT = path.join(__dirname, '..', '..');
+const SRC = path.join(ROOT, 'src');
+const CERT_PEM = path.join(SRC, 'certificates', 'cert.pem');
+const CHAIN_PEM = path.join(SRC, 'certificates', 'chain.pem');
+const DEFAULT_PRIVKEY_PEM = path.join(SRC, 'certificates', 'privkey.pem');
+const USAGE = `sign.ts [path/to/privkey.pem]
+expects:
+- certificates/cert.pem
+- certificates/chain.pem
+- certificates/privkey.pem (default; OR specify path in first arg)`;
+
+const loadFiles = () =>
+ fs
+ .readdirSync(SRC)
+ .filter((f) => f.endsWith('.json'))
+ .sort()
+ .map((file) => {
+ const m = /^(\d+)-(.+)\.json$/.exec(file);
+ if (!m) throw new Error(`bad provider file name: ${file} (expected NN-slug.json)`);
+ const ord = Number(m[1]);
+ if (!Number.isSafeInteger(ord)) throw new Error(`bad numeric prefix in ${file}`);
+ return { file, ord, slug: m[2] };
+ })
+ .sort((a, b) => a.ord - b.ord || a.slug.localeCompare(b.slug));
+
+const main = () => {
+ const privkeyPem = process.argv[2] || DEFAULT_PRIVKEY_PEM;
+ for (const fp of [privkeyPem, CERT_PEM, CHAIN_PEM])
+ if (!fs.existsSync(fp)) throw new Error(USAGE);
+ const key = fs.readFileSync(privkeyPem, 'utf8');
+ const cert = fs.readFileSync(CERT_PEM, 'utf8');
+ const chain = fs.readFileSync(CHAIN_PEM, 'utf8');
+ const enc = new TextEncoder();
+ let updated = 0;
+ for (const { file, slug } of loadFiles()) {
+ const full = path.join(SRC, file);
+ const provider = JSON.parse(fs.readFileSync(full, 'utf8')) as Provider;
+ const variants = getVariants(slug, provider);
+ let changed = false;
+ for (const [variantName, variant] of Object.entries(variants)) {
+ const base = `${slug}-${variantName}`;
+ const profiles = getProfiles(base, variant);
+ for (const [profileName, profile] of Object.entries(profiles)) {
+ const xml = genProfile(profileName, profile);
+ const compact = CMS.compact.sign(enc.encode(xml), cert, key, SIGN_OPTS);
+ const signed = CMS.compact.build(enc.encode(xml), compact, cert, chain, SIGN_OPTS);
+ CMS.verify(signed, { allowBER: true, checkSignatures: true, time: Date.now() });
+ const sigHex = bytesToHex(compact);
+ const protocol = profile.protocol;
+ if (!provider.variants[variantName][protocol]) continue;
+ if (provider.variants[variantName][protocol]!.signature !== sigHex) {
+ provider.variants[variantName][protocol]!.signature = sigHex;
+ changed = true;
+ }
+ }
+ }
+ if (!changed) continue;
+ fs.writeFileSync(full, `${JSON.stringify(provider, undefined, 4)}\n`);
+ updated++;
+ console.log(`Updated ${file}`);
+ }
+ console.log(`Updated providers: ${updated}`);
+};
+
+main();