From 86af2090f51f5bd28b07c69f433b611cbe725e47 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sat, 28 Feb 2026 13:14:52 +0000 Subject: [PATCH] Refactor repository, add more scripts, merge similar profiles --- .gitignore | 6 +- README.cmn-CN.md | 356 ++++---- README.cmn-TW.md | 356 ++++---- README.md | 365 +++++---- certs/.gitkeep | 0 package.json | 11 +- ...econfig => 360-default-https.mobileconfig} | 17 +- profiles/adguard-default-https.mobileconfig | 11 +- profiles/adguard-default-tls.mobileconfig | 11 +- profiles/adguard-family-https.mobileconfig | 11 +- profiles/adguard-family-tls.mobileconfig | 11 +- profiles/adguard-nofilter-https.mobileconfig | 11 +- profiles/adguard-nofilter-tls.mobileconfig | 11 +- ...ig => alekberg-default-https.mobileconfig} | 17 +- ...fig => alibaba-default-https.mobileconfig} | 17 +- ...onfig => alibaba-default-tls.mobileconfig} | 17 +- .../blahdns-cdn-adblock-https.mobileconfig | 11 +- .../blahdns-cdn-unfiltered-https.mobileconfig | 11 +- profiles/blahdns-germany-https.mobileconfig | 11 +- profiles/blahdns-singapore-https.mobileconfig | 11 +- .../canadianshield-family-https.mobileconfig | 11 +- .../canadianshield-family-tls.mobileconfig | 11 +- .../canadianshield-private-https.mobileconfig | 11 +- .../canadianshield-private-tls.mobileconfig | 11 +- ...anadianshield-protected-https.mobileconfig | 11 +- .../canadianshield-protected-tls.mobileconfig | 11 +- .../cleanbrowsing-adult-https.mobileconfig | 9 +- profiles/cleanbrowsing-adult-tls.mobileconfig | 9 +- .../cleanbrowsing-family-https.mobileconfig | 9 +- .../cleanbrowsing-family-tls.mobileconfig | 9 +- .../cleanbrowsing-security-https.mobileconfig | 9 +- .../cleanbrowsing-security-tls.mobileconfig | 9 +- ... => cloudflare-default-https.mobileconfig} | 17 +- ...ig => cloudflare-default-tls.mobileconfig} | 17 +- profiles/cloudflare-family-https.mobileconfig | 11 +- .../cloudflare-malware-https.mobileconfig | 11 +- ...nfig => dns4eu-default-https.mobileconfig} | 13 +- ...config => dns4eu-default-tls.mobileconfig} | 15 +- profiles/dns4eu-malware-https.mobileconfig | 7 +- profiles/dns4eu-malware-tls.mobileconfig | 9 +- .../dns4eu-protective-ads-https.mobileconfig | 7 +- .../dns4eu-protective-ads-tls.mobileconfig | 9 +- ...eu-protective-child-ads-https.mobileconfig | 9 +- ...s4eu-protective-child-ads-tls.mobileconfig | 9 +- ...dns4eu-protective-child-https.mobileconfig | 7 +- .../dns4eu-protective-child-tls.mobileconfig | 9 +- ...nfig => dnspod-default-https.mobileconfig} | 17 +- ...config => dnspod-default-tls.mobileconfig} | 17 +- ...econfig => fdn-default-https.mobileconfig} | 15 +- ...ileconfig => fdn-default-tls.mobileconfig} | 13 +- ...g => ffmuc-dns-default-https.mobileconfig} | 15 +- ...fig => ffmuc-dns-default-tls.mobileconfig} | 15 +- ...nfig => google-default-https.mobileconfig} | 17 +- ...config => google-default-tls.mobileconfig} | 17 +- ...g => keweondns-default-https.mobileconfig} | 17 +- ...fig => keweondns-default-tls.mobileconfig} | 17 +- profiles/mullvad-adblock-https.mobileconfig | 11 +- ...fig => mullvad-default-https.mobileconfig} | 17 +- ...fig => opendns-default-https.mobileconfig} | 17 +- profiles/opendns-family-https.mobileconfig | 11 +- profiles/quad9-ECS-https.mobileconfig | 11 +- profiles/quad9-ECS-tls.mobileconfig | 11 +- ...onfig => quad9-default-https.mobileconfig} | 13 +- ...econfig => quad9-default-tls.mobileconfig} | 15 +- profiles/quad9-nofilter-https.mobileconfig | 11 +- profiles/quad9-nofilter-tls.mobileconfig | 11 +- ...late-on-demand-default-https.mobileconfig} | 17 +- ...fig => tiarapp-default-https.mobileconfig} | 15 +- ...onfig => tiarapp-default-tls.mobileconfig} | 15 +- scripts/build.ts | 771 ------------------ scripts/sign.ts | 108 --- ...econfig => 360-default-https.mobileconfig} | Bin 4072 -> 4148 bytes signed/adguard-default-https.mobileconfig | Bin 4136 -> 4269 bytes signed/adguard-default-tls.mobileconfig | Bin 4109 -> 4245 bytes signed/adguard-family-https.mobileconfig | Bin 4182 -> 4329 bytes signed/adguard-family-tls.mobileconfig | Bin 4158 -> 4303 bytes signed/adguard-nofilter-https.mobileconfig | Bin 4137 -> 4280 bytes signed/adguard-nofilter-tls.mobileconfig | Bin 4114 -> 4253 bytes ...ig => alekberg-default-https.mobileconfig} | Bin 4266 -> 4278 bytes ...fig => alibaba-default-https.mobileconfig} | Bin 4076 -> 4207 bytes ...onfig => alibaba-default-tls.mobileconfig} | Bin 4053 -> 4182 bytes signed/blahdns-cdn-adblock-https.mobileconfig | Bin 4189 -> 4164 bytes .../blahdns-cdn-unfiltered-https.mobileconfig | Bin 4202 -> 4148 bytes signed/blahdns-germany-https.mobileconfig | Bin 4262 -> 4283 bytes signed/blahdns-singapore-https.mobileconfig | Bin 4272 -> 4291 bytes .../canadianshield-family-https.mobileconfig | Bin 4152 -> 4340 bytes signed/canadianshield-family-tls.mobileconfig | Bin 4127 -> 4312 bytes .../canadianshield-private-https.mobileconfig | Bin 4153 -> 4298 bytes .../canadianshield-private-tls.mobileconfig | Bin 4128 -> 4271 bytes ...anadianshield-protected-https.mobileconfig | Bin 4157 -> 4339 bytes .../canadianshield-protected-tls.mobileconfig | Bin 4129 -> 4312 bytes signed/cleanbrowsing-adult-https.mobileconfig | Bin 4182 -> 4275 bytes signed/cleanbrowsing-adult-tls.mobileconfig | Bin 4165 -> 4254 bytes .../cleanbrowsing-family-https.mobileconfig | Bin 4190 -> 4288 bytes signed/cleanbrowsing-family-tls.mobileconfig | Bin 4170 -> 4268 bytes .../cleanbrowsing-security-https.mobileconfig | Bin 4196 -> 4271 bytes .../cleanbrowsing-security-tls.mobileconfig | Bin 4175 -> 4247 bytes ... => cloudflare-default-https.mobileconfig} | Bin 4113 -> 4223 bytes ...ig => cloudflare-default-tls.mobileconfig} | Bin 4085 -> 4190 bytes signed/cloudflare-family-https.mobileconfig | Bin 4141 -> 4303 bytes signed/cloudflare-malware-https.mobileconfig | Bin 4165 -> 4298 bytes ...nfig => dns4eu-default-https.mobileconfig} | Bin 4127 -> 4211 bytes ...config => dns4eu-default-tls.mobileconfig} | Bin 4106 -> 4182 bytes signed/dns4eu-malware-https.mobileconfig | Bin 4166 -> 4265 bytes signed/dns4eu-malware-tls.mobileconfig | Bin 4144 -> 4238 bytes .../dns4eu-protective-ads-https.mobileconfig | Bin 4214 -> 4319 bytes signed/dns4eu-protective-ads-tls.mobileconfig | Bin 4191 -> 4292 bytes ...eu-protective-child-ads-https.mobileconfig | Bin 4319 -> 4455 bytes ...s4eu-protective-child-ads-tls.mobileconfig | Bin 4295 -> 4428 bytes ...dns4eu-protective-child-https.mobileconfig | Bin 4252 -> 4371 bytes .../dns4eu-protective-child-tls.mobileconfig | Bin 4229 -> 4345 bytes ...nfig => dnspod-default-https.mobileconfig} | Bin 3996 -> 4152 bytes signed/dnspod-default-tls.mobileconfig | Bin 0 -> 4125 bytes ...econfig => fdn-default-https.mobileconfig} | Bin 4092 -> 4160 bytes ...ileconfig => fdn-default-tls.mobileconfig} | Bin 4063 -> 4129 bytes ...g => ffmuc-dns-default-https.mobileconfig} | Bin 4110 -> 4216 bytes ...fig => ffmuc-dns-default-tls.mobileconfig} | Bin 4085 -> 4189 bytes ...nfig => google-default-https.mobileconfig} | Bin 4098 -> 4205 bytes ...config => google-default-tls.mobileconfig} | Bin 4073 -> 4177 bytes ...g => keweondns-default-https.mobileconfig} | Bin 3916 -> 4003 bytes ...fig => keweondns-default-tls.mobileconfig} | Bin 3971 -> 3976 bytes signed/keweondns-tls.mobileconfig | Bin 3898 -> 0 bytes signed/mullvad-adblock-https.mobileconfig | Bin 4038 -> 4181 bytes ...fig => mullvad-default-https.mobileconfig} | Bin 4013 -> 4114 bytes ...fig => opendns-default-https.mobileconfig} | Bin 3913 -> 4010 bytes signed/opendns-family-https.mobileconfig | Bin 3954 -> 4077 bytes signed/quad9-ECS-https.mobileconfig | Bin 4129 -> 4219 bytes signed/quad9-ECS-tls.mobileconfig | Bin 4106 -> 4193 bytes ...onfig => quad9-default-https.mobileconfig} | Bin 4086 -> 4171 bytes ...econfig => quad9-default-tls.mobileconfig} | Bin 4064 -> 4147 bytes signed/quad9-nofilter-https.mobileconfig | Bin 4132 -> 4204 bytes signed/quad9-nofilter-tls.mobileconfig | Bin 4109 -> 4178 bytes ...late-on-demand-default-https.mobileconfig} | Bin 4493 -> 4639 bytes ...fig => tiarapp-default-https.mobileconfig} | Bin 3899 -> 4016 bytes ...onfig => tiarapp-default-tls.mobileconfig} | Bin 3875 -> 3989 bytes src/00-360.json | 28 +- src/01-adguard-default.json | 35 - src/01-adguard.json | 96 +++ src/02-adguard-family.json | 35 - src/02-alekberg.json | 28 + src/03-adguard-nofilter.json | 35 - src/03-alibaba.json | 33 + src/04-alekberg.json | 31 - src/04-blahdns.json | 91 +++ src/05-alibaba.json | 39 - src/05-canadianshield.json | 90 ++ src/06-blahdns-cdn-adblock.json | 27 - src/06-cleanbrowsing.json | 88 ++ src/07-blahdns-cdn-unfiltered.json | 26 - src/07-cloudflare.json | 78 ++ src/08-blahdns-germany.json | 30 - src/08-dns4eu.json | 122 +++ src/09-blahdns-singapore.json | 30 - src/09-dnspod.json | 31 + src/10-canadianshield-private.json | 35 - src/10-fdn.json | 31 + src/11-canadianshield-protected.json | 34 - src/11-ffmuc-dns.json | 29 + src/12-canadianshield-family.json | 34 - src/12-google.json | 33 + src/13-cleanbrowsing-family.json | 37 - src/13-keweondns.json | 25 + src/14-cleanbrowsing-adult.json | 36 - src/14-mullvad.json | 45 + src/15-cleanbrowsing-security.json | 36 - src/15-opendns.json | 43 + src/16-cloudflare.json | 33 - src/16-quad9.json | 84 ++ src/17-cloudflare-malware.json | 29 - src/17-tiarapp.json | 28 + src/18-cloudflare-family.json | 31 - src/19-dnspod.json | 33 - src/20-fdn.json | 35 - src/21-google.json | 37 - src/22-keweondns.json | 33 - src/23-mullvad.json | 25 - src/24-mullvad-adblock.json | 27 - src/25-opendns.json | 24 - src/26-opendns-family.json | 24 - src/27-quad9.json | 34 - src/28-quad9-ECS.json | 38 - src/29-quad9-nofilter.json | 36 - src/30-tiarapp.json | 31 - src/31-dns4eu.json | 34 - src/32-dns4eu-malware.json | 36 - src/33-dns4eu-protective-ads.json | 36 - src/34-dns4eu-protective-child.json | 36 - src/35-dns4eu-protective-child-ads.json | 34 - src/36-ffmuc-dns.json | 34 - src/99-template-on-demand.json | 57 +- {src-languages => src/languages}/01-en.json | 0 {src-languages => src/languages}/01-en.md | 9 +- .../languages}/02-cmn-CN.json | 0 {src-languages => src/languages}/02-cmn-CN.md | 0 .../languages}/03-cmn-TW.json | 0 {src-languages => src/languages}/03-cmn-TW.md | 0 src/scripts/build.ts | 557 +++++++++++++ src/scripts/check-fields.ts | 112 +++ src/scripts/new.test.ts | 323 ++++++++ {scripts => src/scripts}/new.ts | 142 +--- src/scripts/sign-single-openssl.sh | 62 ++ src/scripts/sign-single.test.ts | 162 ++++ src/scripts/sign-single.ts | 59 ++ src/scripts/sign.ts | 75 ++ 204 files changed, 3453 insertions(+), 3044 deletions(-) delete mode 100644 certs/.gitkeep rename profiles/{360-https.mobileconfig => 360-default-https.mobileconfig} (68%) rename profiles/{alekberg-https.mobileconfig => alekberg-default-https.mobileconfig} (70%) rename profiles/{alibaba-https.mobileconfig => alibaba-default-https.mobileconfig} (69%) rename profiles/{alibaba-tls.mobileconfig => alibaba-default-tls.mobileconfig} (69%) rename profiles/{cloudflare-https.mobileconfig => cloudflare-default-https.mobileconfig} (70%) rename profiles/{cloudflare-tls.mobileconfig => cloudflare-default-tls.mobileconfig} (69%) rename profiles/{dns4eu-https.mobileconfig => dns4eu-default-https.mobileconfig} (78%) rename profiles/{dns4eu-tls.mobileconfig => dns4eu-default-tls.mobileconfig} (74%) rename profiles/{dnspod-https.mobileconfig => dnspod-default-https.mobileconfig} (67%) rename profiles/{dnspod-tls.mobileconfig => dnspod-default-tls.mobileconfig} (67%) rename profiles/{fdn-https.mobileconfig => fdn-default-https.mobileconfig} (74%) rename profiles/{fdn-tls.mobileconfig => fdn-default-tls.mobileconfig} (78%) rename profiles/{ffmucdns-https.mobileconfig => ffmuc-dns-default-https.mobileconfig} (74%) rename profiles/{ffmucdns-tls.mobileconfig => ffmuc-dns-default-tls.mobileconfig} (74%) rename profiles/{google-https.mobileconfig => google-default-https.mobileconfig} (70%) rename profiles/{google-tls.mobileconfig => google-default-tls.mobileconfig} (70%) rename profiles/{keweondns-https.mobileconfig => keweondns-default-https.mobileconfig} (66%) rename profiles/{keweondns-tls.mobileconfig => keweondns-default-tls.mobileconfig} (66%) rename profiles/{mullvad-https.mobileconfig => mullvad-default-https.mobileconfig} (69%) rename profiles/{opendns-https.mobileconfig => opendns-default-https.mobileconfig} (66%) rename profiles/{quad9-https.mobileconfig => quad9-default-https.mobileconfig} (77%) rename profiles/{quad9-tls.mobileconfig => quad9-default-tls.mobileconfig} (73%) rename profiles/{template-on-demand.mobileconfig => template-on-demand-default-https.mobileconfig} (73%) rename profiles/{tiarapp-https.mobileconfig => tiarapp-default-https.mobileconfig} (70%) rename profiles/{tiarapp-tls.mobileconfig => tiarapp-default-tls.mobileconfig} (70%) delete mode 100755 scripts/build.ts delete mode 100755 scripts/sign.ts rename signed/{360-https.mobileconfig => 360-default-https.mobileconfig} (81%) rename signed/{alekberg-https.mobileconfig => alekberg-default-https.mobileconfig} (80%) rename signed/{alibaba-https.mobileconfig => alibaba-default-https.mobileconfig} (80%) rename signed/{alibaba-tls.mobileconfig => alibaba-default-tls.mobileconfig} (81%) rename signed/{cloudflare-https.mobileconfig => cloudflare-default-https.mobileconfig} (80%) rename signed/{cloudflare-tls.mobileconfig => cloudflare-default-tls.mobileconfig} (80%) rename signed/{dns4eu-https.mobileconfig => dns4eu-default-https.mobileconfig} (84%) rename signed/{dns4eu-tls.mobileconfig => dns4eu-default-tls.mobileconfig} (82%) rename signed/{dnspod-https.mobileconfig => dnspod-default-https.mobileconfig} (78%) create mode 100644 signed/dnspod-default-tls.mobileconfig rename signed/{fdn-https.mobileconfig => fdn-default-https.mobileconfig} (83%) rename signed/{fdn-tls.mobileconfig => fdn-default-tls.mobileconfig} (83%) rename signed/{ffmucdns-https.mobileconfig => ffmuc-dns-default-https.mobileconfig} (81%) rename signed/{ffmucdns-tls.mobileconfig => ffmuc-dns-default-tls.mobileconfig} (82%) rename signed/{google-https.mobileconfig => google-default-https.mobileconfig} (80%) rename signed/{google-tls.mobileconfig => google-default-tls.mobileconfig} (81%) rename signed/{keweondns-https.mobileconfig => keweondns-default-https.mobileconfig} (79%) rename signed/{dnspod-tls.mobileconfig => keweondns-default-tls.mobileconfig} (80%) delete mode 100644 signed/keweondns-tls.mobileconfig rename signed/{mullvad-https.mobileconfig => mullvad-default-https.mobileconfig} (80%) rename signed/{opendns-https.mobileconfig => opendns-default-https.mobileconfig} (80%) rename signed/{quad9-https.mobileconfig => quad9-default-https.mobileconfig} (85%) rename signed/{quad9-tls.mobileconfig => quad9-default-tls.mobileconfig} (82%) rename signed/{template-on-demand.mobileconfig => template-on-demand-default-https.mobileconfig} (81%) rename signed/{tiarapp-https.mobileconfig => tiarapp-default-https.mobileconfig} (81%) rename signed/{tiarapp-tls.mobileconfig => tiarapp-default-tls.mobileconfig} (81%) delete mode 100644 src/01-adguard-default.json create mode 100644 src/01-adguard.json delete mode 100644 src/02-adguard-family.json create mode 100644 src/02-alekberg.json delete mode 100644 src/03-adguard-nofilter.json create mode 100644 src/03-alibaba.json delete mode 100644 src/04-alekberg.json create mode 100644 src/04-blahdns.json delete mode 100644 src/05-alibaba.json create mode 100644 src/05-canadianshield.json delete mode 100644 src/06-blahdns-cdn-adblock.json create mode 100644 src/06-cleanbrowsing.json delete mode 100644 src/07-blahdns-cdn-unfiltered.json create mode 100644 src/07-cloudflare.json delete mode 100644 src/08-blahdns-germany.json create mode 100644 src/08-dns4eu.json delete mode 100644 src/09-blahdns-singapore.json create mode 100644 src/09-dnspod.json delete mode 100644 src/10-canadianshield-private.json create mode 100644 src/10-fdn.json delete mode 100644 src/11-canadianshield-protected.json create mode 100644 src/11-ffmuc-dns.json delete mode 100644 src/12-canadianshield-family.json create mode 100644 src/12-google.json delete mode 100644 src/13-cleanbrowsing-family.json create mode 100644 src/13-keweondns.json delete mode 100644 src/14-cleanbrowsing-adult.json create mode 100644 src/14-mullvad.json delete mode 100644 src/15-cleanbrowsing-security.json create mode 100644 src/15-opendns.json delete mode 100644 src/16-cloudflare.json create mode 100644 src/16-quad9.json delete mode 100644 src/17-cloudflare-malware.json create mode 100644 src/17-tiarapp.json delete mode 100644 src/18-cloudflare-family.json delete mode 100644 src/19-dnspod.json delete mode 100644 src/20-fdn.json delete mode 100644 src/21-google.json delete mode 100644 src/22-keweondns.json delete mode 100644 src/23-mullvad.json delete mode 100644 src/24-mullvad-adblock.json delete mode 100644 src/25-opendns.json delete mode 100644 src/26-opendns-family.json delete mode 100644 src/27-quad9.json delete mode 100644 src/28-quad9-ECS.json delete mode 100644 src/29-quad9-nofilter.json delete mode 100644 src/30-tiarapp.json delete mode 100644 src/31-dns4eu.json delete mode 100644 src/32-dns4eu-malware.json delete mode 100644 src/33-dns4eu-protective-ads.json delete mode 100644 src/34-dns4eu-protective-child.json delete mode 100644 src/35-dns4eu-protective-child-ads.json delete mode 100644 src/36-ffmuc-dns.json rename {src-languages => src/languages}/01-en.json (100%) rename {src-languages => src/languages}/01-en.md (88%) rename {src-languages => src/languages}/02-cmn-CN.json (100%) rename {src-languages => src/languages}/02-cmn-CN.md (100%) rename {src-languages => src/languages}/03-cmn-TW.json (100%) rename {src-languages => src/languages}/03-cmn-TW.md (100%) create mode 100644 src/scripts/build.ts create mode 100755 src/scripts/check-fields.ts create mode 100644 src/scripts/new.test.ts rename {scripts => src/scripts}/new.ts (63%) create mode 100755 src/scripts/sign-single-openssl.sh create mode 100644 src/scripts/sign-single.test.ts create mode 100644 src/scripts/sign-single.ts create mode 100644 src/scripts/sign.ts diff --git a/.gitignore b/.gitignore index 457fe79..bed6624 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1 @@ -certs/cert.pem -certs/chain.pem -certs/fullchain.pem -certs/privkey.pem -certs/README +/src/certificates diff --git a/README.cmn-CN.md b/README.cmn-CN.md index 3377d83..210613a 100644 --- a/README.cmn-CN.md +++ b/README.cmn-CN.md @@ -19,45 +19,45 @@ “`审查=是`”表示描述文件不会发送某些主机“`主机名=IP`”关系的真实信息。 -| 名称 | 区域 | 审查 | 备注 | 安装 | 安装 (未签名) | -| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | -| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 数字安全集团运营 | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] | -| [AdGuard DNS 默认][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站 | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] | -| [AdGuard DNS 家庭保护][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容 | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] | -| [AdGuard DNS 无过滤][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 运营,无过滤 | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] | -| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由个人提供 | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] | -| [阿里云公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里云计算运营 | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] | -| [BlahDNS CDN 过滤][blahdns] | 🇺🇸 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] | -| [BlahDNS CDN 无过滤][blahdns] | 🇺🇸 | 否 | 由个人提供,无过滤 | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] | -| [BlahDNS 德国][blahdns] | 🇩🇪 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] | -| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] | -| [Canadian Shield 私人][canadian-shield] | 🇨🇦 | 否 | 由加拿大互联网注册管理局 (CIRA) 运营 | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] | -| [Canadian Shield 保护][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件和钓鱼网站 | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] | -| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] | -| [Cleanbrowsing 家庭过滤器][cleanbrowsing] | 🇺🇸 | 是 | 过滤恶意软件、成人内容和混合内容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] | -| [Cleanbrowsing 成人过滤器][cleanbrowsing] | 🇺🇸 | 是 | 过滤恶意软件和成人内容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] | -| [Cleanbrowsing 安全过滤器][cleanbrowsing] | 🇺🇸 | 是 | 过滤恶意软件 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] | -| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 公司运营 | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] | -| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件和钓鱼网站 | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] | -| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] | -| [DNS4EU][dns4eu] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-profile-https-signed], [TLS][dns4eu-profile-tls-signed] | [HTTPS][dns4eu-profile-https], [TLS][dns4eu-profile-tls] | -| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-profile-malware-https-signed], [TLS][dns4eu-profile-malware-tls-signed] | [HTTPS][dns4eu-profile-malware-https], [TLS][dns4eu-profile-malware-tls] | -| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-profile-protective-ads-https-signed], [TLS][dns4eu-profile-protective-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-ads-https], [TLS][dns4eu-profile-protective-ads-tls] | -| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-profile-protective-child-https-signed], [TLS][dns4eu-profile-protective-child-tls-signed] | [HTTPS][dns4eu-profile-protective-child-https], [TLS][dns4eu-profile-protective-child-tls] | -| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-profile-protective-child-ads-https-signed], [TLS][dns4eu-profile-protective-child-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] | -| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由腾讯公司 DNSPod 运营 | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] | -| [FDN][fdn-dns] | 🇫🇷 | 否 | 由法国数据网络运营 | [HTTPS][fdn-https-signed], [TLS][fdn-tls-signed] | [HTTPS][fdn-https], [TLS][fdn-tls] | -| [FFMUC-DNS][ffmucdns] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-profile-https-signed], [TLS][ffmuc-profile-tls-signed] | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] | -| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌公司运营 | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] | -| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex 运营,拦截广告和跟踪器 | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] | -| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营 | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] | -| [Mullvad DNS 广告拦截][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营,拦截广告和跟踪器 | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] | -| [OpenDNS 标准版][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 运营 | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] | -| [OpenDNS 家庭盾][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 运营,拦截恶意软件和成人内容 | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] | -| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,拦截恶意软件 | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] | -| [Quad9 带 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金会运营,支持 ECS,拦截恶意软件 | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] | -| [Quad9 无过滤][quad9] | 🇨🇭 | 否 | 由 Quad9 基金会运营 | [HTTPS][quad9-profile-unfiltered-https-signed], [TLS][quad9-profile-unfiltered-tls-signed] | [HTTPS][quad9-profile-unfiltered-https], [TLS][quad9-profile-unfiltered-tls] | -| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件 | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] | +| 名称 | 区域 | 审查 | 备注 | 安装 | 安装 (未签名) | +| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- | +| [360 安全 DNS][360-default] | 🇨🇳 | 是 | 由 360 数字安全集团运营 | [HTTPS][360-default-https-signed] | [HTTPS][360-default-https] | +| [AdGuard DNS 默认][adguard-default] | 🇷🇺 | 是 | 由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站 | [HTTPS][adguard-default-https-signed], [TLS][adguard-default-tls-signed] | [HTTPS][adguard-default-https], [TLS][adguard-default-tls] | +| [AdGuard DNS 家庭保护][adguard-family] | 🇷🇺 | 是 | 由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容 | [HTTPS][adguard-family-https-signed], [TLS][adguard-family-tls-signed] | [HTTPS][adguard-family-https], [TLS][adguard-family-tls] | +| [AdGuard DNS 无过滤][adguard-nofilter] | 🇷🇺 | 否 | 由 AdGuard 运营,无过滤 | [HTTPS][adguard-nofilter-https-signed], [TLS][adguard-nofilter-tls-signed] | [HTTPS][adguard-nofilter-https], [TLS][adguard-nofilter-tls] | +| [Alekberg 加密 DNS][alekberg-default] | 🇳🇱 | 否 | 由个人提供 | [HTTPS][alekberg-default-https-signed] | [HTTPS][alekberg-default-https] | +| [阿里云公共 DNS][alibaba-default] | 🇨🇳 | 否 | 由阿里云计算运营 | [HTTPS][alibaba-default-https-signed], [TLS][alibaba-default-tls-signed] | [HTTPS][alibaba-default-https], [TLS][alibaba-default-tls] | +| [BlahDNS CDN 过滤][blahdns-cdn-adblock] | 🇺🇸 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-cdn-adblock-https-signed] | [HTTPS][blahdns-cdn-adblock-https] | +| [BlahDNS CDN 无过滤][blahdns-cdn-unfiltered] | 🇺🇸 | 否 | 由个人提供,无过滤 | [HTTPS][blahdns-cdn-unfiltered-https-signed] | [HTTPS][blahdns-cdn-unfiltered-https] | +| [BlahDNS 德国][blahdns-germany] | 🇩🇪 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-germany-https-signed] | [HTTPS][blahdns-germany-https] | +| [BlahDNS 新加坡][blahdns-singapore] | 🇸🇬 | 是 | 由个人提供,拦截广告、跟踪器和恶意软件 | [HTTPS][blahdns-singapore-https-signed] | [HTTPS][blahdns-singapore-https] | +| [Canadian Shield 私人][canadianshield-private] | 🇨🇦 | 否 | 由加拿大互联网注册管理局 (CIRA) 运营 | [HTTPS][canadianshield-private-https-signed], [TLS][canadianshield-private-tls-signed] | [HTTPS][canadianshield-private-https], [TLS][canadianshield-private-tls] | +| [Canadian Shield 保护][canadianshield-protected] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件和钓鱼网站 | [HTTPS][canadianshield-protected-https-signed], [TLS][canadianshield-protected-tls-signed] | [HTTPS][canadianshield-protected-https], [TLS][canadianshield-protected-tls] | +| [Canadian Shield 家庭][canadianshield-family] | 🇨🇦 | 是 | 由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][canadianshield-family-https-signed], [TLS][canadianshield-family-tls-signed] | [HTTPS][canadianshield-family-https], [TLS][canadianshield-family-tls] | +| [Cleanbrowsing 家庭过滤器][cleanbrowsing-family] | 🇺🇸 | 是 | 过滤恶意软件、成人内容和混合内容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] | +| [Cleanbrowsing 成人过滤器][cleanbrowsing-adult] | 🇺🇸 | 是 | 过滤恶意软件和成人内容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] | +| [Cleanbrowsing 安全过滤器][cleanbrowsing-security] | 🇺🇸 | 是 | 过滤恶意软件 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] | +| [Cloudflare 1.1.1.1][cloudflare-default] | 🇺🇸 | 否 | 由 Cloudflare 公司运营 | [HTTPS][cloudflare-default-https-signed], [TLS][cloudflare-default-tls-signed] | [HTTPS][cloudflare-default-https], [TLS][cloudflare-default-tls] | +| [Cloudflare 1.1.1.1 安全][cloudflare-malware] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件和钓鱼网站 | [HTTPS][cloudflare-malware-https-signed] | [HTTPS][cloudflare-malware-https] | +| [Cloudflare 1.1.1.1 家庭][cloudflare-family] | 🇺🇸 | 是 | 由 Cloudflare 公司运营,拦截恶意软件、钓鱼和成人内容 | [HTTPS][cloudflare-family-https-signed] | [HTTPS][cloudflare-family-https] | +| [DNS4EU][dns4eu-default] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-default-https-signed], [TLS][dns4eu-default-tls-signed] | [HTTPS][dns4eu-default-https], [TLS][dns4eu-default-tls] | +| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-malware-https-signed], [TLS][dns4eu-malware-tls-signed] | [HTTPS][dns4eu-malware-https], [TLS][dns4eu-malware-tls] | +| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-protective-ads-https-signed], [TLS][dns4eu-protective-ads-tls-signed] | [HTTPS][dns4eu-protective-ads-https], [TLS][dns4eu-protective-ads-tls] | +| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-protective-child-https-signed], [TLS][dns4eu-protective-child-tls-signed] | [HTTPS][dns4eu-protective-child-https], [TLS][dns4eu-protective-child-tls] | +| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-protective-child-ads-https-signed], [TLS][dns4eu-protective-child-ads-tls-signed] | [HTTPS][dns4eu-protective-child-ads-https], [TLS][dns4eu-protective-child-ads-tls] | +| [DNSPod 公共 DNS][dnspod-default] | 🇨🇳 | 否 | 由腾讯公司 DNSPod 运营 | [HTTPS][dnspod-default-https-signed], [TLS][dnspod-default-tls-signed] | [HTTPS][dnspod-default-https], [TLS][dnspod-default-tls] | +| [FDN][fdn-default] | 🇫🇷 | 否 | 由法国数据网络运营 | [HTTPS][fdn-default-https-signed], [TLS][fdn-default-tls-signed] | [HTTPS][fdn-default-https], [TLS][fdn-default-tls] | +| [FFMUC-DNS][ffmuc-dns-default] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-dns-default-https-signed], [TLS][ffmuc-dns-default-tls-signed] | [HTTPS][ffmuc-dns-default-https], [TLS][ffmuc-dns-default-tls] | +| [Google 公共 DNS][google-default] | 🇺🇸 | 否 | 由谷歌公司运营 | [HTTPS][google-default-https-signed], [TLS][google-default-tls-signed] | [HTTPS][google-default-https], [TLS][google-default-tls] | +| [keweonDNS][keweondns-default] | 🇩🇪 | 否 | 由 Aviontex 运营,拦截广告和跟踪器 | [HTTPS][keweondns-default-https-signed], [TLS][keweondns-default-tls-signed] | [HTTPS][keweondns-default-https], [TLS][keweondns-default-tls] | +| [Mullvad DNS][mullvad-default] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营 | [HTTPS][mullvad-default-https-signed] | [HTTPS][mullvad-default-https] | +| [Mullvad DNS 广告拦截][mullvad-adblock] | 🇸🇪 | 是 | 由 Mullvad VPN AB 运营,拦截广告和跟踪器 | [HTTPS][mullvad-adblock-https-signed] | [HTTPS][mullvad-adblock-https] | +| [OpenDNS 标准版][opendns-default] | 🇺🇸 | 否 | 由思科 OpenDNS 运营 | [HTTPS][opendns-default-https-signed] | [HTTPS][opendns-default-https] | +| [OpenDNS 家庭盾][opendns-family] | 🇺🇸 | 是 | 由思科 OpenDNS 运营,拦截恶意软件和成人内容 | [HTTPS][opendns-family-https-signed] | [HTTPS][opendns-family-https] | +| [Quad9][quad9-default] | 🇨🇭 | 是 | 由 Quad9 基金会运营,拦截恶意软件 | [HTTPS][quad9-default-https-signed], [TLS][quad9-default-tls-signed] | [HTTPS][quad9-default-https], [TLS][quad9-default-tls] | +| [Quad9 带 ECS][quad9-ECS] | 🇨🇭 | 是 | 由 Quad9 基金会运营,支持 ECS,拦截恶意软件 | [HTTPS][quad9-ECS-https-signed], [TLS][quad9-ECS-tls-signed] | [HTTPS][quad9-ECS-https], [TLS][quad9-ECS-tls] | +| [Quad9 无过滤][quad9-nofilter] | 🇨🇭 | 否 | 由 Quad9 基金会运营 | [HTTPS][quad9-nofilter-https-signed], [TLS][quad9-nofilter-tls-signed] | [HTTPS][quad9-nofilter-https], [TLS][quad9-nofilter-tls] | +| [Tiarap][tiarapp-default] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件 | [HTTPS][tiarapp-default-https-signed], [TLS][tiarapp-default-tls-signed] | [HTTPS][tiarapp-default-https], [TLS][tiarapp-default-tls] | ## 安装 @@ -120,152 +120,164 @@ cat /proc/sys/kernel/random/uuid New-Guid ``` -[360-dns]: https://sdns.360.net/dnsPublic.html -[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig -[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default -[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig -[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig -[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection -[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig -[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig -[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering -[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig -[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig -[alekberg-dns]: https://alekberg.net -[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig -[aliyun-dns]: https://www.alidns.com/ -[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig -[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig -[blahdns]: https://blahdns.com/ -[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig -[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig -[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig -[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig -[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses -[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig -[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig -[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig -[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig -[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig -[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig -[cleanbrowsing]: https://cleanbrowsing.org/filters/ +[360-default]: https://sdns.360.net/dnsPublic.html +[360-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-default-https.mobileconfig +[adguard-default]: https://adguard-dns.io/kb/general/dns-providers/#default +[adguard-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig +[adguard-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig +[adguard-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection +[adguard-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig +[adguard-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig +[adguard-nofilter]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering +[adguard-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig +[adguard-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig +[alekberg-default]: https://alekberg.net +[alekberg-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-default-https.mobileconfig +[alibaba-default]: https://www.alidns.com/ +[alibaba-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-https.mobileconfig +[alibaba-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-tls.mobileconfig +[blahdns-cdn-adblock]: https://blahdns.com/ +[blahdns-cdn-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig +[blahdns-cdn-unfiltered]: https://blahdns.com/ +[blahdns-cdn-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig +[blahdns-germany]: https://blahdns.com/ +[blahdns-germany-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig +[blahdns-singapore]: https://blahdns.com/ +[blahdns-singapore-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig +[canadianshield-private]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-private-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig +[canadianshield-private-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig +[canadianshield-protected]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-protected-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig +[canadianshield-protected-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig +[canadianshield-family]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig +[canadianshield-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig +[cleanbrowsing-family]: https://cleanbrowsing.org/filters/ [cleanbrowsing-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig [cleanbrowsing-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig +[cleanbrowsing-adult]: https://cleanbrowsing.org/filters/ [cleanbrowsing-adult-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig [cleanbrowsing-adult-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig +[cleanbrowsing-security]: https://cleanbrowsing.org/filters/ [cleanbrowsing-security-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig [cleanbrowsing-security-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig -[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/ -[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig -[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig -[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig -[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families -[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig -[dnspod-dns]: https://www.dnspod.com/products/public.dns -[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig -[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig -[fdn-dns]: https://www.fdn.fr/actions/dns/ -[fdn-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-https.mobileconfig -[fdn-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-tls.mobileconfig -[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports -[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig -[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig -[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/ -[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-https.mobileconfig -[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-tls.mobileconfig -[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ -[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-https.mobileconfig -[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig -[opendns]: https://support.opendns.com/hc/articles/360038086532 -[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig -[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig -[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ -[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig -[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig -[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig -[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig -[quad9-profile-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig -[quad9-profile-unfiltered-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig -[tiarap]: https://doh.tiar.app -[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig -[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig -[dns4eu]: https://www.joindns4.eu/for-public -[dns4eu-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-https.mobileconfig -[dns4eu-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-tls.mobileconfig +[cloudflare-default]: https://developers.cloudflare.com/1.1.1.1/encryption/ +[cloudflare-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-https.mobileconfig +[cloudflare-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-tls.mobileconfig +[cloudflare-malware]: https://developers.cloudflare.com/1.1.1.1/encryption/ +[cloudflare-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig +[cloudflare-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families +[cloudflare-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig +[dns4eu-default]: https://www.joindns4.eu/for-public +[dns4eu-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-https.mobileconfig +[dns4eu-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-tls.mobileconfig [dns4eu-malware]: https://www.joindns4.eu/for-public -[dns4eu-profile-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig -[dns4eu-profile-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig +[dns4eu-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig +[dns4eu-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig [dns4eu-protective-ads]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig -[dns4eu-profile-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig +[dns4eu-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig +[dns4eu-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig [dns4eu-protective-child]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig -[dns4eu-profile-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig +[dns4eu-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig +[dns4eu-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig [dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig -[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig -[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en -[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig -[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig -[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig -[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig -[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig -[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig -[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig -[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig -[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig -[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig -[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig -[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig -[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig -[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig -[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig -[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig -[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig -[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig -[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig -[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig -[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig -[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig +[dns4eu-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig +[dns4eu-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig +[dnspod-default]: https://www.dnspod.com/products/public.dns +[dnspod-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-https.mobileconfig +[dnspod-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-tls.mobileconfig +[fdn-default]: https://www.fdn.fr/actions/dns/ +[fdn-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-https.mobileconfig +[fdn-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-tls.mobileconfig +[ffmuc-dns-default]: https://ffmuc.net/wiki/knb:dohdot_en +[ffmuc-dns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-https.mobileconfig +[ffmuc-dns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-tls.mobileconfig +[google-default]: https://developers.google.com/speed/public-dns/docs/secure-transports +[google-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-https.mobileconfig +[google-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-tls.mobileconfig +[keweondns-default]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/ +[keweondns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-https.mobileconfig +[keweondns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-tls.mobileconfig +[mullvad-default]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ +[mullvad-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-default-https.mobileconfig +[mullvad-adblock]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ +[mullvad-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig +[opendns-default]: https://support.opendns.com/hc/articles/360038086532 +[opendns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-default-https.mobileconfig +[opendns-family]: https://support.opendns.com/hc/articles/360038086532 +[opendns-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig +[quad9-default]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-https.mobileconfig +[quad9-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-tls.mobileconfig +[quad9-ECS]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-ECS-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig +[quad9-ECS-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig +[quad9-nofilter]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig +[quad9-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig +[tiarapp-default]: https://doh.tiar.app +[tiarapp-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-https.mobileconfig +[tiarapp-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-tls.mobileconfig +[360-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-default-https.mobileconfig +[adguard-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig +[adguard-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig +[adguard-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig +[adguard-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig +[adguard-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig +[adguard-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig +[alekberg-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-default-https.mobileconfig +[alibaba-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-https.mobileconfig +[alibaba-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-tls.mobileconfig +[blahdns-cdn-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig +[blahdns-cdn-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig +[blahdns-germany-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig +[blahdns-singapore-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig +[canadianshield-private-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig +[canadianshield-private-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig +[canadianshield-protected-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig +[canadianshield-protected-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig +[canadianshield-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig +[canadianshield-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig [cleanbrowsing-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-https.mobileconfig [cleanbrowsing-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-tls.mobileconfig [cleanbrowsing-adult-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-https.mobileconfig [cleanbrowsing-adult-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-tls.mobileconfig [cleanbrowsing-security-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-https.mobileconfig [cleanbrowsing-security-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-tls.mobileconfig -[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig -[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig -[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig -[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig -[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig -[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig -[fdn-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-https.mobileconfig -[fdn-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-tls.mobileconfig -[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig -[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig -[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-https.mobileconfig -[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-tls.mobileconfig -[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-https.mobileconfig -[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig -[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig -[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig -[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig -[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig -[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig -[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig -[quad9-profile-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig -[quad9-profile-unfiltered-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig -[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig -[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig -[dns4eu-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-https.mobileconfig -[dns4eu-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-tls.mobileconfig -[dns4eu-profile-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig -[dns4eu-profile-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig -[dns4eu-profile-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig -[dns4eu-profile-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig -[dns4eu-profile-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig -[dns4eu-profile-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig -[dns4eu-profile-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig -[dns4eu-profile-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig -[ffmuc-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-https.mobileconfig -[ffmuc-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-tls.mobileconfig +[cloudflare-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-https.mobileconfig +[cloudflare-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-tls.mobileconfig +[cloudflare-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig +[cloudflare-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig +[dns4eu-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-https.mobileconfig +[dns4eu-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-tls.mobileconfig +[dns4eu-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig +[dns4eu-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig +[dns4eu-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig +[dns4eu-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig +[dns4eu-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig +[dns4eu-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig +[dns4eu-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig +[dns4eu-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig +[dnspod-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-https.mobileconfig +[dnspod-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-tls.mobileconfig +[fdn-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-https.mobileconfig +[fdn-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-tls.mobileconfig +[ffmuc-dns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-https.mobileconfig +[ffmuc-dns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-tls.mobileconfig +[google-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-https.mobileconfig +[google-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-tls.mobileconfig +[keweondns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-https.mobileconfig +[keweondns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-tls.mobileconfig +[mullvad-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-default-https.mobileconfig +[mullvad-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig +[opendns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-default-https.mobileconfig +[opendns-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig +[quad9-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-https.mobileconfig +[quad9-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-tls.mobileconfig +[quad9-ECS-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig +[quad9-ECS-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig +[quad9-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig +[quad9-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig +[tiarapp-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-https.mobileconfig +[tiarapp-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-tls.mobileconfig diff --git a/README.cmn-TW.md b/README.cmn-TW.md index 7c5e522..71fa4d1 100644 --- a/README.cmn-TW.md +++ b/README.cmn-TW.md @@ -19,45 +19,45 @@ 「`審查=是`」意味著描述檔不會發送某些主機「`主機名=IP`」關係的真實訊息。 -| 名稱 | 區域 | 審查 | 備註 | 安裝連結 | | -| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | -| [360 安全 DNS][360-dns] | 🇨🇳 | 是 | 由 360 數位安全集團營運 | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] | -| [AdGuard DNS 預設][adguard-dns-default] | 🇷🇺 | 是 | 由 AdGuard 營運,阻擋廣告、追蹤器和釣魚網站 | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] | -| [AdGuard DNS 家庭保護][adguard-dns-family] | 🇷🇺 | 是 | 由 AdGuard 營運,除預設規則外,額外阻擋惡意軟體和成人內容 | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] | -| [AdGuard DNS 無過濾][adguard-dns-unfiltered] | 🇷🇺 | 否 | 由 AdGuard 營運,無過濾 | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] | -| [Alekberg 加密 DNS][alekberg-dns] | 🇳🇱 | 否 | 由個人提供 | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] | -| [阿里雲公共 DNS][aliyun-dns] | 🇨🇳 | 否 | 由阿里雲計算營運 | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] | -| [BlahDNS CDN 過濾][blahdns] | 🇺🇸 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] | -| [BlahDNS CDN 無過濾][blahdns] | 🇺🇸 | 否 | 由個人提供,無過濾 | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] | -| [BlahDNS 德國][blahdns] | 🇩🇪 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] | -| [BlahDNS 新加坡][blahdns] | 🇸🇬 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] | -| [Canadian Shield 私人][canadian-shield] | 🇨🇦 | 否 | 由加拿大網際網路註冊管理局 (CIRA) 營運 | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] | -| [Canadian Shield 保護][canadian-shield] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體和釣魚網站 | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] | -| [Canadian Shield 家庭][canadian-shield] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] | -| [Cleanbrowsing 家庭過濾器][cleanbrowsing] | 🇺🇸 | 是 | 過濾惡意軟體、成人內容和混合內容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] | -| [Cleanbrowsing 成人過濾器][cleanbrowsing] | 🇺🇸 | 是 | 過濾惡意軟體和成人內容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] | -| [Cleanbrowsing 安全過濾器][cleanbrowsing] | 🇺🇸 | 是 | 過濾惡意軟體 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] | -| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | 否 | 由 Cloudflare 公司營運 | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] | -| [Cloudflare 1.1.1.1 安全][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體和釣魚網站 | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] | -| [Cloudflare 1.1.1.1 家庭][cloudflare-dns-family] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] | -| [DNS4EU][dns4eu] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-profile-https-signed], [TLS][dns4eu-profile-tls-signed] | [HTTPS][dns4eu-profile-https], [TLS][dns4eu-profile-tls] | -| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-profile-malware-https-signed], [TLS][dns4eu-profile-malware-tls-signed] | [HTTPS][dns4eu-profile-malware-https], [TLS][dns4eu-profile-malware-tls] | -| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-profile-protective-ads-https-signed], [TLS][dns4eu-profile-protective-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-ads-https], [TLS][dns4eu-profile-protective-ads-tls] | -| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-profile-protective-child-https-signed], [TLS][dns4eu-profile-protective-child-tls-signed] | [HTTPS][dns4eu-profile-protective-child-https], [TLS][dns4eu-profile-protective-child-tls] | -| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-profile-protective-child-ads-https-signed], [TLS][dns4eu-profile-protective-child-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] | -| [DNSPod 公共 DNS][dnspod-dns] | 🇨🇳 | 否 | 由騰訊公司 DNSPod 營運 | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] | -| [FDN][fdn-dns] | 🇫🇷 | 否 | 由法國資料網路營運 | [HTTPS][fdn-https-signed], [TLS][fdn-tls-signed] | [HTTPS][fdn-https], [TLS][fdn-tls] | -| [FFMUC-DNS][ffmucdns] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-profile-https-signed], [TLS][ffmuc-profile-tls-signed] | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] | -| [Google 公共 DNS][google-dns] | 🇺🇸 | 否 | 由谷歌公司營運 | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] | -| [keweonDNS][keweondns] | 🇩🇪 | 否 | 由 Aviontex 營運,阻擋廣告和追蹤器 | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] | -| [Mullvad DNS][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運 | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] | -| [Mullvad DNS 廣告阻擋][mullvad-dns] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運,阻擋廣告和追蹤器 | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] | -| [OpenDNS 標準版][opendns] | 🇺🇸 | 否 | 由思科 OpenDNS 營運 | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] | -| [OpenDNS 家庭盾][opendns] | 🇺🇸 | 是 | 由思科 OpenDNS 營運,阻擋惡意軟體和成人內容 | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] | -| [Quad9][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會營運,阻擋惡意軟體 | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] | -| [Quad9 帶 ECS][quad9] | 🇨🇭 | 是 | 由 Quad9 基金會營運,支援 ECS,阻擋惡意軟體 | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] | -| [Quad9 無過濾][quad9] | 🇨🇭 | 否 | 由 Quad9 基金會營運 | [HTTPS][quad9-profile-unfiltered-https-signed], [TLS][quad9-profile-unfiltered-tls-signed] | [HTTPS][quad9-profile-unfiltered-https], [TLS][quad9-profile-unfiltered-tls] | -| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體 | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] | +| 名稱 | 區域 | 審查 | 備註 | 安裝連結 | | +| ------------------------------------------------------------------------------------ | ----- | ---- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- | +| [360 安全 DNS][360-default] | 🇨🇳 | 是 | 由 360 數位安全集團營運 | [HTTPS][360-default-https-signed] | [HTTPS][360-default-https] | +| [AdGuard DNS 預設][adguard-default] | 🇷🇺 | 是 | 由 AdGuard 營運,阻擋廣告、追蹤器和釣魚網站 | [HTTPS][adguard-default-https-signed], [TLS][adguard-default-tls-signed] | [HTTPS][adguard-default-https], [TLS][adguard-default-tls] | +| [AdGuard DNS 家庭保護][adguard-family] | 🇷🇺 | 是 | 由 AdGuard 營運,除預設規則外,額外阻擋惡意軟體和成人內容 | [HTTPS][adguard-family-https-signed], [TLS][adguard-family-tls-signed] | [HTTPS][adguard-family-https], [TLS][adguard-family-tls] | +| [AdGuard DNS 無過濾][adguard-nofilter] | 🇷🇺 | 否 | 由 AdGuard 營運,無過濾 | [HTTPS][adguard-nofilter-https-signed], [TLS][adguard-nofilter-tls-signed] | [HTTPS][adguard-nofilter-https], [TLS][adguard-nofilter-tls] | +| [Alekberg 加密 DNS][alekberg-default] | 🇳🇱 | 否 | 由個人提供 | [HTTPS][alekberg-default-https-signed] | [HTTPS][alekberg-default-https] | +| [阿里雲公共 DNS][alibaba-default] | 🇨🇳 | 否 | 由阿里雲計算營運 | [HTTPS][alibaba-default-https-signed], [TLS][alibaba-default-tls-signed] | [HTTPS][alibaba-default-https], [TLS][alibaba-default-tls] | +| [BlahDNS CDN 過濾][blahdns-cdn-adblock] | 🇺🇸 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-cdn-adblock-https-signed] | [HTTPS][blahdns-cdn-adblock-https] | +| [BlahDNS CDN 無過濾][blahdns-cdn-unfiltered] | 🇺🇸 | 否 | 由個人提供,無過濾 | [HTTPS][blahdns-cdn-unfiltered-https-signed] | [HTTPS][blahdns-cdn-unfiltered-https] | +| [BlahDNS 德國][blahdns-germany] | 🇩🇪 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-germany-https-signed] | [HTTPS][blahdns-germany-https] | +| [BlahDNS 新加坡][blahdns-singapore] | 🇸🇬 | 是 | 由個人提供,阻擋廣告、追蹤器和惡意軟體 | [HTTPS][blahdns-singapore-https-signed] | [HTTPS][blahdns-singapore-https] | +| [Canadian Shield 私人][canadianshield-private] | 🇨🇦 | 否 | 由加拿大網際網路註冊管理局 (CIRA) 營運 | [HTTPS][canadianshield-private-https-signed], [TLS][canadianshield-private-tls-signed] | [HTTPS][canadianshield-private-https], [TLS][canadianshield-private-tls] | +| [Canadian Shield 保護][canadianshield-protected] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體和釣魚網站 | [HTTPS][canadianshield-protected-https-signed], [TLS][canadianshield-protected-tls-signed] | [HTTPS][canadianshield-protected-https], [TLS][canadianshield-protected-tls] | +| [Canadian Shield 家庭][canadianshield-family] | 🇨🇦 | 是 | 由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][canadianshield-family-https-signed], [TLS][canadianshield-family-tls-signed] | [HTTPS][canadianshield-family-https], [TLS][canadianshield-family-tls] | +| [Cleanbrowsing 家庭過濾器][cleanbrowsing-family] | 🇺🇸 | 是 | 過濾惡意軟體、成人內容和混合內容 | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] | +| [Cleanbrowsing 成人過濾器][cleanbrowsing-adult] | 🇺🇸 | 是 | 過濾惡意軟體和成人內容 | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] | +| [Cleanbrowsing 安全過濾器][cleanbrowsing-security] | 🇺🇸 | 是 | 過濾惡意軟體 | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] | +| [Cloudflare 1.1.1.1][cloudflare-default] | 🇺🇸 | 否 | 由 Cloudflare 公司營運 | [HTTPS][cloudflare-default-https-signed], [TLS][cloudflare-default-tls-signed] | [HTTPS][cloudflare-default-https], [TLS][cloudflare-default-tls] | +| [Cloudflare 1.1.1.1 安全][cloudflare-malware] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體和釣魚網站 | [HTTPS][cloudflare-malware-https-signed] | [HTTPS][cloudflare-malware-https] | +| [Cloudflare 1.1.1.1 家庭][cloudflare-family] | 🇺🇸 | 是 | 由 Cloudflare 公司營運,阻擋惡意軟體、釣魚和成人內容 | [HTTPS][cloudflare-family-https-signed] | [HTTPS][cloudflare-family-https] | +| [DNS4EU][dns4eu-default] | 🇨🇿 | 否 | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-default-https-signed], [TLS][dns4eu-default-tls-signed] | [HTTPS][dns4eu-default-https], [TLS][dns4eu-default-tls] | +| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-malware-https-signed], [TLS][dns4eu-malware-tls-signed] | [HTTPS][dns4eu-malware-https], [TLS][dns4eu-malware-tls] | +| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-protective-ads-https-signed], [TLS][dns4eu-protective-ads-tls-signed] | [HTTPS][dns4eu-protective-ads-https], [TLS][dns4eu-protective-ads-tls] | +| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-protective-child-https-signed], [TLS][dns4eu-protective-child-tls-signed] | [HTTPS][dns4eu-protective-child-https], [TLS][dns4eu-protective-child-tls] | +| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | 是 | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-protective-child-ads-https-signed], [TLS][dns4eu-protective-child-ads-tls-signed] | [HTTPS][dns4eu-protective-child-ads-https], [TLS][dns4eu-protective-child-ads-tls] | +| [DNSPod 公共 DNS][dnspod-default] | 🇨🇳 | 否 | 由騰訊公司 DNSPod 營運 | [HTTPS][dnspod-default-https-signed], [TLS][dnspod-default-tls-signed] | [HTTPS][dnspod-default-https], [TLS][dnspod-default-tls] | +| [FDN][fdn-default] | 🇫🇷 | 否 | 由法國資料網路營運 | [HTTPS][fdn-default-https-signed], [TLS][fdn-default-tls-signed] | [HTTPS][fdn-default-https], [TLS][fdn-default-tls] | +| [FFMUC-DNS][ffmuc-dns-default] | 🇩🇪 | 否 | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-dns-default-https-signed], [TLS][ffmuc-dns-default-tls-signed] | [HTTPS][ffmuc-dns-default-https], [TLS][ffmuc-dns-default-tls] | +| [Google 公共 DNS][google-default] | 🇺🇸 | 否 | 由谷歌公司營運 | [HTTPS][google-default-https-signed], [TLS][google-default-tls-signed] | [HTTPS][google-default-https], [TLS][google-default-tls] | +| [keweonDNS][keweondns-default] | 🇩🇪 | 否 | 由 Aviontex 營運,阻擋廣告和追蹤器 | [HTTPS][keweondns-default-https-signed], [TLS][keweondns-default-tls-signed] | [HTTPS][keweondns-default-https], [TLS][keweondns-default-tls] | +| [Mullvad DNS][mullvad-default] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運 | [HTTPS][mullvad-default-https-signed] | [HTTPS][mullvad-default-https] | +| [Mullvad DNS 廣告阻擋][mullvad-adblock] | 🇸🇪 | 是 | 由 Mullvad VPN AB 營運,阻擋廣告和追蹤器 | [HTTPS][mullvad-adblock-https-signed] | [HTTPS][mullvad-adblock-https] | +| [OpenDNS 標準版][opendns-default] | 🇺🇸 | 否 | 由思科 OpenDNS 營運 | [HTTPS][opendns-default-https-signed] | [HTTPS][opendns-default-https] | +| [OpenDNS 家庭盾][opendns-family] | 🇺🇸 | 是 | 由思科 OpenDNS 營運,阻擋惡意軟體和成人內容 | [HTTPS][opendns-family-https-signed] | [HTTPS][opendns-family-https] | +| [Quad9][quad9-default] | 🇨🇭 | 是 | 由 Quad9 基金會營運,阻擋惡意軟體 | [HTTPS][quad9-default-https-signed], [TLS][quad9-default-tls-signed] | [HTTPS][quad9-default-https], [TLS][quad9-default-tls] | +| [Quad9 帶 ECS][quad9-ECS] | 🇨🇭 | 是 | 由 Quad9 基金會營運,支援 ECS,阻擋惡意軟體 | [HTTPS][quad9-ECS-https-signed], [TLS][quad9-ECS-tls-signed] | [HTTPS][quad9-ECS-https], [TLS][quad9-ECS-tls] | +| [Quad9 無過濾][quad9-nofilter] | 🇨🇭 | 否 | 由 Quad9 基金會營運 | [HTTPS][quad9-nofilter-https-signed], [TLS][quad9-nofilter-tls-signed] | [HTTPS][quad9-nofilter-https], [TLS][quad9-nofilter-tls] | +| [Tiarap][tiarapp-default] | 🇸🇬 🇺🇸 | 是 | 由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體 | [HTTPS][tiarapp-default-https-signed], [TLS][tiarapp-default-tls-signed] | [HTTPS][tiarapp-default-https], [TLS][tiarapp-default-tls] | ## 安裝 @@ -120,152 +120,164 @@ cat /proc/sys/kernel/random/uuid New-Guid ``` -[360-dns]: https://sdns.360.net/dnsPublic.html -[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig -[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default -[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig -[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig -[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection -[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig -[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig -[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering -[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig -[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig -[alekberg-dns]: https://alekberg.net -[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig -[aliyun-dns]: https://www.alidns.com/ -[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig -[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig -[blahdns]: https://blahdns.com/ -[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig -[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig -[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig -[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig -[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses -[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig -[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig -[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig -[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig -[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig -[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig -[cleanbrowsing]: https://cleanbrowsing.org/filters/ +[360-default]: https://sdns.360.net/dnsPublic.html +[360-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-default-https.mobileconfig +[adguard-default]: https://adguard-dns.io/kb/general/dns-providers/#default +[adguard-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig +[adguard-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig +[adguard-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection +[adguard-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig +[adguard-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig +[adguard-nofilter]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering +[adguard-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig +[adguard-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig +[alekberg-default]: https://alekberg.net +[alekberg-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-default-https.mobileconfig +[alibaba-default]: https://www.alidns.com/ +[alibaba-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-https.mobileconfig +[alibaba-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-tls.mobileconfig +[blahdns-cdn-adblock]: https://blahdns.com/ +[blahdns-cdn-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig +[blahdns-cdn-unfiltered]: https://blahdns.com/ +[blahdns-cdn-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig +[blahdns-germany]: https://blahdns.com/ +[blahdns-germany-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig +[blahdns-singapore]: https://blahdns.com/ +[blahdns-singapore-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig +[canadianshield-private]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-private-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig +[canadianshield-private-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig +[canadianshield-protected]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-protected-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig +[canadianshield-protected-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig +[canadianshield-family]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig +[canadianshield-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig +[cleanbrowsing-family]: https://cleanbrowsing.org/filters/ [cleanbrowsing-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig [cleanbrowsing-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig +[cleanbrowsing-adult]: https://cleanbrowsing.org/filters/ [cleanbrowsing-adult-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig [cleanbrowsing-adult-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig +[cleanbrowsing-security]: https://cleanbrowsing.org/filters/ [cleanbrowsing-security-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig [cleanbrowsing-security-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig -[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/ -[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig -[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig -[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig -[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families -[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig -[dnspod-dns]: https://www.dnspod.com/products/public.dns -[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig -[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig -[fdn-dns]: https://www.fdn.fr/actions/dns/ -[fdn-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-https.mobileconfig -[fdn-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-tls.mobileconfig -[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports -[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig -[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig -[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/ -[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-https.mobileconfig -[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-tls.mobileconfig -[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ -[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-https.mobileconfig -[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig -[opendns]: https://support.opendns.com/hc/articles/360038086532 -[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig -[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig -[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ -[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig -[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig -[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig -[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig -[quad9-profile-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig -[quad9-profile-unfiltered-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig -[tiarap]: https://doh.tiar.app -[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig -[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig -[dns4eu]: https://www.joindns4.eu/for-public -[dns4eu-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-https.mobileconfig -[dns4eu-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-tls.mobileconfig +[cloudflare-default]: https://developers.cloudflare.com/1.1.1.1/encryption/ +[cloudflare-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-https.mobileconfig +[cloudflare-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-tls.mobileconfig +[cloudflare-malware]: https://developers.cloudflare.com/1.1.1.1/encryption/ +[cloudflare-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig +[cloudflare-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families +[cloudflare-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig +[dns4eu-default]: https://www.joindns4.eu/for-public +[dns4eu-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-https.mobileconfig +[dns4eu-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-tls.mobileconfig [dns4eu-malware]: https://www.joindns4.eu/for-public -[dns4eu-profile-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig -[dns4eu-profile-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig +[dns4eu-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig +[dns4eu-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig [dns4eu-protective-ads]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig -[dns4eu-profile-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig +[dns4eu-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig +[dns4eu-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig [dns4eu-protective-child]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig -[dns4eu-profile-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig +[dns4eu-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig +[dns4eu-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig [dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig -[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig -[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en -[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig -[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig -[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig -[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig -[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig -[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig -[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig -[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig -[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig -[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig -[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig -[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig -[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig -[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig -[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig -[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig -[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig -[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig -[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig -[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig -[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig -[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig +[dns4eu-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig +[dns4eu-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig +[dnspod-default]: https://www.dnspod.com/products/public.dns +[dnspod-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-https.mobileconfig +[dnspod-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-tls.mobileconfig +[fdn-default]: https://www.fdn.fr/actions/dns/ +[fdn-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-https.mobileconfig +[fdn-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-tls.mobileconfig +[ffmuc-dns-default]: https://ffmuc.net/wiki/knb:dohdot_en +[ffmuc-dns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-https.mobileconfig +[ffmuc-dns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-tls.mobileconfig +[google-default]: https://developers.google.com/speed/public-dns/docs/secure-transports +[google-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-https.mobileconfig +[google-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-tls.mobileconfig +[keweondns-default]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/ +[keweondns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-https.mobileconfig +[keweondns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-tls.mobileconfig +[mullvad-default]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ +[mullvad-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-default-https.mobileconfig +[mullvad-adblock]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ +[mullvad-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig +[opendns-default]: https://support.opendns.com/hc/articles/360038086532 +[opendns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-default-https.mobileconfig +[opendns-family]: https://support.opendns.com/hc/articles/360038086532 +[opendns-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig +[quad9-default]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-https.mobileconfig +[quad9-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-tls.mobileconfig +[quad9-ECS]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-ECS-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig +[quad9-ECS-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig +[quad9-nofilter]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig +[quad9-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig +[tiarapp-default]: https://doh.tiar.app +[tiarapp-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-https.mobileconfig +[tiarapp-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-tls.mobileconfig +[360-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-default-https.mobileconfig +[adguard-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig +[adguard-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig +[adguard-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig +[adguard-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig +[adguard-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig +[adguard-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig +[alekberg-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-default-https.mobileconfig +[alibaba-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-https.mobileconfig +[alibaba-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-tls.mobileconfig +[blahdns-cdn-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig +[blahdns-cdn-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig +[blahdns-germany-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig +[blahdns-singapore-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig +[canadianshield-private-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig +[canadianshield-private-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig +[canadianshield-protected-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig +[canadianshield-protected-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig +[canadianshield-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig +[canadianshield-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig [cleanbrowsing-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-https.mobileconfig [cleanbrowsing-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-tls.mobileconfig [cleanbrowsing-adult-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-https.mobileconfig [cleanbrowsing-adult-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-tls.mobileconfig [cleanbrowsing-security-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-https.mobileconfig [cleanbrowsing-security-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-tls.mobileconfig -[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig -[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig -[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig -[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig -[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig -[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig -[fdn-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-https.mobileconfig -[fdn-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-tls.mobileconfig -[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig -[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig -[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-https.mobileconfig -[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-tls.mobileconfig -[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-https.mobileconfig -[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig -[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig -[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig -[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig -[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig -[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig -[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig -[quad9-profile-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig -[quad9-profile-unfiltered-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig -[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig -[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig -[dns4eu-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-https.mobileconfig -[dns4eu-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-tls.mobileconfig -[dns4eu-profile-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig -[dns4eu-profile-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig -[dns4eu-profile-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig -[dns4eu-profile-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig -[dns4eu-profile-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig -[dns4eu-profile-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig -[dns4eu-profile-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig -[dns4eu-profile-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig -[ffmuc-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-https.mobileconfig -[ffmuc-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-tls.mobileconfig +[cloudflare-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-https.mobileconfig +[cloudflare-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-tls.mobileconfig +[cloudflare-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig +[cloudflare-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig +[dns4eu-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-https.mobileconfig +[dns4eu-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-tls.mobileconfig +[dns4eu-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig +[dns4eu-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig +[dns4eu-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig +[dns4eu-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig +[dns4eu-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig +[dns4eu-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig +[dns4eu-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig +[dns4eu-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig +[dnspod-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-https.mobileconfig +[dnspod-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-tls.mobileconfig +[fdn-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-https.mobileconfig +[fdn-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-tls.mobileconfig +[ffmuc-dns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-https.mobileconfig +[ffmuc-dns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-tls.mobileconfig +[google-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-https.mobileconfig +[google-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-tls.mobileconfig +[keweondns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-https.mobileconfig +[keweondns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-tls.mobileconfig +[mullvad-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-default-https.mobileconfig +[mullvad-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig +[opendns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-default-https.mobileconfig +[opendns-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig +[quad9-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-https.mobileconfig +[quad9-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-tls.mobileconfig +[quad9-ECS-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig +[quad9-ECS-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig +[quad9-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig +[quad9-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig +[tiarapp-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-https.mobileconfig +[tiarapp-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-tls.mobileconfig diff --git a/README.md b/README.md index 1e35f4c..30c7af9 100644 --- a/README.md +++ b/README.md @@ -25,45 +25,45 @@ Mac: Censorship (also known as "filtering") means the profile will not send true information about `hostname=IP` relation for some hosts. -| Name | Region | Censorship | Notes | Install | Install (unsigned) | -| ------------------------------------------------------------------------------------ | ------ | ---------- | --------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | -| [360 Security DNS][360-dns] | 🇨🇳 | Yes | Operated by 360 Digital Security Group | [HTTPS][360-dns-profile-https-signed] | [HTTPS][360-dns-profile-https] | -| [AdGuard DNS Default][adguard-dns-default] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing | [HTTPS][adguard-dns-default-profile-https-signed], [TLS][adguard-dns-default-profile-tls-signed] | [HTTPS][adguard-dns-default-profile-https], [TLS][adguard-dns-default-profile-tls] | -| [AdGuard DNS Family Protection][adguard-dns-family] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content | [HTTPS][adguard-dns-family-profile-https-signed], [TLS][adguard-dns-family-profile-tls-signed] | [HTTPS][adguard-dns-family-profile-https], [TLS][adguard-dns-family-profile-tls] | -| [AdGuard DNS Non-filtering][adguard-dns-unfiltered] | 🇷🇺 | No | Operated by AdGuard Software Ltd. Non-filtering | [HTTPS][adguard-dns-unfiltered-profile-https-signed], [TLS][adguard-dns-unfiltered-profile-tls-signed] | [HTTPS][adguard-dns-unfiltered-profile-https], [TLS][adguard-dns-unfiltered-profile-tls] | -| [Alekberg Encrypted DNS][alekberg-dns] | 🇳🇱 | No | Independent | [HTTPS][alekberg-dns-profile-https-signed] | [HTTPS][alekberg-dns-profile-https] | -| [Aliyun Public DNS][aliyun-dns] | 🇨🇳 | No | Operated by Alibaba Cloud Ltd. | [HTTPS][aliyun-dns-profile-https-signed], [TLS][aliyun-dns-profile-tls-signed] | [HTTPS][aliyun-dns-profile-https], [TLS][aliyun-dns-profile-tls] | -| [BlahDNS CDN Filtered][blahdns] | 🇺🇸 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-cdn-filtered-profile-https-signed] | [HTTPS][blahdns-cdn-filtered-profile-https] | -| [BlahDNS CDN Unfiltered][blahdns] | 🇺🇸 | No | Independent. Non-filtering | [HTTPS][blahdns-cdn-unfiltered-profile-https-signed] | [HTTPS][blahdns-cdn-unfiltered-profile-https] | -| [BlahDNS Germany][blahdns] | 🇩🇪 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-germany-profile-https-signed] | [HTTPS][blahdns-germany-profile-https] | -| [BlahDNS Singapore][blahdns] | 🇸🇬 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-singapore-profile-https-signed] | [HTTPS][blahdns-singapore-profile-https] | -| [Canadian Shield Private][canadian-shield] | 🇨🇦 | No | Operated by the Canadian Internet Registration Authority (CIRA) | [HTTPS][canadian-shield-private-profile-https-signed], [TLS][canadian-shield-private-profile-tls-signed] | [HTTPS][canadian-shield-private-profile-https], [TLS][canadian-shield-private-profile-tls] | -| [Canadian Shield Protected][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing | [HTTPS][canadian-shield-protected-profile-https-signed], [TLS][canadian-shield-protected-profile-tls-signed] | [HTTPS][canadian-shield-protected-profile-https], [TLS][canadian-shield-protected-profile-tls] | -| [Canadian Shield Family][canadian-shield] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content | [HTTPS][canadian-shield-family-profile-https-signed], [TLS][canadian-shield-family-profile-tls-signed] | [HTTPS][canadian-shield-family-profile-https], [TLS][canadian-shield-family-profile-tls] | -| [Cleanbrowsing Family Filter][cleanbrowsing] | 🇺🇸 | Yes | Filters malware & adult, mixed content | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] | -| [Cleanbrowsing Adult Filter][cleanbrowsing] | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] | -| [Cleanbrowsing Security Filter][cleanbrowsing] | 🇺🇸 | Yes | Filters malware | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] | -| [Cloudflare 1.1.1.1][cloudflare-dns] | 🇺🇸 | No | Operated by Cloudflare Inc. | [HTTPS][cloudflare-dns-profile-https-signed], [TLS][cloudflare-dns-profile-tls-signed] | [HTTPS][cloudflare-dns-profile-https], [TLS][cloudflare-dns-profile-tls] | -| [Cloudflare 1.1.1.1 Security][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware & phishing | [HTTPS][cloudflare-dns-security-profile-https-signed] | [HTTPS][cloudflare-dns-security-profile-https] | -| [Cloudflare 1.1.1.1 Family][cloudflare-dns-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware, phishing & adult content | [HTTPS][cloudflare-dns-family-profile-https-signed] | [HTTPS][cloudflare-dns-family-profile-https] | -| [DNS4EU][dns4eu] | 🇨🇿 | No | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-profile-https-signed], [TLS][dns4eu-profile-tls-signed] | [HTTPS][dns4eu-profile-https], [TLS][dns4eu-profile-tls] | -| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-profile-malware-https-signed], [TLS][dns4eu-profile-malware-tls-signed] | [HTTPS][dns4eu-profile-malware-https], [TLS][dns4eu-profile-malware-tls] | -| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-profile-protective-ads-https-signed], [TLS][dns4eu-profile-protective-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-ads-https], [TLS][dns4eu-profile-protective-ads-tls] | -| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-profile-protective-child-https-signed], [TLS][dns4eu-profile-protective-child-tls-signed] | [HTTPS][dns4eu-profile-protective-child-https], [TLS][dns4eu-profile-protective-child-tls] | -| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-profile-protective-child-ads-https-signed], [TLS][dns4eu-profile-protective-child-ads-tls-signed] | [HTTPS][dns4eu-profile-protective-child-ads-https], [TLS][dns4eu-profile-protective-child-ads-tls] | -| [DNSPod Public DNS][dnspod-dns] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-dns-profile-https-signed], [TLS][dnspod-dns-profile-tls-signed] | [HTTPS][dnspod-dns-profile-https], [TLS][dnspod-dns-profile-tls] | -| [FDN][fdn-dns] | 🇫🇷 | No | Operated by French Data Network | [HTTPS][fdn-https-signed], [TLS][fdn-tls-signed] | [HTTPS][fdn-https], [TLS][fdn-tls] | -| [FFMUC-DNS][ffmucdns] | 🇩🇪 | No | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-profile-https-signed], [TLS][ffmuc-profile-tls-signed] | [HTTPS][ffmuc-profile-https], [TLS][ffmuc-profile-tls] | -| [Google Public DNS][google-dns] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-dns-profile-https-signed], [TLS][google-dns-profile-tls-signed] | [HTTPS][google-dns-profile-https], [TLS][google-dns-profile-tls] | -| [keweonDNS][keweondns] | 🇩🇪 | No | Operated by Aviontex. Blocks ads & tracking | [HTTPS][keweondns-profile-https-signed], [TLS][keweondns-profile-tls-signed] | [HTTPS][keweondns-profile-https], [TLS][keweondns-profile-tls] | -| [Mullvad DNS][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-dns-profile-https-signed] | [HTTPS][mullvad-dns-profile-https] | -| [Mullvad DNS Adblock][mullvad-dns] | 🇸🇪 | Yes | Operated by Mullvad VPN AB. Blocks ads & tracking | [HTTPS][mullvad-dns-adblock-profile-https-signed] | [HTTPS][mullvad-dns-adblock-profile-https] | -| [OpenDNS Standard][opendns] | 🇺🇸 | No | Operated by Cisco OpenDNS LLC | [HTTPS][opendns-standard-profile-https-signed] | [HTTPS][opendns-standard-profile-https] | -| [OpenDNS FamilyShield][opendns] | 🇺🇸 | Yes | Operated by Cisco OpenDNS LLC. Blocks malware & adult content | [HTTPS][opendns-familyshield-profile-https-signed] | [HTTPS][opendns-familyshield-profile-https] | -| [Quad9][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Blocks malware | [HTTPS][quad9-profile-https-signed], [TLS][quad9-profile-tls-signed] | [HTTPS][quad9-profile-https], [TLS][quad9-profile-tls] | -| [Quad9 w/ ECS][quad9] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Supports ECS. Blocks malware | [HTTPS][quad9-ecs-profile-https-signed], [TLS][quad9-ecs-profile-tls-signed] | [HTTPS][quad9-ecs-profile-https], [TLS][quad9-ecs-profile-tls] | -| [Quad9 Unfiltered][quad9] | 🇨🇭 | No | Operated by Quad9 Foundation. | [HTTPS][quad9-profile-unfiltered-https-signed], [TLS][quad9-profile-unfiltered-tls-signed] | [HTTPS][quad9-profile-unfiltered-https], [TLS][quad9-profile-unfiltered-tls] | -| [Tiarap][tiarap] | 🇸🇬 🇺🇸 | Yes | Operated by Tiarap Inc. Blocks ads, tracking, phising & malware | [HTTPS][tiarap-profile-https-signed], [TLS][tiarap-profile-tls-signed] | [HTTPS][tiarap-profile-https], [TLS][tiarap-profile-tls] | +| Name | Region | Censorship | Notes | Install | Install (unsigned) | +| ------------------------------------------------------------------------------------ | ------ | ---------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- | +| [360 Security DNS][360-default] | 🇨🇳 | Yes | Operated by 360 Digital Security Group | [HTTPS][360-default-https-signed] | [HTTPS][360-default-https] | +| [AdGuard DNS Default][adguard-default] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing | [HTTPS][adguard-default-https-signed], [TLS][adguard-default-tls-signed] | [HTTPS][adguard-default-https], [TLS][adguard-default-tls] | +| [AdGuard DNS Family Protection][adguard-family] | 🇷🇺 | Yes | Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content | [HTTPS][adguard-family-https-signed], [TLS][adguard-family-tls-signed] | [HTTPS][adguard-family-https], [TLS][adguard-family-tls] | +| [AdGuard DNS Non-filtering][adguard-nofilter] | 🇷🇺 | No | Operated by AdGuard Software Ltd. Non-filtering | [HTTPS][adguard-nofilter-https-signed], [TLS][adguard-nofilter-tls-signed] | [HTTPS][adguard-nofilter-https], [TLS][adguard-nofilter-tls] | +| [Alekberg Encrypted DNS][alekberg-default] | 🇳🇱 | No | Independent | [HTTPS][alekberg-default-https-signed] | [HTTPS][alekberg-default-https] | +| [Aliyun Public DNS][alibaba-default] | 🇨🇳 | No | Operated by Alibaba Cloud Ltd. | [HTTPS][alibaba-default-https-signed], [TLS][alibaba-default-tls-signed] | [HTTPS][alibaba-default-https], [TLS][alibaba-default-tls] | +| [BlahDNS CDN Filtered][blahdns-cdn-adblock] | 🇺🇸 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-cdn-adblock-https-signed] | [HTTPS][blahdns-cdn-adblock-https] | +| [BlahDNS CDN Unfiltered][blahdns-cdn-unfiltered] | 🇺🇸 | No | Independent. Non-filtering | [HTTPS][blahdns-cdn-unfiltered-https-signed] | [HTTPS][blahdns-cdn-unfiltered-https] | +| [BlahDNS Germany][blahdns-germany] | 🇩🇪 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-germany-https-signed] | [HTTPS][blahdns-germany-https] | +| [BlahDNS Singapore][blahdns-singapore] | 🇸🇬 | Yes | Independent. Blocks ads, tracking & malware | [HTTPS][blahdns-singapore-https-signed] | [HTTPS][blahdns-singapore-https] | +| [Canadian Shield Private][canadianshield-private] | 🇨🇦 | No | Operated by the Canadian Internet Registration Authority (CIRA) | [HTTPS][canadianshield-private-https-signed], [TLS][canadianshield-private-tls-signed] | [HTTPS][canadianshield-private-https], [TLS][canadianshield-private-tls] | +| [Canadian Shield Protected][canadianshield-protected] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing | [HTTPS][canadianshield-protected-https-signed], [TLS][canadianshield-protected-tls-signed] | [HTTPS][canadianshield-protected-https], [TLS][canadianshield-protected-tls] | +| [Canadian Shield Family][canadianshield-family] | 🇨🇦 | Yes | Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content | [HTTPS][canadianshield-family-https-signed], [TLS][canadianshield-family-tls-signed] | [HTTPS][canadianshield-family-https], [TLS][canadianshield-family-tls] | +| [Cleanbrowsing Family Filter][cleanbrowsing-family] | 🇺🇸 | Yes | Filters malware & adult, mixed content | [HTTPS][cleanbrowsing-family-https-signed], [TLS][cleanbrowsing-family-tls-signed] | [HTTPS][cleanbrowsing-family-https], [TLS][cleanbrowsing-family-tls] | +| [Cleanbrowsing Adult Filter][cleanbrowsing-adult] | 🇺🇸 | Yes | Filters malware & adult content | [HTTPS][cleanbrowsing-adult-https-signed], [TLS][cleanbrowsing-adult-tls-signed] | [HTTPS][cleanbrowsing-adult-https], [TLS][cleanbrowsing-adult-tls] | +| [Cleanbrowsing Security Filter][cleanbrowsing-security] | 🇺🇸 | Yes | Filters malware | [HTTPS][cleanbrowsing-security-https-signed], [TLS][cleanbrowsing-security-tls-signed] | [HTTPS][cleanbrowsing-security-https], [TLS][cleanbrowsing-security-tls] | +| [Cloudflare 1.1.1.1][cloudflare-default] | 🇺🇸 | No | Operated by Cloudflare Inc. | [HTTPS][cloudflare-default-https-signed], [TLS][cloudflare-default-tls-signed] | [HTTPS][cloudflare-default-https], [TLS][cloudflare-default-tls] | +| [Cloudflare 1.1.1.1 Security][cloudflare-malware] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware & phishing | [HTTPS][cloudflare-malware-https-signed] | [HTTPS][cloudflare-malware-https] | +| [Cloudflare 1.1.1.1 Family][cloudflare-family] | 🇺🇸 | Yes | Operated by Cloudflare Inc. Blocks malware, phishing & adult content | [HTTPS][cloudflare-family-https-signed] | [HTTPS][cloudflare-family-https] | +| [DNS4EU][dns4eu-default] | 🇨🇿 | No | Operated by a consortium lead by Whalebone. | [HTTPS][dns4eu-default-https-signed], [TLS][dns4eu-default-tls-signed] | [HTTPS][dns4eu-default-https], [TLS][dns4eu-default-tls] | +| [DNS4EU Protective][dns4eu-malware] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware. | [HTTPS][dns4eu-malware-https-signed], [TLS][dns4eu-malware-tls-signed] | [HTTPS][dns4eu-malware-https], [TLS][dns4eu-malware-tls] | +| [DNS4EU Protective ad-blocking][dns4eu-protective-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware and Ads | [HTTPS][dns4eu-protective-ads-https-signed], [TLS][dns4eu-protective-ads-tls-signed] | [HTTPS][dns4eu-protective-ads-https], [TLS][dns4eu-protective-ads-tls] | +| [DNS4EU Protective with child protection][dns4eu-protective-child] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks malware and explicit content. | [HTTPS][dns4eu-protective-child-https-signed], [TLS][dns4eu-protective-child-tls-signed] | [HTTPS][dns4eu-protective-child-https], [TLS][dns4eu-protective-child-tls] | +| [DNS4EU Protective with child protection & ad-blocking][dns4eu-protective-child-ads] | 🇨🇿 | Yes | Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content | [HTTPS][dns4eu-protective-child-ads-https-signed], [TLS][dns4eu-protective-child-ads-tls-signed] | [HTTPS][dns4eu-protective-child-ads-https], [TLS][dns4eu-protective-child-ads-tls] | +| [DNSPod Public DNS][dnspod-default] | 🇨🇳 | No | Operated by DNSPod Inc., a Tencent Cloud Company | [HTTPS][dnspod-default-https-signed], [TLS][dnspod-default-tls-signed] | [HTTPS][dnspod-default-https], [TLS][dnspod-default-tls] | +| [FDN][fdn-default] | 🇫🇷 | No | Operated by French Data Network | [HTTPS][fdn-default-https-signed], [TLS][fdn-default-tls-signed] | [HTTPS][fdn-default-https], [TLS][fdn-default-tls] | +| [FFMUC-DNS][ffmuc-dns-default] | 🇩🇪 | No | FFMUC free DNS servers provided by Freifunk München. | [HTTPS][ffmuc-dns-default-https-signed], [TLS][ffmuc-dns-default-tls-signed] | [HTTPS][ffmuc-dns-default-https], [TLS][ffmuc-dns-default-tls] | +| [Google Public DNS][google-default] | 🇺🇸 | No | Operated by Google LLC | [HTTPS][google-default-https-signed], [TLS][google-default-tls-signed] | [HTTPS][google-default-https], [TLS][google-default-tls] | +| [keweonDNS][keweondns-default] | 🇩🇪 | No | Operated by Aviontex. Blocks ads & tracking | [HTTPS][keweondns-default-https-signed], [TLS][keweondns-default-tls-signed] | [HTTPS][keweondns-default-https], [TLS][keweondns-default-tls] | +| [Mullvad DNS][mullvad-default] | 🇸🇪 | Yes | Operated by Mullvad VPN AB | [HTTPS][mullvad-default-https-signed] | [HTTPS][mullvad-default-https] | +| [Mullvad DNS Adblock][mullvad-adblock] | 🇸🇪 | Yes | Operated by Mullvad VPN AB. Blocks ads & tracking | [HTTPS][mullvad-adblock-https-signed] | [HTTPS][mullvad-adblock-https] | +| [OpenDNS Standard][opendns-default] | 🇺🇸 | No | Operated by Cisco OpenDNS LLC | [HTTPS][opendns-default-https-signed] | [HTTPS][opendns-default-https] | +| [OpenDNS FamilyShield][opendns-family] | 🇺🇸 | Yes | Operated by Cisco OpenDNS LLC. Blocks malware & adult content | [HTTPS][opendns-family-https-signed] | [HTTPS][opendns-family-https] | +| [Quad9][quad9-default] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Blocks malware | [HTTPS][quad9-default-https-signed], [TLS][quad9-default-tls-signed] | [HTTPS][quad9-default-https], [TLS][quad9-default-tls] | +| [Quad9 w/ ECS][quad9-ECS] | 🇨🇭 | Yes | Operated by Quad9 Foundation. Supports ECS. Blocks malware | [HTTPS][quad9-ECS-https-signed], [TLS][quad9-ECS-tls-signed] | [HTTPS][quad9-ECS-https], [TLS][quad9-ECS-tls] | +| [Quad9 Unfiltered][quad9-nofilter] | 🇨🇭 | No | Operated by Quad9 Foundation. | [HTTPS][quad9-nofilter-https-signed], [TLS][quad9-nofilter-tls-signed] | [HTTPS][quad9-nofilter-https], [TLS][quad9-nofilter-tls] | +| [Tiarap][tiarapp-default] | 🇸🇬 🇺🇸 | Yes | Operated by Tiarap Inc. Blocks ads, tracking, phising & malware | [HTTPS][tiarapp-default-https-signed], [TLS][tiarapp-default-tls-signed] | [HTTPS][tiarapp-default-https], [TLS][tiarapp-default-tls] | ## Known issues @@ -102,163 +102,174 @@ Censorship (also known as "filtering") means the profile will not send true info - `npm run new` - interactively creates new profile from CLI options. Can also be ran with flags. - `scripts/new.test.ts` includes CLI snapshot tests and a PTY interactive flow test. - PTY test runs by default; set `NEW_TEST_PTY=0` to opt out. -- `node scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig -- `node scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL. +- `src/scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig +- `src/scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL. - Uses `-nosmimecap` to match local CMS signing policy. -- `node scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout. -- `node test/sign-single.test.ts` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`. - - Runs under `npm run test`. +- `src/scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout. +- `npm run test` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`. - Generates temporary test root/signer certificates and keys via OpenSSL. - Signs the same profile with `scripts/sign.ts` and `scripts/sign_openssl.sh`. - Verifies detached content and embedded certificate set parity. -[360-dns]: https://sdns.360.net/dnsPublic.html -[360-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-https.mobileconfig -[adguard-dns-default]: https://adguard-dns.io/kb/general/dns-providers/#default -[adguard-dns-default-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig -[adguard-dns-default-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig -[adguard-dns-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection -[adguard-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig -[adguard-dns-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig -[adguard-dns-unfiltered]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering -[adguard-dns-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig -[adguard-dns-unfiltered-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig -[alekberg-dns]: https://alekberg.net -[alekberg-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-https.mobileconfig -[aliyun-dns]: https://www.alidns.com/ -[aliyun-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-https.mobileconfig -[aliyun-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-tls.mobileconfig -[blahdns]: https://blahdns.com/ -[blahdns-cdn-filtered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig -[blahdns-cdn-unfiltered-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig -[blahdns-germany-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig -[blahdns-singapore-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig -[canadian-shield]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses -[canadian-shield-private-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig -[canadian-shield-private-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig -[canadian-shield-protected-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig -[canadian-shield-protected-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig -[canadian-shield-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig -[canadian-shield-family-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig -[cleanbrowsing]: https://cleanbrowsing.org/filters/ +[360-default]: https://sdns.360.net/dnsPublic.html +[360-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/360-default-https.mobileconfig +[adguard-default]: https://adguard-dns.io/kb/general/dns-providers/#default +[adguard-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-https.mobileconfig +[adguard-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-default-tls.mobileconfig +[adguard-family]: https://adguard-dns.io/kb/general/dns-providers/#family-protection +[adguard-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-https.mobileconfig +[adguard-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-family-tls.mobileconfig +[adguard-nofilter]: https://adguard-dns.io/kb/general/dns-providers/#non-filtering +[adguard-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-https.mobileconfig +[adguard-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/adguard-nofilter-tls.mobileconfig +[alekberg-default]: https://alekberg.net +[alekberg-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alekberg-default-https.mobileconfig +[alibaba-default]: https://www.alidns.com/ +[alibaba-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-https.mobileconfig +[alibaba-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/alibaba-default-tls.mobileconfig +[blahdns-cdn-adblock]: https://blahdns.com/ +[blahdns-cdn-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-adblock-https.mobileconfig +[blahdns-cdn-unfiltered]: https://blahdns.com/ +[blahdns-cdn-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-cdn-unfiltered-https.mobileconfig +[blahdns-germany]: https://blahdns.com/ +[blahdns-germany-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-germany-https.mobileconfig +[blahdns-singapore]: https://blahdns.com/ +[blahdns-singapore-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/blahdns-singapore-https.mobileconfig +[canadianshield-private]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-private-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-https.mobileconfig +[canadianshield-private-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-private-tls.mobileconfig +[canadianshield-protected]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-protected-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-https.mobileconfig +[canadianshield-protected-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-protected-tls.mobileconfig +[canadianshield-family]: https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses +[canadianshield-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-https.mobileconfig +[canadianshield-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/canadianshield-family-tls.mobileconfig +[cleanbrowsing-family]: https://cleanbrowsing.org/filters/ [cleanbrowsing-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-https.mobileconfig [cleanbrowsing-family-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-family-tls.mobileconfig +[cleanbrowsing-adult]: https://cleanbrowsing.org/filters/ [cleanbrowsing-adult-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-https.mobileconfig [cleanbrowsing-adult-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-adult-tls.mobileconfig +[cleanbrowsing-security]: https://cleanbrowsing.org/filters/ [cleanbrowsing-security-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-https.mobileconfig [cleanbrowsing-security-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cleanbrowsing-security-tls.mobileconfig -[cloudflare-dns]: https://developers.cloudflare.com/1.1.1.1/encryption/ -[cloudflare-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-https.mobileconfig -[cloudflare-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-tls.mobileconfig -[cloudflare-dns-security-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig -[cloudflare-dns-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families -[cloudflare-dns-family-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig -[dnspod-dns]: https://www.dnspod.com/products/public.dns -[dnspod-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-https.mobileconfig -[dnspod-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-tls.mobileconfig -[fdn-dns]: https://www.fdn.fr/actions/dns/ -[fdn-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-https.mobileconfig -[fdn-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-tls.mobileconfig -[google-dns]: https://developers.google.com/speed/public-dns/docs/secure-transports -[google-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-https.mobileconfig -[google-dns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-tls.mobileconfig -[keweondns]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/ -[keweondns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-https.mobileconfig -[keweondns-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-tls.mobileconfig -[mullvad-dns]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ -[mullvad-dns-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-https.mobileconfig -[mullvad-dns-adblock-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig -[opendns]: https://support.opendns.com/hc/articles/360038086532 -[opendns-standard-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-https.mobileconfig -[opendns-familyshield-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig -[quad9]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ -[quad9-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-https.mobileconfig -[quad9-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-tls.mobileconfig -[quad9-ecs-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig -[quad9-ecs-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig -[quad9-profile-unfiltered-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig -[quad9-profile-unfiltered-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig -[tiarap]: https://doh.tiar.app -[tiarap-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-https.mobileconfig -[tiarap-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-tls.mobileconfig -[dns4eu]: https://www.joindns4.eu/for-public -[dns4eu-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-https.mobileconfig -[dns4eu-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-tls.mobileconfig +[cloudflare-default]: https://developers.cloudflare.com/1.1.1.1/encryption/ +[cloudflare-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-https.mobileconfig +[cloudflare-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-default-tls.mobileconfig +[cloudflare-malware]: https://developers.cloudflare.com/1.1.1.1/encryption/ +[cloudflare-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-malware-https.mobileconfig +[cloudflare-family]: https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families +[cloudflare-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/cloudflare-family-https.mobileconfig +[dns4eu-default]: https://www.joindns4.eu/for-public +[dns4eu-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-https.mobileconfig +[dns4eu-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-default-tls.mobileconfig [dns4eu-malware]: https://www.joindns4.eu/for-public -[dns4eu-profile-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig -[dns4eu-profile-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig +[dns4eu-malware-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-https.mobileconfig +[dns4eu-malware-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-malware-tls.mobileconfig [dns4eu-protective-ads]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig -[dns4eu-profile-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig +[dns4eu-protective-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-https.mobileconfig +[dns4eu-protective-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-ads-tls.mobileconfig [dns4eu-protective-child]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig -[dns4eu-profile-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig +[dns4eu-protective-child-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-https.mobileconfig +[dns4eu-protective-child-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-tls.mobileconfig [dns4eu-protective-child-ads]: https://www.joindns4.eu/for-public -[dns4eu-profile-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig -[dns4eu-profile-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig -[ffmucdns]: https://ffmuc.net/wiki/knb:dohdot_en -[ffmuc-profile-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-https.mobileconfig -[ffmuc-profile-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmucdns-tls.mobileconfig -[360-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-https.mobileconfig -[adguard-dns-default-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig -[adguard-dns-default-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig -[adguard-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig -[adguard-dns-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig -[adguard-dns-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig -[adguard-dns-unfiltered-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig -[alekberg-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-https.mobileconfig -[aliyun-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-https.mobileconfig -[aliyun-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-tls.mobileconfig -[blahdns-cdn-filtered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig -[blahdns-cdn-unfiltered-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig -[blahdns-germany-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig -[blahdns-singapore-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig -[canadian-shield-private-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig -[canadian-shield-private-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig -[canadian-shield-protected-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig -[canadian-shield-protected-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig -[canadian-shield-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig -[canadian-shield-family-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig +[dns4eu-protective-child-ads-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-https.mobileconfig +[dns4eu-protective-child-ads-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dns4eu-protective-child-ads-tls.mobileconfig +[dnspod-default]: https://www.dnspod.com/products/public.dns +[dnspod-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-https.mobileconfig +[dnspod-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/dnspod-default-tls.mobileconfig +[fdn-default]: https://www.fdn.fr/actions/dns/ +[fdn-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-https.mobileconfig +[fdn-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/fdn-default-tls.mobileconfig +[ffmuc-dns-default]: https://ffmuc.net/wiki/knb:dohdot_en +[ffmuc-dns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-https.mobileconfig +[ffmuc-dns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/ffmuc-dns-default-tls.mobileconfig +[google-default]: https://developers.google.com/speed/public-dns/docs/secure-transports +[google-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-https.mobileconfig +[google-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/google-default-tls.mobileconfig +[keweondns-default]: https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/ +[keweondns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-https.mobileconfig +[keweondns-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/keweondns-default-tls.mobileconfig +[mullvad-default]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ +[mullvad-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-default-https.mobileconfig +[mullvad-adblock]: https://mullvad.net/help/dns-over-https-and-dns-over-tls/ +[mullvad-adblock-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/mullvad-adblock-https.mobileconfig +[opendns-default]: https://support.opendns.com/hc/articles/360038086532 +[opendns-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-default-https.mobileconfig +[opendns-family]: https://support.opendns.com/hc/articles/360038086532 +[opendns-family-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/opendns-family-https.mobileconfig +[quad9-default]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-https.mobileconfig +[quad9-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-default-tls.mobileconfig +[quad9-ECS]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-ECS-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-https.mobileconfig +[quad9-ECS-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-ECS-tls.mobileconfig +[quad9-nofilter]: https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/ +[quad9-nofilter-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-https.mobileconfig +[quad9-nofilter-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/quad9-nofilter-tls.mobileconfig +[tiarapp-default]: https://doh.tiar.app +[tiarapp-default-https]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-https.mobileconfig +[tiarapp-default-tls]: https://github.com/paulmillr/encrypted-dns/raw/master/profiles/tiarapp-default-tls.mobileconfig +[360-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/360-default-https.mobileconfig +[adguard-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-https.mobileconfig +[adguard-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-default-tls.mobileconfig +[adguard-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-https.mobileconfig +[adguard-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-family-tls.mobileconfig +[adguard-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-https.mobileconfig +[adguard-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/adguard-nofilter-tls.mobileconfig +[alekberg-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alekberg-default-https.mobileconfig +[alibaba-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-https.mobileconfig +[alibaba-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/alibaba-default-tls.mobileconfig +[blahdns-cdn-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-adblock-https.mobileconfig +[blahdns-cdn-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-cdn-unfiltered-https.mobileconfig +[blahdns-germany-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-germany-https.mobileconfig +[blahdns-singapore-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/blahdns-singapore-https.mobileconfig +[canadianshield-private-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-https.mobileconfig +[canadianshield-private-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-private-tls.mobileconfig +[canadianshield-protected-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-https.mobileconfig +[canadianshield-protected-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-protected-tls.mobileconfig +[canadianshield-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-https.mobileconfig +[canadianshield-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/canadianshield-family-tls.mobileconfig [cleanbrowsing-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-https.mobileconfig [cleanbrowsing-family-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-family-tls.mobileconfig [cleanbrowsing-adult-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-https.mobileconfig [cleanbrowsing-adult-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-adult-tls.mobileconfig [cleanbrowsing-security-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-https.mobileconfig [cleanbrowsing-security-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cleanbrowsing-security-tls.mobileconfig -[cloudflare-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-https.mobileconfig -[cloudflare-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-tls.mobileconfig -[cloudflare-dns-security-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig -[cloudflare-dns-family-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig -[dnspod-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-https.mobileconfig -[dnspod-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-tls.mobileconfig -[fdn-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-https.mobileconfig -[fdn-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-tls.mobileconfig -[google-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-https.mobileconfig -[google-dns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-tls.mobileconfig -[keweondns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-https.mobileconfig -[keweondns-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-tls.mobileconfig -[mullvad-dns-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-https.mobileconfig -[mullvad-dns-adblock-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig -[opendns-standard-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-https.mobileconfig -[opendns-familyshield-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig -[quad9-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-https.mobileconfig -[quad9-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-tls.mobileconfig -[quad9-ecs-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig -[quad9-ecs-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig -[quad9-profile-unfiltered-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig -[quad9-profile-unfiltered-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig -[tiarap-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-https.mobileconfig -[tiarap-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-tls.mobileconfig -[dns4eu-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-https.mobileconfig -[dns4eu-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-tls.mobileconfig -[dns4eu-profile-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig -[dns4eu-profile-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig -[dns4eu-profile-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig -[dns4eu-profile-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig -[dns4eu-profile-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig -[dns4eu-profile-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig -[dns4eu-profile-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig -[dns4eu-profile-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig -[ffmuc-profile-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-https.mobileconfig -[ffmuc-profile-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmucdns-tls.mobileconfig +[cloudflare-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-https.mobileconfig +[cloudflare-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-default-tls.mobileconfig +[cloudflare-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-malware-https.mobileconfig +[cloudflare-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/cloudflare-family-https.mobileconfig +[dns4eu-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-https.mobileconfig +[dns4eu-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-default-tls.mobileconfig +[dns4eu-malware-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-https.mobileconfig +[dns4eu-malware-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-malware-tls.mobileconfig +[dns4eu-protective-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-https.mobileconfig +[dns4eu-protective-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-ads-tls.mobileconfig +[dns4eu-protective-child-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-https.mobileconfig +[dns4eu-protective-child-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-tls.mobileconfig +[dns4eu-protective-child-ads-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-https.mobileconfig +[dns4eu-protective-child-ads-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dns4eu-protective-child-ads-tls.mobileconfig +[dnspod-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-https.mobileconfig +[dnspod-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/dnspod-default-tls.mobileconfig +[fdn-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-https.mobileconfig +[fdn-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/fdn-default-tls.mobileconfig +[ffmuc-dns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-https.mobileconfig +[ffmuc-dns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/ffmuc-dns-default-tls.mobileconfig +[google-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-https.mobileconfig +[google-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/google-default-tls.mobileconfig +[keweondns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-https.mobileconfig +[keweondns-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/keweondns-default-tls.mobileconfig +[mullvad-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-default-https.mobileconfig +[mullvad-adblock-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/mullvad-adblock-https.mobileconfig +[opendns-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-default-https.mobileconfig +[opendns-family-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/opendns-family-https.mobileconfig +[quad9-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-https.mobileconfig +[quad9-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-default-tls.mobileconfig +[quad9-ECS-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-https.mobileconfig +[quad9-ECS-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-ECS-tls.mobileconfig +[quad9-nofilter-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-https.mobileconfig +[quad9-nofilter-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/quad9-nofilter-tls.mobileconfig +[tiarapp-default-https-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-https.mobileconfig +[tiarapp-default-tls-signed]: https://github.com/paulmillr/encrypted-dns/raw/master/signed/tiarapp-default-tls.mobileconfig diff --git a/certs/.gitkeep b/certs/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/package.json b/package.json index e293805..9c4a0f0 100644 --- a/package.json +++ b/package.json @@ -4,13 +4,14 @@ "type": "module", "scripts": { "build:clean": "rm -f signed/*.mobileconfig profiles/*.mobileconfig README*.md", - "build": "npm run build:clean && node scripts/build.ts", - "sign": "node scripts/sign.ts", - "new": "node scripts/new.ts", - "test": "node --experimental-strip-types --test scripts/new.test.ts scripts/sign-single.test.ts", - "format": "prettier --write \"src/*.json\" scripts/*.ts *.ts" + "build": "npm run build:clean && node src/scripts/build.ts", + "sign": "node src/scripts/sign.ts", + "new": "node src/scripts/new.ts", + "test": "node --experimental-strip-types --test src/scripts/new.test.ts src/scripts/sign-single.test.ts", + "format": "prettier --write \"src/*.json\" src/scripts/*.ts" }, "dependencies": { + "@noble/hashes": "2.0.1", "micro-key-producer": "0.8.5", "prettier": "3.6.2" } diff --git a/profiles/360-https.mobileconfig b/profiles/360-default-https.mobileconfig similarity index 68% rename from profiles/360-https.mobileconfig rename to profiles/360-default-https.mobileconfig index 0238e90..eee8e10 100644 --- a/profiles/360-https.mobileconfig +++ b/profiles/360-default-https.mobileconfig @@ -18,15 +18,15 @@ https://doh.360.cn/dns-query PayloadDescription - Configures device to use 360 Public Security DNS over HTTPS + Configures device to use 360 Security DNS Encrypted DNS over HTTPS PayloadDisplayName - 360 Public Security DNS over HTTPS + 360 Security DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.b399690d-2f24-5d4e-8e6b-1faedb2dcf0f + com.apple.dnsSettings.managed.fb138167-92eb-53a2-949b-b4c4f7c29e65 PayloadType com.apple.dnsSettings.managed PayloadUUID - B399690D-2F24-5D4E-8E6B-1FAEDB2DCF0F + FB138167-92EB-53A2-949B-B4C4F7C29E65 PayloadVersion 1 ProhibitDisablement @@ -34,9 +34,12 @@ PayloadDescription - Adds the 360 Public Security DNS over HTTPS to Big Sur and iOS 14 based systems + Configures device to use 360 Security DNS over HTTPS +Operated by 360 Digital Security Group. +Server location: 🇨🇳. +Filtering: yes PayloadDisplayName - 360 Public Security DNS over HTTPS + 360 Security DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -46,7 +49,7 @@ PayloadType Configuration PayloadUUID - 32955666-3542-5C76-B7E4-B8924A9D7572 + 8B0370F5-EAC9-5A92-B6DF-A0D3B9023F12 PayloadVersion 1 diff --git a/profiles/adguard-default-https.mobileconfig b/profiles/adguard-default-https.mobileconfig index 88661c0..cc70a9a 100644 --- a/profiles/adguard-default-https.mobileconfig +++ b/profiles/adguard-default-https.mobileconfig @@ -20,9 +20,9 @@ https://dns.adguard.com/dns-query PayloadDescription - Configures device to use Adguard Default Encrypted DNS over HTTPS + Configures device to use AdGuard DNS Default Encrypted DNS over HTTPS PayloadDisplayName - Adguard Default DNS over HTTPS + AdGuard DNS Default Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.e0484b82-bd95-5055-bce6-22ddb955f954 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Adguard Default DNS to Big Sur and iOS 14 based systems + Configures device to use AdGuard DNS Default over HTTPS +Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing. +Server location: 🇷🇺. +Filtering: yes PayloadDisplayName - Adguard Default DNS over HTTPS + AdGuard DNS Default Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/adguard-default-tls.mobileconfig b/profiles/adguard-default-tls.mobileconfig index 1dbce9b..651a414 100644 --- a/profiles/adguard-default-tls.mobileconfig +++ b/profiles/adguard-default-tls.mobileconfig @@ -20,9 +20,9 @@ dns.adguard.com PayloadDescription - Configures device to use Adguard Default Encrypted DNS over TLS + Configures device to use AdGuard DNS Default Encrypted DNS over TLS PayloadDisplayName - Adguard Default DNS over TLS + AdGuard DNS Default Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.d1c9922c-d540-5ffe-a181-9c3538691553 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Adguard Default DNS to Big Sur and iOS 14 based systems + Configures device to use AdGuard DNS Default over TLS +Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing. +Server location: 🇷🇺. +Filtering: yes PayloadDisplayName - Adguard Default DNS over TLS + AdGuard DNS Default Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/adguard-family-https.mobileconfig b/profiles/adguard-family-https.mobileconfig index 69d7547..dc79164 100644 --- a/profiles/adguard-family-https.mobileconfig +++ b/profiles/adguard-family-https.mobileconfig @@ -20,9 +20,9 @@ https://dns-family.adguard.com/dns-query PayloadDescription - Configures device to use AdGuard Family Protection Encrypted DNS over HTTPS + Configures device to use AdGuard DNS Family Protection Encrypted DNS over HTTPS PayloadDisplayName - AdGuard Family Protection DNS over HTTPS + AdGuard DNS Family Protection Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.0efea210-5662-5682-a598-eb1533476312 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the AdGuard Family Protection DNS to Big Sur and iOS 14 based systems + Configures device to use AdGuard DNS Family Protection over HTTPS +Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content. +Server location: 🇷🇺. +Filtering: yes PayloadDisplayName - AdGuard Family Protection DNS over HTTPS + AdGuard DNS Family Protection Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/adguard-family-tls.mobileconfig b/profiles/adguard-family-tls.mobileconfig index dfa6c8f..5de4136 100644 --- a/profiles/adguard-family-tls.mobileconfig +++ b/profiles/adguard-family-tls.mobileconfig @@ -20,9 +20,9 @@ dns-family.adguard.com PayloadDescription - Configures device to use AdGuard Family Protection Encrypted DNS over TLS + Configures device to use AdGuard DNS Family Protection Encrypted DNS over TLS PayloadDisplayName - AdGuard Family Protection DNS over TLS + AdGuard DNS Family Protection Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.613ad78c-05ce-5f51-b416-a6be4d086adb PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the AdGuard Family Protection DNS to Big Sur and iOS 14 based systems + Configures device to use AdGuard DNS Family Protection over TLS +Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content. +Server location: 🇷🇺. +Filtering: yes PayloadDisplayName - AdGuard Family Protection DNS over TLS + AdGuard DNS Family Protection Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/adguard-nofilter-https.mobileconfig b/profiles/adguard-nofilter-https.mobileconfig index 21c936f..b6430e6 100644 --- a/profiles/adguard-nofilter-https.mobileconfig +++ b/profiles/adguard-nofilter-https.mobileconfig @@ -20,9 +20,9 @@ https://dns-unfiltered.adguard.com/dns-query PayloadDescription - Configures device to use Adguard No Filter Encrypted DNS over TLS + Configures device to use AdGuard DNS Non-filtering Encrypted DNS over HTTPS PayloadDisplayName - Adguard No Filter over HTTPS + AdGuard DNS Non-filtering Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.b32f80e6-b0d2-52b0-9b6b-8daa173ed9ce PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Adguard No Filter to Big Sur and iOS 14 based systems + Configures device to use AdGuard DNS Non-filtering over HTTPS +Operated by AdGuard Software Ltd. Non-filtering. +Server location: 🇷🇺. +Filtering: no PayloadDisplayName - Adguard No Filter over HTTPS + AdGuard DNS Non-filtering Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/adguard-nofilter-tls.mobileconfig b/profiles/adguard-nofilter-tls.mobileconfig index dbf04ae..6bff81f 100644 --- a/profiles/adguard-nofilter-tls.mobileconfig +++ b/profiles/adguard-nofilter-tls.mobileconfig @@ -20,9 +20,9 @@ dns-unfiltered.adguard.com PayloadDescription - Configures device to use Adguard No Filter Encrypted DNS over TLS + Configures device to use AdGuard DNS Non-filtering Encrypted DNS over TLS PayloadDisplayName - Adguard No Filter over TLS + AdGuard DNS Non-filtering Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.967d8837-2749-5739-bd43-3ebe75d1ccc7 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Adguard No Filter to Big Sur and iOS 14 based systems + Configures device to use AdGuard DNS Non-filtering over TLS +Operated by AdGuard Software Ltd. Non-filtering. +Server location: 🇷🇺. +Filtering: no PayloadDisplayName - Adguard No Filter over TLS + AdGuard DNS Non-filtering Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/alekberg-https.mobileconfig b/profiles/alekberg-default-https.mobileconfig similarity index 70% rename from profiles/alekberg-https.mobileconfig rename to profiles/alekberg-default-https.mobileconfig index 9b17e82..fdee825 100644 --- a/profiles/alekberg-https.mobileconfig +++ b/profiles/alekberg-default-https.mobileconfig @@ -18,15 +18,15 @@ https://dnsnl.alekberg.net/dns-query PayloadDescription - Configures device to use Alekberg DNS over HTTPS (nl) + Configures device to use Alekberg Encrypted DNS Encrypted DNS over HTTPS PayloadDisplayName - Alekberg DNS over HTTPS (nl) + Alekberg Encrypted DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.081fa724-7333-5733-a4ed-194e3e9f1ad5 + com.apple.dnsSettings.managed.d27008e4-ecaa-5171-adcf-70bdc8c2351c PayloadType com.apple.dnsSettings.managed PayloadUUID - 081FA724-7333-5733-A4ED-194E3E9F1AD5 + D27008E4-ECAA-5171-ADCF-70BDC8C2351C PayloadVersion 1 ProhibitDisablement @@ -34,14 +34,17 @@ PayloadDescription - This profile enables Alekberg DNS over HTTPS located in Amsterdam (DNSSEC enabled) on all networks using the iOS 14 / macOS Big Sur Encrypted DNS feature. + Configures device to use Alekberg Encrypted DNS over HTTPS +Independent. +Server location: 🇳🇱. +Filtering: no ConsentText default Privacy policy: https://alekberg.net/privacy PayloadDisplayName - Alekberg DNS over HTTPS (nl) + Alekberg Encrypted DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -51,7 +54,7 @@ PayloadType Configuration PayloadUUID - 3BCA6F1A-25FD-59B9-8997-386560ED54A6 + EB4D5EF9-B4B4-56A6-9C3A-43EFD5A3C532 PayloadVersion 1 diff --git a/profiles/alibaba-https.mobileconfig b/profiles/alibaba-default-https.mobileconfig similarity index 69% rename from profiles/alibaba-https.mobileconfig rename to profiles/alibaba-default-https.mobileconfig index 062a8c8..a8c1492 100644 --- a/profiles/alibaba-https.mobileconfig +++ b/profiles/alibaba-default-https.mobileconfig @@ -20,15 +20,15 @@ https://dns.alidns.com/dns-query PayloadDescription - Configures device to use AliDNS Encrypted DNS over TLS + Configures device to use Aliyun Public DNS Encrypted DNS over HTTPS PayloadDisplayName - AliDNS DNS over HTTPS + Aliyun Public DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.628022a4-60d9-57d7-8fd2-5feb4de86bf2 + com.apple.dnsSettings.managed.5311493a-61cc-56dd-bf44-6702dcfb3964 PayloadType com.apple.dnsSettings.managed PayloadUUID - 628022A4-60D9-57D7-8FD2-5FEB4DE86BF2 + 5311493A-61CC-56DD-BF44-6702DCFB3964 PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the AliDNS to Big Sur and iOS 14 based systems + Configures device to use Aliyun Public DNS over HTTPS +Operated by Alibaba Cloud Ltd. +Server location: 🇨🇳. +Filtering: no PayloadDisplayName - AliDNS over HTTPS + Aliyun Public DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - E826D360-4317-56A8-BDBF-BBF52811B4CA + 3730DCE6-C68A-5D19-9D70-D7727B9318AB PayloadVersion 1 diff --git a/profiles/alibaba-tls.mobileconfig b/profiles/alibaba-default-tls.mobileconfig similarity index 69% rename from profiles/alibaba-tls.mobileconfig rename to profiles/alibaba-default-tls.mobileconfig index 2ef40f5..7b16710 100644 --- a/profiles/alibaba-tls.mobileconfig +++ b/profiles/alibaba-default-tls.mobileconfig @@ -20,15 +20,15 @@ dns.alidns.com PayloadDescription - Configures device to use AliDNS Encrypted DNS over TLS + Configures device to use Aliyun Public DNS Encrypted DNS over TLS PayloadDisplayName - AliDNS DNS over TLS + Aliyun Public DNS Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.2f3e8ca8-7351-5a2e-b6b6-2293632709ea + com.apple.dnsSettings.managed.2950c71c-1478-5c77-b58b-e3be44f2f4cc PayloadType com.apple.dnsSettings.managed PayloadUUID - 2F3E8CA8-7351-5A2E-B6B6-2293632709EA + 2950C71C-1478-5C77-B58B-E3BE44F2F4CC PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the AliDNS to Big Sur and iOS 14 based systems + Configures device to use Aliyun Public DNS over TLS +Operated by Alibaba Cloud Ltd. +Server location: 🇨🇳. +Filtering: no PayloadDisplayName - AliDNS over TLS + Aliyun Public DNS Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 623E4324-F2F1-5B6C-8BE1-5042663750FE + B3571C63-5980-585A-B65C-51CC145498CE PayloadVersion 1 diff --git a/profiles/blahdns-cdn-adblock-https.mobileconfig b/profiles/blahdns-cdn-adblock-https.mobileconfig index bb4a84a..43d326f 100644 --- a/profiles/blahdns-cdn-adblock-https.mobileconfig +++ b/profiles/blahdns-cdn-adblock-https.mobileconfig @@ -13,9 +13,9 @@ https://doh1.blahdns.com/dns-query PayloadDescription - Configures device to use BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + Configures device to use BlahDNS CDN Filtered Encrypted DNS over HTTPS PayloadDisplayName - BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + BlahDNS CDN Filtered Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.81f9f40a-545c-5c09-bc7a-55957bda3333 PayloadType @@ -29,7 +29,10 @@ PayloadDescription - This profile enables BlahDNS (CDN / Adblock / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + Configures device to use BlahDNS CDN Filtered over HTTPS +Independent. Blocks ads, tracking & malware. +Server location: 🇺🇸. +Filtering: yes ConsentText default @@ -37,7 +40,7 @@ https://blahdns.com PayloadDisplayName - BlahDNS (CDN / Adblock / Primary) DNS over HTTPS + BlahDNS CDN Filtered Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/blahdns-cdn-unfiltered-https.mobileconfig b/profiles/blahdns-cdn-unfiltered-https.mobileconfig index 774d048..05b6157 100644 --- a/profiles/blahdns-cdn-unfiltered-https.mobileconfig +++ b/profiles/blahdns-cdn-unfiltered-https.mobileconfig @@ -13,9 +13,9 @@ https://doh1.blahdns.com/uncensor PayloadDescription - Configures device to use BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + Configures device to use BlahDNS CDN Unfiltered Encrypted DNS over HTTPS PayloadDisplayName - BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + BlahDNS CDN Unfiltered Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.68a187fb-09ed-583d-90e8-86768d65ec77 PayloadType @@ -29,7 +29,10 @@ PayloadDescription - This profile enables BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + Configures device to use BlahDNS CDN Unfiltered over HTTPS +Independent. Non-filtering. +Server location: 🇺🇸. +Filtering: no ConsentText default @@ -37,7 +40,7 @@ https://blahdns.com PayloadDisplayName - BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS + BlahDNS CDN Unfiltered Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/blahdns-germany-https.mobileconfig b/profiles/blahdns-germany-https.mobileconfig index edd0a6f..104e69a 100644 --- a/profiles/blahdns-germany-https.mobileconfig +++ b/profiles/blahdns-germany-https.mobileconfig @@ -18,9 +18,9 @@ https://doh-de.blahdns.com/dns-query PayloadDescription - Configures device to use BlahDNS (Germany) DNS over HTTPS + Configures device to use BlahDNS Germany Encrypted DNS over HTTPS PayloadDisplayName - BlahDNS (Germany) DNS over HTTPS + BlahDNS Germany Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.f6244097-4c9c-5f50-9957-173c9262c5ac PayloadType @@ -34,7 +34,10 @@ PayloadDescription - This profile enables BlahDNS (Germany) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + Configures device to use BlahDNS Germany over HTTPS +Independent. Blocks ads, tracking & malware. +Server location: 🇩🇪. +Filtering: yes ConsentText default @@ -42,7 +45,7 @@ https://blahdns.com PayloadDisplayName - BlahDNS (Germany) DNS over HTTPS + BlahDNS Germany Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/blahdns-singapore-https.mobileconfig b/profiles/blahdns-singapore-https.mobileconfig index b5ab5c0..9be3d28 100644 --- a/profiles/blahdns-singapore-https.mobileconfig +++ b/profiles/blahdns-singapore-https.mobileconfig @@ -18,9 +18,9 @@ https://doh-sg.blahdns.com/dns-query PayloadDescription - Configures device to use BlahDNS (Singapore) DNS over HTTPS + Configures device to use BlahDNS Singapore Encrypted DNS over HTTPS PayloadDisplayName - BlahDNS (Singapore) DNS over HTTPS + BlahDNS Singapore Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.d1976481-acaa-5aa7-bd8f-2a8de37caab9 PayloadType @@ -34,7 +34,10 @@ PayloadDescription - This profile enables BlahDNS (Singapore) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature. + Configures device to use BlahDNS Singapore over HTTPS +Independent. Blocks ads, tracking & malware. +Server location: 🇸🇬. +Filtering: yes ConsentText default @@ -42,7 +45,7 @@ https://blahdns.com PayloadDisplayName - BlahDNS (Singapore) DNS over HTTPS + BlahDNS Singapore Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/canadianshield-family-https.mobileconfig b/profiles/canadianshield-family-https.mobileconfig index 35eea08..a4528d8 100644 --- a/profiles/canadianshield-family-https.mobileconfig +++ b/profiles/canadianshield-family-https.mobileconfig @@ -20,9 +20,9 @@ https://family.canadianshield.cira.ca/dns-query PayloadDescription - Configures device to use Canadian Shield Encrypted DNS over HTTPS + Configures device to use Canadian Shield Family Encrypted DNS over HTTPS PayloadDisplayName - Canadian Shield DNS over HTTPS + Canadian Shield Family Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.66866361-cb2d-5332-988f-b83b18a3e4b6 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems + Configures device to use Canadian Shield Family over HTTPS +Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content. +Server location: 🇨🇦. +Filtering: yes PayloadDisplayName - Canadian Shield DNS over HTTPS + Canadian Shield Family Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/canadianshield-family-tls.mobileconfig b/profiles/canadianshield-family-tls.mobileconfig index 45f4781..da362cb 100644 --- a/profiles/canadianshield-family-tls.mobileconfig +++ b/profiles/canadianshield-family-tls.mobileconfig @@ -20,9 +20,9 @@ family.canadianshield.cira.ca PayloadDescription - Configures device to use Canadian Shield Encrypted DNS over TLS + Configures device to use Canadian Shield Family Encrypted DNS over TLS PayloadDisplayName - Canadian Shield DNS over TLS + Canadian Shield Family Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.f39a4c45-f272-5414-bcbb-04a393575ee1 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems + Configures device to use Canadian Shield Family over TLS +Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content. +Server location: 🇨🇦. +Filtering: yes PayloadDisplayName - Canadian Shield DNS over TLS + Canadian Shield Family Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/canadianshield-private-https.mobileconfig b/profiles/canadianshield-private-https.mobileconfig index 19654ab..91f9b4d 100644 --- a/profiles/canadianshield-private-https.mobileconfig +++ b/profiles/canadianshield-private-https.mobileconfig @@ -20,9 +20,9 @@ https://private.canadianshield.cira.ca/dns-query PayloadDescription - Configures device to use Canadian Shield Encrypted DNS over HTTPS + Configures device to use Canadian Shield Private Encrypted DNS over HTTPS PayloadDisplayName - Canadian Shield DNS over HTTPS + Canadian Shield Private Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.df3591d5-693b-57b6-9c73-0f7eb396a96b PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems + Configures device to use Canadian Shield Private over HTTPS +Operated by the Canadian Internet Registration Authority (CIRA). +Server location: 🇨🇦. +Filtering: no PayloadDisplayName - Canadian Shield DNS over HTTPS + Canadian Shield Private Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/canadianshield-private-tls.mobileconfig b/profiles/canadianshield-private-tls.mobileconfig index b0c4745..950283a 100644 --- a/profiles/canadianshield-private-tls.mobileconfig +++ b/profiles/canadianshield-private-tls.mobileconfig @@ -20,9 +20,9 @@ private.canadianshield.cira.ca PayloadDescription - Configures device to use Canadian Shield Encrypted DNS over TLS + Configures device to use Canadian Shield Private Encrypted DNS over TLS PayloadDisplayName - Canadian Shield DNS over TLS + Canadian Shield Private Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.0af0ebba-7a17-52f0-bc99-915fad31fee6 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems + Configures device to use Canadian Shield Private over TLS +Operated by the Canadian Internet Registration Authority (CIRA). +Server location: 🇨🇦. +Filtering: no PayloadDisplayName - Canadian Shield DNS over TLS + Canadian Shield Private Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/canadianshield-protected-https.mobileconfig b/profiles/canadianshield-protected-https.mobileconfig index ff155f4..fc20658 100644 --- a/profiles/canadianshield-protected-https.mobileconfig +++ b/profiles/canadianshield-protected-https.mobileconfig @@ -20,9 +20,9 @@ https://protected.canadianshield.cira.ca/dns-query PayloadDescription - Configures device to use Canadian Shield Encrypted DNS over HTTPS + Configures device to use Canadian Shield Protected Encrypted DNS over HTTPS PayloadDisplayName - Canadian Shield DNS over HTTPS + Canadian Shield Protected Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.66f3663e-cbbe-53af-ae6f-78bde855ad79 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems + Configures device to use Canadian Shield Protected over HTTPS +Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing. +Server location: 🇨🇦. +Filtering: yes PayloadDisplayName - Canadian Shield DNS over HTTPS + Canadian Shield Protected Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/canadianshield-protected-tls.mobileconfig b/profiles/canadianshield-protected-tls.mobileconfig index 451c016..1052340 100644 --- a/profiles/canadianshield-protected-tls.mobileconfig +++ b/profiles/canadianshield-protected-tls.mobileconfig @@ -20,9 +20,9 @@ protected.canadianshield.cira.ca PayloadDescription - Configures device to use Canadian Shield Encrypted DNS over TLS + Configures device to use Canadian Shield Protected Encrypted DNS over TLS PayloadDisplayName - Canadian Shield DNS over TLS + Canadian Shield Protected Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.3b381320-92e4-5db9-b632-7b5f6f52582b PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Canadian Shield DNS to Big Sur and iOS 14 based systems + Configures device to use Canadian Shield Protected over TLS +Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing. +Server location: 🇨🇦. +Filtering: yes PayloadDisplayName - Canadian Shield DNS over TLS + Canadian Shield Protected Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cleanbrowsing-adult-https.mobileconfig b/profiles/cleanbrowsing-adult-https.mobileconfig index 7010448..c2c49ad 100644 --- a/profiles/cleanbrowsing-adult-https.mobileconfig +++ b/profiles/cleanbrowsing-adult-https.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over HTTPS PayloadDisplayName - Cleanbrowsing Adult Filter DNS over HTTPS + Cleanbrowsing Adult Filter Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.11607628-2525-55f8-8f2c-c1d7b68b3ff9 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cleanbrowsing Adult Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Cleanbrowsing Adult Filter over HTTPS +Filters malware & adult content. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cleanbrowsing Adult DNS over HTTPS + Cleanbrowsing Adult Filter Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cleanbrowsing-adult-tls.mobileconfig b/profiles/cleanbrowsing-adult-tls.mobileconfig index 3246cd8..fefb542 100644 --- a/profiles/cleanbrowsing-adult-tls.mobileconfig +++ b/profiles/cleanbrowsing-adult-tls.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over TLS PayloadDisplayName - Cleanbrowsing Adult Filter DNS over TLS + Cleanbrowsing Adult Filter Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.121e1333-1810-5b62-aae2-06711e8582a8 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cleanbrowsing Adult Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Cleanbrowsing Adult Filter over TLS +Filters malware & adult content. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cleanbrowsing Adult DNS over TLS + Cleanbrowsing Adult Filter Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cleanbrowsing-family-https.mobileconfig b/profiles/cleanbrowsing-family-https.mobileconfig index 561a6ff..44e66bf 100644 --- a/profiles/cleanbrowsing-family-https.mobileconfig +++ b/profiles/cleanbrowsing-family-https.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use Cleanbrowsing Family Filter Encrypted DNS over HTTPS PayloadDisplayName - Cleanbrowsing Family Filter DNS over HTTPS + Cleanbrowsing Family Filter Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.412fd71d-9aea-513e-a745-17475f60376b PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cleanbrowsing Family Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Cleanbrowsing Family Filter over HTTPS +Filters malware & adult, mixed content. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cleanbrowsing Family DNS over HTTPS + Cleanbrowsing Family Filter Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cleanbrowsing-family-tls.mobileconfig b/profiles/cleanbrowsing-family-tls.mobileconfig index b9e44dc..0bf6159 100644 --- a/profiles/cleanbrowsing-family-tls.mobileconfig +++ b/profiles/cleanbrowsing-family-tls.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use Cleanbrowsing Family Filter Encrypted DNS over TLS PayloadDisplayName - Cleanbrowsing Family Filter DNS over TLS + Cleanbrowsing Family Filter Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.ae17eab7-deb2-547f-b6a9-03b71df2ea45 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cleanbrowsing Family Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Cleanbrowsing Family Filter over TLS +Filters malware & adult, mixed content. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cleanbrowsing Family DNS over TLS + Cleanbrowsing Family Filter Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cleanbrowsing-security-https.mobileconfig b/profiles/cleanbrowsing-security-https.mobileconfig index 3326166..495dacb 100644 --- a/profiles/cleanbrowsing-security-https.mobileconfig +++ b/profiles/cleanbrowsing-security-https.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use Cleanbrowsing Security Filter Encrypted DNS over HTTPS PayloadDisplayName - Cleanbrowsing Security Filter DNS over HTTPS + Cleanbrowsing Security Filter Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.de112623-e567-556a-a5ef-d89ca497ec27 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cleanbrowsing Security Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Cleanbrowsing Security Filter over HTTPS +Filters malware. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cleanbrowsing Security DNS over HTTPS + Cleanbrowsing Security Filter Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cleanbrowsing-security-tls.mobileconfig b/profiles/cleanbrowsing-security-tls.mobileconfig index d8fc360..5aa3daa 100644 --- a/profiles/cleanbrowsing-security-tls.mobileconfig +++ b/profiles/cleanbrowsing-security-tls.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use Cleanbrowsing Security Filter Encrypted DNS over TLS PayloadDisplayName - Cleanbrowsing Security Filter DNS over TLS + Cleanbrowsing Security Filter Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.a35a5934-ac4d-576a-9abc-d457e4bb083f PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cleanbrowsing Security Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Cleanbrowsing Security Filter over TLS +Filters malware. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cleanbrowsing Security DNS over TLS + Cleanbrowsing Security Filter Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cloudflare-https.mobileconfig b/profiles/cloudflare-default-https.mobileconfig similarity index 70% rename from profiles/cloudflare-https.mobileconfig rename to profiles/cloudflare-default-https.mobileconfig index 80de124..bbe0345 100644 --- a/profiles/cloudflare-https.mobileconfig +++ b/profiles/cloudflare-default-https.mobileconfig @@ -20,15 +20,15 @@ https://cloudflare-dns.com/dns-query PayloadDescription - Configures device to use Cloudflare Encrypted DNS over HTTPS + Configures device to use Cloudflare 1.1.1.1 Encrypted DNS over HTTPS PayloadDisplayName - Cloudflare DNS over HTTPS + Cloudflare 1.1.1.1 Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.a622f1ba-d83a-5bf5-94cc-d1efb194c1ad + com.apple.dnsSettings.managed.095ae5f2-a34c-5a91-9661-f102d0bf6f22 PayloadType com.apple.dnsSettings.managed PayloadUUID - A622F1BA-D83A-5BF5-94CC-D1EFB194C1AD + 095AE5F2-A34C-5A91-9661-F102D0BF6F22 PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cloudflare DNS to Big Sur and iOS 14 based systems + Configures device to use Cloudflare 1.1.1.1 over HTTPS +Operated by Cloudflare Inc. +Server location: 🇺🇸. +Filtering: no PayloadDisplayName - Cloudflare DNS over HTTPS + Cloudflare 1.1.1.1 Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 4C580C46-17EE-5AD4-9F74-E4456C60B5F3 + 2035BD92-4191-539D-B6B9-28112A9E44DB PayloadVersion 1 diff --git a/profiles/cloudflare-tls.mobileconfig b/profiles/cloudflare-default-tls.mobileconfig similarity index 69% rename from profiles/cloudflare-tls.mobileconfig rename to profiles/cloudflare-default-tls.mobileconfig index b736a24..d82fb53 100644 --- a/profiles/cloudflare-tls.mobileconfig +++ b/profiles/cloudflare-default-tls.mobileconfig @@ -20,15 +20,15 @@ one.one.one.one PayloadDescription - Configures device to use Cloudflare Encrypted DNS over TLS + Configures device to use Cloudflare 1.1.1.1 Encrypted DNS over TLS PayloadDisplayName - Cloudflare DNS over TLS + Cloudflare 1.1.1.1 Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.c175937c-0992-5986-9710-d62101aa14e2 + com.apple.dnsSettings.managed.a5c1862e-358b-5ca9-948e-9e99a53551c4 PayloadType com.apple.dnsSettings.managed PayloadUUID - C175937C-0992-5986-9710-D62101AA14E2 + A5C1862E-358B-5CA9-948E-9E99A53551C4 PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cloudflare DNS to Big Sur and iOS 14 based systems + Configures device to use Cloudflare 1.1.1.1 over TLS +Operated by Cloudflare Inc. +Server location: 🇺🇸. +Filtering: no PayloadDisplayName - Cloudflare DNS over TLS + Cloudflare 1.1.1.1 Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 39F27C9C-76F9-58A4-BF49-7E74B397C3AD + 00EE7325-8FA5-570B-82B5-3D98A33306F7 PayloadVersion 1 diff --git a/profiles/cloudflare-family-https.mobileconfig b/profiles/cloudflare-family-https.mobileconfig index fb6a62b..222d6cd 100644 --- a/profiles/cloudflare-family-https.mobileconfig +++ b/profiles/cloudflare-family-https.mobileconfig @@ -20,9 +20,9 @@ https://family.cloudflare-dns.com/dns-query PayloadDescription - Configures device to use Cloudflare Family Encrypted DNS over HTTPS + Configures device to use Cloudflare 1.1.1.1 Family Encrypted DNS over HTTPS PayloadDisplayName - Cloudflare Family DNS over HTTPS + Cloudflare 1.1.1.1 Family Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.a0655c38-5f1b-5fff-81f5-a8db009bd2b6 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cloudflare DNS to Big Sur and iOS 14 based systems + Configures device to use Cloudflare 1.1.1.1 Family over HTTPS +Operated by Cloudflare Inc. Blocks malware, phishing & adult content. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cloudflare Family DNS over HTTPS + Cloudflare 1.1.1.1 Family Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/cloudflare-malware-https.mobileconfig b/profiles/cloudflare-malware-https.mobileconfig index 1f725ca..8b0d7cb 100644 --- a/profiles/cloudflare-malware-https.mobileconfig +++ b/profiles/cloudflare-malware-https.mobileconfig @@ -20,9 +20,9 @@ https://security.cloudflare-dns.com/dns-query PayloadDescription - Configures device to use Cloudflare no Malware Encrypted DNS over HTTPS + Configures device to use Cloudflare 1.1.1.1 Security Encrypted DNS over HTTPS PayloadDisplayName - Cloudflare no Malware DNS over HTTPS + Cloudflare 1.1.1.1 Security Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.e82f3188-9d25-5418-b532-005fc733395d PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Cloudflare no Malware DNS to Big Sur and iOS 14 based systems + Configures device to use Cloudflare 1.1.1.1 Security over HTTPS +Operated by Cloudflare Inc. Blocks malware & phishing. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - Cloudflare no Malware DNS over HTTPS + Cloudflare 1.1.1.1 Security Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/dns4eu-https.mobileconfig b/profiles/dns4eu-default-https.mobileconfig similarity index 78% rename from profiles/dns4eu-https.mobileconfig rename to profiles/dns4eu-default-https.mobileconfig index 47998c6..0d2db1e 100644 --- a/profiles/dns4eu-https.mobileconfig +++ b/profiles/dns4eu-default-https.mobileconfig @@ -22,13 +22,13 @@ PayloadDescription Configures device to use DNS4EU Encrypted DNS over HTTPS PayloadDisplayName - DNS4EU DNS over HTTPS + DNS4EU Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.396fd0be-2549-58f2-9d0f-985a83d45a6d + com.apple.dnsSettings.managed.8f35bc77-18dd-5233-a8ee-fbc3fd0b76e0 PayloadType com.apple.dnsSettings.managed PayloadUUID - 396FD0BE-2549-58F2-9D0F-985A83D45A6D + 8F35BC77-18DD-5233-A8EE-FBC3FD0B76E0 PayloadVersion 1 ProhibitDisablement @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU over HTTPS +Operated by a consortium lead by Whalebone. +Server location: 🇨🇿. +Filtering: no PayloadDisplayName DNS4EU Encrypted DNS over HTTPS PayloadIdentifier @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 95A242BB-7152-5CDD-8A90-B74649CDF200 + 5A30346F-9BFF-55B3-93E8-7623B9089F52 PayloadVersion 1 diff --git a/profiles/dns4eu-tls.mobileconfig b/profiles/dns4eu-default-tls.mobileconfig similarity index 74% rename from profiles/dns4eu-tls.mobileconfig rename to profiles/dns4eu-default-tls.mobileconfig index 1d433ef..1ecc84d 100644 --- a/profiles/dns4eu-tls.mobileconfig +++ b/profiles/dns4eu-default-tls.mobileconfig @@ -20,15 +20,15 @@ unfiltered.joindns4.eu PayloadDescription - Configures device to use DNS4EU Encrypted DNS over HTTPS + Configures device to use DNS4EU Encrypted DNS over TLS PayloadDisplayName - DNS4EU DNS over TLS + DNS4EU Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.c95cadb2-d735-5267-a164-0e091c0ea6a8 + com.apple.dnsSettings.managed.1b655f2b-5fd9-5c82-92eb-defef98cbd17 PayloadType com.apple.dnsSettings.managed PayloadUUID - C95CADB2-D735-5267-A164-0E091C0EA6A8 + 1B655F2B-5FD9-5C82-92EB-DEFEF98CBD17 PayloadVersion 1 ProhibitDisablement @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU over TLS +Operated by a consortium lead by Whalebone. +Server location: 🇨🇿. +Filtering: no PayloadDisplayName DNS4EU Encrypted DNS over TLS PayloadIdentifier @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 8F3A0C0C-69E0-5023-BF3C-A59666D19730 + 49FE26A9-C6EE-51AB-9380-C98AECD3FE27 PayloadVersion 1 diff --git a/profiles/dns4eu-malware-https.mobileconfig b/profiles/dns4eu-malware-https.mobileconfig index fc22e0c..f92df32 100644 --- a/profiles/dns4eu-malware-https.mobileconfig +++ b/profiles/dns4eu-malware-https.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use DNS4EU Protective Encrypted DNS over HTTPS PayloadDisplayName - DNS4EU Protective DNS over HTTPS + DNS4EU Protective Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.2baa4a86-3f38-5158-abca-f153366d84e4 PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective over HTTPS +Operated by a consortium lead by Whalebone. Blocks Malware. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective Encrypted DNS over HTTPS PayloadIdentifier diff --git a/profiles/dns4eu-malware-tls.mobileconfig b/profiles/dns4eu-malware-tls.mobileconfig index ef0ba1b..9ee16d4 100644 --- a/profiles/dns4eu-malware-tls.mobileconfig +++ b/profiles/dns4eu-malware-tls.mobileconfig @@ -20,9 +20,9 @@ protective.joindns4.eu PayloadDescription - Configures device to use DNS4EU Protective Encrypted DNS over HTTPS + Configures device to use DNS4EU Protective Encrypted DNS over TLS PayloadDisplayName - DNS4EU Protective DNS over TLS + DNS4EU Protective Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.2337132d-17ea-5aa9-8322-5fe5c305d930 PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective over TLS +Operated by a consortium lead by Whalebone. Blocks Malware. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective Encrypted DNS over TLS PayloadIdentifier diff --git a/profiles/dns4eu-protective-ads-https.mobileconfig b/profiles/dns4eu-protective-ads-https.mobileconfig index 2e0441d..1cede54 100644 --- a/profiles/dns4eu-protective-ads-https.mobileconfig +++ b/profiles/dns4eu-protective-ads-https.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS PayloadDisplayName - DNS4EU Protective ad-blocking DNS over HTTPS + DNS4EU Protective ad-blocking Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.468a13d5-803a-56dd-acf2-293ed817ef9a PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective ad-blocking DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective ad-blocking over HTTPS +Operated by a consortium lead by Whalebone. Blocks Malware and Ads. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective ad-blocking Encrypted DNS over HTTPS PayloadIdentifier diff --git a/profiles/dns4eu-protective-ads-tls.mobileconfig b/profiles/dns4eu-protective-ads-tls.mobileconfig index 660f70c..2633555 100644 --- a/profiles/dns4eu-protective-ads-tls.mobileconfig +++ b/profiles/dns4eu-protective-ads-tls.mobileconfig @@ -20,9 +20,9 @@ noads.joindns4.eu PayloadDescription - Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS + Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over TLS PayloadDisplayName - DNS4EU Protective ad-blocking DNS over TLS + DNS4EU Protective ad-blocking Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.bef794eb-fb3f-5f69-8727-926f4ed9c07a PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective ad-blocking DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective ad-blocking over TLS +Operated by a consortium lead by Whalebone. Blocks Malware and Ads. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective ad-blocking Encrypted DNS over TLS PayloadIdentifier diff --git a/profiles/dns4eu-protective-child-ads-https.mobileconfig b/profiles/dns4eu-protective-child-ads-https.mobileconfig index 2b60f45..ca12a69 100644 --- a/profiles/dns4eu-protective-child-ads-https.mobileconfig +++ b/profiles/dns4eu-protective-child-ads-https.mobileconfig @@ -20,9 +20,9 @@ https://child-noads.joindns4.eu/dns-query PayloadDescription - Configures device to use DNS4EU Protective with child protection & ad-blocking DNS over HTTPS + Configures device to use DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS PayloadDisplayName - DNS4EU Protective with child protection & ad-blocking DNS over HTTPS + DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.f4a5e1c6-d82e-5000-a7bb-678a20116896 PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective with child protection & ad-blocking DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective with child protection & ad-blocking over HTTPS +Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS PayloadIdentifier diff --git a/profiles/dns4eu-protective-child-ads-tls.mobileconfig b/profiles/dns4eu-protective-child-ads-tls.mobileconfig index 7df8a74..1d21f79 100644 --- a/profiles/dns4eu-protective-child-ads-tls.mobileconfig +++ b/profiles/dns4eu-protective-child-ads-tls.mobileconfig @@ -20,9 +20,9 @@ child-noads.joindns4.eu PayloadDescription - Configures device to use DNS4EU Protective with child protection & ad-blocking DNS over TLS + Configures device to use DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS PayloadDisplayName - DNS4EU Protective with child protection & ad-blocking DNS over TLS + DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.8455f0bd-16e3-5d43-9a57-8e83e22499c1 PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective with child protection & ad-blocking DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective with child protection & ad-blocking over TLS +Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS PayloadIdentifier diff --git a/profiles/dns4eu-protective-child-https.mobileconfig b/profiles/dns4eu-protective-child-https.mobileconfig index 83bfe0c..7d856d9 100644 --- a/profiles/dns4eu-protective-child-https.mobileconfig +++ b/profiles/dns4eu-protective-child-https.mobileconfig @@ -22,7 +22,7 @@ PayloadDescription Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS PayloadDisplayName - DNS4EU Protective with child protection DNS over HTTPS + DNS4EU Protective with child protection Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.a4b449c5-9ca9-58d0-b156-1cb329b9180e PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective with child protection DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective with child protection over HTTPS +Operated by a consortium lead by Whalebone. Blocks malware and explicit content. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective with child protection Encrypted DNS over HTTPS PayloadIdentifier diff --git a/profiles/dns4eu-protective-child-tls.mobileconfig b/profiles/dns4eu-protective-child-tls.mobileconfig index 9ebcf36..43028f5 100644 --- a/profiles/dns4eu-protective-child-tls.mobileconfig +++ b/profiles/dns4eu-protective-child-tls.mobileconfig @@ -20,9 +20,9 @@ child.joindns4.eu PayloadDescription - Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS + Configures device to use DNS4EU Protective with child protection Encrypted DNS over TLS PayloadDisplayName - DNS4EU Protective with child protection DNS over TLS + DNS4EU Protective with child protection Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.27f84837-064b-5f9d-abd5-10b69f7c63d5 PayloadType @@ -36,7 +36,10 @@ PayloadDescription - Adds the DNS4EU Protective with child protection DNS to Big Sur and iOS 14 based systems + Configures device to use DNS4EU Protective with child protection over TLS +Operated by a consortium lead by Whalebone. Blocks malware and explicit content. +Server location: 🇨🇿. +Filtering: yes PayloadDisplayName DNS4EU Protective with child protection Encrypted DNS over TLS PayloadIdentifier diff --git a/profiles/dnspod-https.mobileconfig b/profiles/dnspod-default-https.mobileconfig similarity index 67% rename from profiles/dnspod-https.mobileconfig rename to profiles/dnspod-default-https.mobileconfig index 66dc576..3e2fcbb 100644 --- a/profiles/dnspod-https.mobileconfig +++ b/profiles/dnspod-default-https.mobileconfig @@ -18,15 +18,15 @@ https://doh.pub/dns-query PayloadDescription - Configures device to use DNSPod Encrypted DNS over HTTPS + Configures device to use DNSPod Public DNS Encrypted DNS over HTTPS PayloadDisplayName - DNSPod over HTTPS + DNSPod Public DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.4a92b66e-27f0-52cc-97fe-7f275afb211e + com.apple.dnsSettings.managed.1d985f7e-00d8-5690-a941-dc8b11b70ffe PayloadType com.apple.dnsSettings.managed PayloadUUID - 4A92B66E-27F0-52CC-97FE-7F275AFB211E + 1D985F7E-00D8-5690-A941-DC8B11B70FFE PayloadVersion 1 ProhibitDisablement @@ -34,9 +34,12 @@ PayloadDescription - Adds the DNSPod to Big Sur and iOS 14 based systems + Configures device to use DNSPod Public DNS over HTTPS +Operated by DNSPod Inc., a Tencent Cloud Company. +Server location: 🇨🇳. +Filtering: no PayloadDisplayName - DNSPod over HTTPS + DNSPod Public DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -46,7 +49,7 @@ PayloadType Configuration PayloadUUID - 20FA0DC1-8E44-56BA-8973-7433CDF62E7F + 41267ACC-F253-579C-8F01-9B93DACBCA25 PayloadVersion 1 diff --git a/profiles/dnspod-tls.mobileconfig b/profiles/dnspod-default-tls.mobileconfig similarity index 67% rename from profiles/dnspod-tls.mobileconfig rename to profiles/dnspod-default-tls.mobileconfig index 0b8c2f5..49582fa 100644 --- a/profiles/dnspod-tls.mobileconfig +++ b/profiles/dnspod-default-tls.mobileconfig @@ -18,15 +18,15 @@ dot.pub PayloadDescription - Configures device to use DNSPod Encrypted DNS over TLS + Configures device to use DNSPod Public DNS Encrypted DNS over TLS PayloadDisplayName - DNSPod over TLS + DNSPod Public DNS Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.9ed9e9c2-8d89-5392-88ed-f87b311b8fe6 + com.apple.dnsSettings.managed.64ecbaaa-b2da-542e-8d8b-9f2cbd1037ed PayloadType com.apple.dnsSettings.managed PayloadUUID - 9ED9E9C2-8D89-5392-88ED-F87B311B8FE6 + 64ECBAAA-B2DA-542E-8D8B-9F2CBD1037ED PayloadVersion 1 ProhibitDisablement @@ -34,9 +34,12 @@ PayloadDescription - Adds the DNSPod to Big Sur and iOS 14 based systems + Configures device to use DNSPod Public DNS over TLS +Operated by DNSPod Inc., a Tencent Cloud Company. +Server location: 🇨🇳. +Filtering: no PayloadDisplayName - DNSPod over TLS + DNSPod Public DNS Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -46,7 +49,7 @@ PayloadType Configuration PayloadUUID - 511E6BB6-E99D-5045-A281-E8390F9C188C + 430A7431-572F-5FA3-B347-FE77E300234D PayloadVersion 1 diff --git a/profiles/fdn-https.mobileconfig b/profiles/fdn-default-https.mobileconfig similarity index 74% rename from profiles/fdn-https.mobileconfig rename to profiles/fdn-default-https.mobileconfig index 581ad39..e9f7419 100644 --- a/profiles/fdn-https.mobileconfig +++ b/profiles/fdn-default-https.mobileconfig @@ -20,15 +20,15 @@ https://ns0.fdn.fr/dns-query PayloadDescription - Configures device to use Google Encrypted DNS over HTTPS + Configures device to use FDN Encrypted DNS over HTTPS PayloadDisplayName - FDN DNS over HTTPS + FDN Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.53520e35-5994-52bb-aa82-bde0a6061ec9 + com.apple.dnsSettings.managed.c56afe2b-9a39-5a08-968f-c6c5e3c9c1c1 PayloadType com.apple.dnsSettings.managed PayloadUUID - 53520E35-5994-52BB-AA82-BDE0A6061EC9 + C56AFE2B-9A39-5A08-968F-C6C5E3C9C1C1 PayloadVersion 1 ProhibitDisablement @@ -36,7 +36,10 @@ PayloadDescription - Adds the FDN DNS to Big Sur and iOS 14 based systems + Configures device to use FDN over HTTPS +Operated by French Data Network. +Server location: 🇫🇷. +Filtering: no PayloadDisplayName FDN Encrypted DNS over HTTPS PayloadIdentifier @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 426D33EA-3B8B-5E59-AB91-56CF5EC6AFCC + C87A5BE8-354A-557F-9C9D-2871E280F815 PayloadVersion 1 diff --git a/profiles/fdn-tls.mobileconfig b/profiles/fdn-default-tls.mobileconfig similarity index 78% rename from profiles/fdn-tls.mobileconfig rename to profiles/fdn-default-tls.mobileconfig index aa04adc..ce4dd06 100644 --- a/profiles/fdn-tls.mobileconfig +++ b/profiles/fdn-default-tls.mobileconfig @@ -22,13 +22,13 @@ PayloadDescription Configures device to use FDN Encrypted DNS over TLS PayloadDisplayName - FDN DNS over TLS + FDN Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.2e1f5a96-94ab-5c5b-a178-59cba96e7e73 + com.apple.dnsSettings.managed.c974694b-5b7f-5e35-b092-f237c2856ded PayloadType com.apple.dnsSettings.managed PayloadUUID - 2E1F5A96-94AB-5C5B-A178-59CBA96E7E73 + C974694B-5B7F-5E35-B092-F237C2856DED PayloadVersion 1 ProhibitDisablement @@ -36,7 +36,10 @@ PayloadDescription - Adds the FDN DNS to Big Sur and iOS 14 based systems + Configures device to use FDN over TLS +Operated by French Data Network. +Server location: 🇫🇷. +Filtering: no PayloadDisplayName FDN Encrypted DNS over TLS PayloadIdentifier @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 2F91C89C-F9B4-5C96-9380-2FB9454444AA + EB3A703B-71BE-5734-A9B0-1405042917C8 PayloadVersion 1 diff --git a/profiles/ffmucdns-https.mobileconfig b/profiles/ffmuc-dns-default-https.mobileconfig similarity index 74% rename from profiles/ffmucdns-https.mobileconfig rename to profiles/ffmuc-dns-default-https.mobileconfig index f08b769..393e819 100644 --- a/profiles/ffmucdns-https.mobileconfig +++ b/profiles/ffmuc-dns-default-https.mobileconfig @@ -22,13 +22,13 @@ PayloadDescription Configures device to use FFMUC-DNS Encrypted DNS over HTTPS PayloadDisplayName - FFMUC DNS over HTTPS + FFMUC-DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.dc5e0bbf-e009-5221-8a2e-7249e53ade1f + com.apple.dnsSettings.managed.2297046a-c2cc-5c3e-ab2d-08cfe5880f70 PayloadType com.apple.dnsSettings.managed PayloadUUID - DC5E0BBF-E009-5221-8A2E-7249E53ADE1F + 2297046A-C2CC-5C3E-AB2D-08CFE5880F70 PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the FFMUC DNS to Big Sur and iOS 14 based systems + Configures device to use FFMUC-DNS over HTTPS +FFMUC free DNS servers provided by Freifunk München. +Server location: 🇩🇪. +Filtering: no PayloadDisplayName - FFMUC Encrypted DNS over HTTPS + FFMUC-DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 0072E80B-F435-534F-B6FA-7C7C9423B9FB + 791C654F-0336-563C-BE97-3E54C004FA8B PayloadVersion 1 diff --git a/profiles/ffmucdns-tls.mobileconfig b/profiles/ffmuc-dns-default-tls.mobileconfig similarity index 74% rename from profiles/ffmucdns-tls.mobileconfig rename to profiles/ffmuc-dns-default-tls.mobileconfig index 0eede85..2b90ca3 100644 --- a/profiles/ffmucdns-tls.mobileconfig +++ b/profiles/ffmuc-dns-default-tls.mobileconfig @@ -22,13 +22,13 @@ PayloadDescription Configures device to use FFMUC-DNS Encrypted DNS over TLS PayloadDisplayName - FFMUC DNS over TLS + FFMUC-DNS Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.01675f29-6ce8-5f58-8c4b-fbdda91c8652 + com.apple.dnsSettings.managed.40b7c673-8dbb-50f8-8fe5-c9b06762e0c9 PayloadType com.apple.dnsSettings.managed PayloadUUID - 01675F29-6CE8-5F58-8C4B-FBDDA91C8652 + 40B7C673-8DBB-50F8-8FE5-C9B06762E0C9 PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the FFMUC DNS to Big Sur and iOS 14 based systems + Configures device to use FFMUC-DNS over TLS +FFMUC free DNS servers provided by Freifunk München. +Server location: 🇩🇪. +Filtering: no PayloadDisplayName - FFMUC Encrypted DNS over TLS + FFMUC-DNS Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 4AB17AF6-FF17-58EF-B57F-1AED92A8E26A + 8C251397-46B4-5F6E-ACB7-532C953B8993 PayloadVersion 1 diff --git a/profiles/google-https.mobileconfig b/profiles/google-default-https.mobileconfig similarity index 70% rename from profiles/google-https.mobileconfig rename to profiles/google-default-https.mobileconfig index 64bf5b1..5f69bfe 100644 --- a/profiles/google-https.mobileconfig +++ b/profiles/google-default-https.mobileconfig @@ -20,15 +20,15 @@ https://dns.google/dns-query PayloadDescription - Configures device to use Google Encrypted DNS over HTTPS + Configures device to use Google Public DNS Encrypted DNS over HTTPS PayloadDisplayName - Google DNS over HTTPS + Google Public DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.317a5cde-06e0-52b8-b0d9-de462fa44247 + com.apple.dnsSettings.managed.156aa2ac-211a-5c74-be98-9a6d91a4744b PayloadType com.apple.dnsSettings.managed PayloadUUID - 317A5CDE-06E0-52B8-B0D9-DE462FA44247 + 156AA2AC-211A-5C74-BE98-9A6D91A4744B PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the Google DNS to Big Sur and iOS 14 based systems + Configures device to use Google Public DNS over HTTPS +Operated by Google LLC. +Server location: 🇺🇸. +Filtering: no PayloadDisplayName - Google Encrypted DNS over HTTPS + Google Public DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - D3AE1D44-EB42-5B10-B721-15D6A0354A9A + 79FF6A43-D453-5B8A-B0CB-F9475AC50A56 PayloadVersion 1 diff --git a/profiles/google-tls.mobileconfig b/profiles/google-default-tls.mobileconfig similarity index 70% rename from profiles/google-tls.mobileconfig rename to profiles/google-default-tls.mobileconfig index 1d0c3e9..ed06245 100644 --- a/profiles/google-tls.mobileconfig +++ b/profiles/google-default-tls.mobileconfig @@ -20,15 +20,15 @@ dns.google PayloadDescription - Configures device to use Google Encrypted DNS over TLS + Configures device to use Google Public DNS Encrypted DNS over TLS PayloadDisplayName - Google DNS over TLS + Google Public DNS Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.43e491d5-b019-5356-bc82-e8b2e1c89871 + com.apple.dnsSettings.managed.d984244b-7644-5b5e-b254-af8e59f6c09c PayloadType com.apple.dnsSettings.managed PayloadUUID - 43E491D5-B019-5356-BC82-E8B2E1C89871 + D984244B-7644-5B5E-B254-AF8E59F6C09C PayloadVersion 1 ProhibitDisablement @@ -36,9 +36,12 @@ PayloadDescription - Adds the Google DNS to Big Sur and iOS 14 based systems + Configures device to use Google Public DNS over TLS +Operated by Google LLC. +Server location: 🇺🇸. +Filtering: no PayloadDisplayName - Google Encrypted DNS over TLS + Google Public DNS Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 958F3451-3B7E-5D58-8ECA-6CD67C493117 + 022447CE-3B19-59A8-B11E-D4DEFB9DFBC1 PayloadVersion 1 diff --git a/profiles/keweondns-https.mobileconfig b/profiles/keweondns-default-https.mobileconfig similarity index 66% rename from profiles/keweondns-https.mobileconfig rename to profiles/keweondns-default-https.mobileconfig index 94909a9..24c8b7b 100644 --- a/profiles/keweondns-https.mobileconfig +++ b/profiles/keweondns-default-https.mobileconfig @@ -13,15 +13,15 @@ https://dns.keweon.center/dns-query PayloadDescription - Configures device to use keweonDNS physical DNS Server to encrypt DNS over HTTPS + Configures device to use keweonDNS Encrypted DNS over HTTPS PayloadDisplayName - keweonDNS (DoH) + keweonDNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.d9980b2f-f260-5bda-b033-800567c1476a + com.apple.dnsSettings.managed.23b46469-4d5e-547d-9847-89e17050d05d PayloadType com.apple.dnsSettings.managed PayloadUUID - D9980B2F-F260-5BDA-B033-800567C1476A + 23B46469-4D5E-547D-9847-89E17050D05D PayloadVersion 1 ProhibitDisablement @@ -29,9 +29,12 @@ PayloadDescription - Adds keweonDNS encrypted DNS configurations to Apple based systems + Configures device to use keweonDNS over HTTPS +Operated by Aviontex. Blocks ads & tracking. +Server location: 🇩🇪. +Filtering: no PayloadDisplayName - keweonDNS (DoH) + keweonDNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -41,7 +44,7 @@ PayloadType Configuration PayloadUUID - 19232C4C-ABA0-5B57-AC25-8C2494698028 + 8851DBB0-04A8-5551-A542-3B9D3D809895 PayloadVersion 1 diff --git a/profiles/keweondns-tls.mobileconfig b/profiles/keweondns-default-tls.mobileconfig similarity index 66% rename from profiles/keweondns-tls.mobileconfig rename to profiles/keweondns-default-tls.mobileconfig index 8a253fa..1fc4ada 100644 --- a/profiles/keweondns-tls.mobileconfig +++ b/profiles/keweondns-default-tls.mobileconfig @@ -13,15 +13,15 @@ dns.keweon.center PayloadDescription - Configures device to use keweonDNS physical DNS Server to encrypt DNS over TLS + Configures device to use keweonDNS Encrypted DNS over TLS PayloadDisplayName - keweonDNS (DoT) + keweonDNS Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.e3e6d9a3-8f9f-5bae-b22c-4288be42e6b1 + com.apple.dnsSettings.managed.751ad467-aa85-53df-b68d-5dc1f8c7624a PayloadType com.apple.dnsSettings.managed PayloadUUID - E3E6D9A3-8F9F-5BAE-B22C-4288BE42E6B1 + 751AD467-AA85-53DF-B68D-5DC1F8C7624A PayloadVersion 1 ProhibitDisablement @@ -29,9 +29,12 @@ PayloadDescription - Adds keweonDNS encrypted DNS configurations to Apple based systems + Configures device to use keweonDNS over TLS +Operated by Aviontex. Blocks ads & tracking. +Server location: 🇩🇪. +Filtering: no PayloadDisplayName - keweonDNS (DoT) + keweonDNS Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -41,7 +44,7 @@ PayloadType Configuration PayloadUUID - B6B082E8-E78E-5F49-8AFB-390B51717105 + 054FC0B7-2EBC-5369-AB12-DEBF5D29F9FD PayloadVersion 1 diff --git a/profiles/mullvad-adblock-https.mobileconfig b/profiles/mullvad-adblock-https.mobileconfig index b01d1e0..9d06e71 100644 --- a/profiles/mullvad-adblock-https.mobileconfig +++ b/profiles/mullvad-adblock-https.mobileconfig @@ -18,9 +18,9 @@ https://adblock.doh.mullvad.net/dns-query PayloadDescription - Configures device to use Mullvad DNS over HTTPS + Configures device to use Mullvad DNS Adblock Encrypted DNS over HTTPS PayloadDisplayName - Mullvad DNS over HTTPS + Mullvad DNS Adblock Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.aa51aa88-e16a-50c0-9b0b-4a5c1f4af720 PayloadType @@ -34,9 +34,12 @@ PayloadDescription - Adds the Mullvad DNS with ad blocking to Big Sur and iOS 14 based systems + Configures device to use Mullvad DNS Adblock over HTTPS +Operated by Mullvad VPN AB. Blocks ads & tracking. +Server location: 🇸🇪. +Filtering: yes PayloadDisplayName - Mullvad DNS over HTTPS + Mullvad DNS Adblock Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/mullvad-https.mobileconfig b/profiles/mullvad-default-https.mobileconfig similarity index 69% rename from profiles/mullvad-https.mobileconfig rename to profiles/mullvad-default-https.mobileconfig index 5c6d872..143fc4e 100644 --- a/profiles/mullvad-https.mobileconfig +++ b/profiles/mullvad-default-https.mobileconfig @@ -18,15 +18,15 @@ https://doh.mullvad.net/dns-query PayloadDescription - Configures device to use Mullvad DNS over HTTPS + Configures device to use Mullvad DNS Encrypted DNS over HTTPS PayloadDisplayName - Mullvad DNS over HTTPS + Mullvad DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.5e97cf64-16b7-58ac-8a9f-e70b7b1ed1d4 + com.apple.dnsSettings.managed.5392613a-ac78-594d-a43b-d396f54f59fd PayloadType com.apple.dnsSettings.managed PayloadUUID - 5E97CF64-16B7-58AC-8A9F-E70B7B1ED1D4 + 5392613A-AC78-594D-A43B-D396F54F59FD PayloadVersion 1 ProhibitDisablement @@ -34,9 +34,12 @@ PayloadDescription - Adds the Mullvad DNS to Big Sur and iOS 14 based systems + Configures device to use Mullvad DNS over HTTPS +Operated by Mullvad VPN AB. +Server location: 🇸🇪. +Filtering: yes PayloadDisplayName - Mullvad DNS over HTTPS + Mullvad DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -46,7 +49,7 @@ PayloadType Configuration PayloadUUID - 4F6048D0-45F2-55B2-AF08-D09094960B41 + 9EE643A7-BCF2-50B2-A03E-7437589CB25E PayloadVersion 1 diff --git a/profiles/opendns-https.mobileconfig b/profiles/opendns-default-https.mobileconfig similarity index 66% rename from profiles/opendns-https.mobileconfig rename to profiles/opendns-default-https.mobileconfig index 57a16ae..3abd25e 100644 --- a/profiles/opendns-https.mobileconfig +++ b/profiles/opendns-default-https.mobileconfig @@ -13,15 +13,15 @@ https://doh.opendns.com/dns-query PayloadDescription - Configures device to use OpenDNS Encrypted DNS over HTTPS + Configures device to use OpenDNS Standard Encrypted DNS over HTTPS PayloadDisplayName - OpenDNS DNS over HTTPS Standard + OpenDNS Standard Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.45ba4fc6-566b-5e50-b483-46b97b96597a + com.apple.dnsSettings.managed.a3d586de-f243-5813-8f3e-fafa8e48b05d PayloadType com.apple.dnsSettings.managed PayloadUUID - 45BA4FC6-566B-5E50-B483-46B97B96597A + A3D586DE-F243-5813-8F3E-FAFA8E48B05D PayloadVersion 1 ProhibitDisablement @@ -29,9 +29,12 @@ PayloadDescription - Adds the OpenDNS Encrypted DNS to Big Sur and iOS 14 based systems + Configures device to use OpenDNS Standard over HTTPS +Operated by Cisco OpenDNS LLC. +Server location: 🇺🇸. +Filtering: no PayloadDisplayName - OpenDNS Encrypted DNS + OpenDNS Standard Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -41,7 +44,7 @@ PayloadType Configuration PayloadUUID - 38CDCB26-893D-50A7-8E36-EE7E02CC0682 + E939E0A6-C1E4-5734-912C-5A213C1C5A78 PayloadVersion 1 diff --git a/profiles/opendns-family-https.mobileconfig b/profiles/opendns-family-https.mobileconfig index 6fb60c6..5905980 100644 --- a/profiles/opendns-family-https.mobileconfig +++ b/profiles/opendns-family-https.mobileconfig @@ -13,9 +13,9 @@ https://doh.familyshield.opendns.com/dns-query PayloadDescription - Configures device to use OpenDNS Encrypted DNS over HTTPS + Configures device to use OpenDNS FamilyShield Encrypted DNS over HTTPS PayloadDisplayName - OpenDNS DNS over HTTPS Standard + OpenDNS FamilyShield Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.1a8cc509-020c-5f6a-830d-7a85f82d66e5 PayloadType @@ -29,9 +29,12 @@ PayloadDescription - Adds the OpenDNS Encrypted DNS Family Shield to Big Sur and iOS 14 based systems + Configures device to use OpenDNS FamilyShield over HTTPS +Operated by Cisco OpenDNS LLC. Blocks malware & adult content. +Server location: 🇺🇸. +Filtering: yes PayloadDisplayName - OpenDNS Encrypted DNS Family Shield + OpenDNS FamilyShield Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/quad9-ECS-https.mobileconfig b/profiles/quad9-ECS-https.mobileconfig index e31a989..464f282 100644 --- a/profiles/quad9-ECS-https.mobileconfig +++ b/profiles/quad9-ECS-https.mobileconfig @@ -20,9 +20,9 @@ https://dns11.quad9.net/dns-query PayloadDescription - Configures device to use Quad9 Encrypted DNS over HTTPS with ECS + Configures device to use Quad9 w/ ECS Encrypted DNS over HTTPS PayloadDisplayName - Quad9 DNS over HTTPS with ECS + Quad9 w/ ECS Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.be15a83d-45e7-56c2-af36-23c6c8c72198 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems + Configures device to use Quad9 w/ ECS over HTTPS +Operated by Quad9 Foundation. Supports ECS. Blocks malware. +Server location: 🇨🇭. +Filtering: yes PayloadDisplayName - Quad9 with ECS Encrypted DNS over HTTPS + Quad9 w/ ECS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/quad9-ECS-tls.mobileconfig b/profiles/quad9-ECS-tls.mobileconfig index cb9c445..f384ac4 100644 --- a/profiles/quad9-ECS-tls.mobileconfig +++ b/profiles/quad9-ECS-tls.mobileconfig @@ -20,9 +20,9 @@ dns11.quad9.net PayloadDescription - Configures device to use Quad9 with ECS Encrypted DNS over HTTPS + Configures device to use Quad9 w/ ECS Encrypted DNS over TLS PayloadDisplayName - Quad9 DNS over TLS with ECS + Quad9 w/ ECS Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.97a5f054-ede5-5ed7-aa4b-d71c34d3d690 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Quad9 with ECS DNS to Big Sur and iOS 14 based systems + Configures device to use Quad9 w/ ECS over TLS +Operated by Quad9 Foundation. Supports ECS. Blocks malware. +Server location: 🇨🇭. +Filtering: yes PayloadDisplayName - Quad9 with ECS Encrypted DNS over TLS + Quad9 w/ ECS Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/quad9-https.mobileconfig b/profiles/quad9-default-https.mobileconfig similarity index 77% rename from profiles/quad9-https.mobileconfig rename to profiles/quad9-default-https.mobileconfig index 3b19af0..1eaa949 100644 --- a/profiles/quad9-https.mobileconfig +++ b/profiles/quad9-default-https.mobileconfig @@ -22,13 +22,13 @@ PayloadDescription Configures device to use Quad9 Encrypted DNS over HTTPS PayloadDisplayName - Quad9 DNS over HTTPS + Quad9 Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.f8a674b2-5c62-5f7e-aa75-56af6005d526 + com.apple.dnsSettings.managed.44379267-355e-54e5-acc1-cbebdf529036 PayloadType com.apple.dnsSettings.managed PayloadUUID - F8A674B2-5C62-5F7E-AA75-56AF6005D526 + 44379267-355E-54E5-ACC1-CBEBDF529036 PayloadVersion 1 ProhibitDisablement @@ -36,7 +36,10 @@ PayloadDescription - Adds the Quad9 DNS to Big Sur and iOS 14 based systems + Configures device to use Quad9 over HTTPS +Operated by Quad9 Foundation. Blocks malware. +Server location: 🇨🇭. +Filtering: yes PayloadDisplayName Quad9 Encrypted DNS over HTTPS PayloadIdentifier @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - C26A7C0E-10F6-542D-AB88-2D3B6FC27C1C + 8FE3092A-B80F-5352-A2A8-0CA9EC8A7E46 PayloadVersion 1 diff --git a/profiles/quad9-tls.mobileconfig b/profiles/quad9-default-tls.mobileconfig similarity index 73% rename from profiles/quad9-tls.mobileconfig rename to profiles/quad9-default-tls.mobileconfig index c11941d..065221d 100644 --- a/profiles/quad9-tls.mobileconfig +++ b/profiles/quad9-default-tls.mobileconfig @@ -20,15 +20,15 @@ dns.quad9.net PayloadDescription - Configures device to use Quad9 Encrypted DNS over HTTPS + Configures device to use Quad9 Encrypted DNS over TLS PayloadDisplayName - Quad9 DNS over TLS + Quad9 Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.d542f87a-d392-5401-867c-f25f81311318 + com.apple.dnsSettings.managed.2ec591fd-e155-5119-a2d7-036cde99d0a3 PayloadType com.apple.dnsSettings.managed PayloadUUID - D542F87A-D392-5401-867C-F25F81311318 + 2EC591FD-E155-5119-A2D7-036CDE99D0A3 PayloadVersion 1 ProhibitDisablement @@ -36,7 +36,10 @@ PayloadDescription - Adds the Quad9 DNS to Big Sur and iOS 14 based systems + Configures device to use Quad9 over TLS +Operated by Quad9 Foundation. Blocks malware. +Server location: 🇨🇭. +Filtering: yes PayloadDisplayName Quad9 Encrypted DNS over TLS PayloadIdentifier @@ -48,7 +51,7 @@ PayloadType Configuration PayloadUUID - 6D3671D0-DDDE-52A7-B1DE-5818251E5766 + AD038BB9-1330-527A-82BF-0F9F7FD709C5 PayloadVersion 1 diff --git a/profiles/quad9-nofilter-https.mobileconfig b/profiles/quad9-nofilter-https.mobileconfig index 2c5a69c..7292965 100644 --- a/profiles/quad9-nofilter-https.mobileconfig +++ b/profiles/quad9-nofilter-https.mobileconfig @@ -20,9 +20,9 @@ https://dns10.quad9.net/dns-query PayloadDescription - Configures device to use Quad9 No Filter Encrypted DNS over HTTPS + Configures device to use Quad9 Unfiltered Encrypted DNS over HTTPS PayloadDisplayName - Quad9 No Filter DNS over HTTPS + Quad9 Unfiltered Encrypted DNS over HTTPS PayloadIdentifier com.apple.dnsSettings.managed.4764962f-5e78-514d-ad2c-dc8acd3b27f3 PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Quad9 No Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Quad9 Unfiltered over HTTPS +Operated by Quad9 Foundation. +Server location: 🇨🇭. +Filtering: no PayloadDisplayName - Quad9 No Filter Encrypted DNS over HTTPS + Quad9 Unfiltered Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/quad9-nofilter-tls.mobileconfig b/profiles/quad9-nofilter-tls.mobileconfig index b1b76fd..539b124 100644 --- a/profiles/quad9-nofilter-tls.mobileconfig +++ b/profiles/quad9-nofilter-tls.mobileconfig @@ -20,9 +20,9 @@ dns10.quad9.net PayloadDescription - Configures device to use Quad9 No Filter Encrypted DNS over HTTPS + Configures device to use Quad9 Unfiltered Encrypted DNS over TLS PayloadDisplayName - Quad9 No Filter DNS over TLS + Quad9 Unfiltered Encrypted DNS over TLS PayloadIdentifier com.apple.dnsSettings.managed.90067817-36d5-5412-96fc-3c3294eb0fec PayloadType @@ -36,9 +36,12 @@ PayloadDescription - Adds the Quad9 No Filter DNS to Big Sur and iOS 14 based systems + Configures device to use Quad9 Unfiltered over TLS +Operated by Quad9 Foundation. +Server location: 🇨🇭. +Filtering: no PayloadDisplayName - Quad9 No Filter Encrypted DNS over TLS + Quad9 Unfiltered Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed diff --git a/profiles/template-on-demand.mobileconfig b/profiles/template-on-demand-default-https.mobileconfig similarity index 73% rename from profiles/template-on-demand.mobileconfig rename to profiles/template-on-demand-default-https.mobileconfig index 9381e2f..41fabab 100644 --- a/profiles/template-on-demand.mobileconfig +++ b/profiles/template-on-demand-default-https.mobileconfig @@ -37,15 +37,15 @@ PayloadDescription - Configures device to use Example Encrypted DNS over HTTPS + Configures device to use Example Encrypted DNS Encrypted DNS over HTTPS PayloadDisplayName - Example DNS over HTTPS + Example Encrypted DNS Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.abc0db58-da07-5566-a55b-587df1382d4a + com.apple.dnsSettings.managed.45134783-5122-5abb-96ed-f5bf88841542 PayloadType com.apple.dnsSettings.managed PayloadUUID - ABC0DB58-DA07-5566-A55B-587DF1382D4A + 45134783-5122-5ABB-96ED-F5BF88841542 PayloadVersion 1 ProhibitDisablement @@ -53,9 +53,12 @@ PayloadDescription - Adds the Example Encrypted DNS over HTTPS to Big Sur and iOS 14 based systems + Configures device to use Example Encrypted DNS over HTTPS +Adds the Example Encrypted DNS over HTTPS to Big Sur and iOS 14 based systems. +Server location: . +Filtering: no PayloadDisplayName - Example Encrypted DNS over HTTPS + Example Encrypted DNS Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -65,7 +68,7 @@ PayloadType Configuration PayloadUUID - 9E0173E4-7947-5174-A857-D97C90189345 + 094F8FB6-20D9-51D6-8F5D-6E3F32192E24 PayloadVersion 1 diff --git a/profiles/tiarapp-https.mobileconfig b/profiles/tiarapp-default-https.mobileconfig similarity index 70% rename from profiles/tiarapp-https.mobileconfig rename to profiles/tiarapp-default-https.mobileconfig index 0fef4cf..377b91b 100644 --- a/profiles/tiarapp-https.mobileconfig +++ b/profiles/tiarapp-default-https.mobileconfig @@ -15,13 +15,13 @@ PayloadDescription Configures device to use Tiarap Encrypted DNS over HTTPS PayloadDisplayName - Tiarap DNS over HTTPS + Tiarap Encrypted DNS over HTTPS PayloadIdentifier - com.apple.dnsSettings.managed.b8bfdb6a-295d-5b21-b057-eb3c8b0a786e + com.apple.dnsSettings.managed.fde2d338-fe25-546b-ab48-645b7b675e6b PayloadType com.apple.dnsSettings.managed PayloadUUID - B8BFDB6A-295D-5B21-B057-EB3C8B0A786E + FDE2D338-FE25-546B-AB48-645B7B675E6B PayloadVersion 1 ProhibitDisablement @@ -29,9 +29,12 @@ PayloadDescription - Adds the Tiarap DNS over HTTPS to Big Sur and iOS 14 based systems + Configures device to use Tiarap over HTTPS +Operated by Tiarap Inc. Blocks ads, tracking, phising & malware. +Server location: 🇸🇬 🇺🇸. +Filtering: yes PayloadDisplayName - Tiarap DNS over HTTPS + Tiarap Encrypted DNS over HTTPS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -41,7 +44,7 @@ PayloadType Configuration PayloadUUID - 5D9FBC79-C3B0-5A98-A17D-8EC8A05C0F22 + 39D05040-6A6B-53A3-A94A-CBACA457F960 PayloadVersion 1 diff --git a/profiles/tiarapp-tls.mobileconfig b/profiles/tiarapp-default-tls.mobileconfig similarity index 70% rename from profiles/tiarapp-tls.mobileconfig rename to profiles/tiarapp-default-tls.mobileconfig index bde3ebc..f0f7319 100644 --- a/profiles/tiarapp-tls.mobileconfig +++ b/profiles/tiarapp-default-tls.mobileconfig @@ -15,13 +15,13 @@ PayloadDescription Configures device to use Tiarap Encrypted DNS over TLS PayloadDisplayName - Tiarap DNS over TLS + Tiarap Encrypted DNS over TLS PayloadIdentifier - com.apple.dnsSettings.managed.1e58dec4-c1a9-50ac-81cb-cc9c261f9041 + com.apple.dnsSettings.managed.d7772cd8-45af-5f49-8563-5d6c20df3f65 PayloadType com.apple.dnsSettings.managed PayloadUUID - 1E58DEC4-C1A9-50AC-81CB-CC9C261F9041 + D7772CD8-45AF-5F49-8563-5D6C20DF3F65 PayloadVersion 1 ProhibitDisablement @@ -29,9 +29,12 @@ PayloadDescription - Adds the Tiarap DNS over TLS to Big Sur and iOS 14 based systems + Configures device to use Tiarap over TLS +Operated by Tiarap Inc. Blocks ads, tracking, phising & malware. +Server location: 🇸🇬 🇺🇸. +Filtering: yes PayloadDisplayName - Tiarap DNS over TLS + Tiarap Encrypted DNS over TLS PayloadIdentifier com.paulmillr.apple-dns PayloadRemovalDisallowed @@ -41,7 +44,7 @@ PayloadType Configuration PayloadUUID - BB91492E-F74F-5707-8B99-EA8E92DE96B6 + B9C51928-5B68-5B30-9CEC-B3A30FBBABB1 PayloadVersion 1 diff --git a/scripts/build.ts b/scripts/build.ts deleted file mode 100755 index 265cfd8..0000000 --- a/scripts/build.ts +++ /dev/null @@ -1,771 +0,0 @@ -#!/usr/bin/env node -import { CMS } from 'micro-key-producer/x509.js'; -import { createHash } from 'node:crypto'; -import fs from 'node:fs'; -import net from 'node:net'; -import path from 'node:path'; -import { fileURLToPath } from 'node:url'; - -type LangData = { - code: string; - name: string; - table_columns: { - name: string; - region: string; - censorship: string; - notes: string; - install_signed: string; - install_unsigned: string; - }; - yes: string; - no: string; -}; - -type Lang = { - code: string; - name: string; - mdFile: string; - jsonFile: string; - data: LangData; -}; - -type RuleParam = { DomainAction: string; Domains: string[] }; -type Rule = { - Action: string; - InterfaceTypeMatch?: string; - SSIDMatch?: string[]; - ActionParameters?: RuleParam[]; -}; -type DnsCfg = { - protocol: string; - server: string; - addresses: string[]; -}; -type DnsInput = { - protocol: string; - server: string; - addresses: string[]; -}; -type DnsValidateOpts = { requireTlsAddresses?: boolean }; - -type PayloadCfg = { - description?: string; - displayName: string; - identifier: string; - uuid: string; - type?: string; - version?: number; - organization?: string; - prohibitDisablement?: boolean; -}; - -type TopCfg = { - description: string; - displayName: string; - identifier: string; - removalDisallowed?: boolean; - scope?: string; - type?: string; - uuid: string; - version?: number; - organization?: string; - consentTextDefault?: string; -}; - -type CertCfg = { - fileName: string; - data: string; - displayName: string; - identifier: string; - uuid: string; - type?: string; - version?: number; -}; - -export type ProfileCfg = { - // Controls plist string escaping; kept for compatibility with old provider entries. - escapeXML?: boolean; - // Naming inputs used to derive PayloadDisplayName / top display fields when explicit fields are absent. - name?: string; - fullName?: string; - // Explicit top payload display name fallback when top.displayName is not set. - topName?: string; - // DNS endpoint (DoH URL or DoT hostname) and optional resolver IP hints for Apple DNSSettings payload. - ServerURLOrName?: string; - ServerAddresses?: string[]; - // Inner payload fields (com.apple.dnsSettings.managed) shown in UI and used for stable ids. - PayloadDisplayName?: string; - PayloadDescription?: string; - PayloadIdentifier?: string; - PayloadUUID?: string; - PayloadType?: string; - PayloadVersion?: number; - // Apple DNS payload flag: true prevents user from toggling DNS settings off in UI. - ProhibitDisablement?: boolean; - // Optional Apple consent text block; used by some providers for privacy-policy notice. - ConsentTextDefault?: string; - // Structured variants used by CLI/tests; normalize() supports both structured and flat forms. - dns?: DnsCfg; - payload?: PayloadCfg; - // Structured top-level configuration payload; if absent, built from defaults + topName. - top?: TopCfg; - // Optional on-demand match rules (template use-case). - onDemandRules?: Rule[]; - // Optional additional certificate payloads embedded into profile. - certificates?: CertCfg[]; - // Compact detached signature (hex). Generator rebuilds attached CMS signed/*.mobileconfig from this. - signature?: string; -}; - -type Provider = { - // Provider metadata for README table + generated links. - id: string; - profile: string; - // Optional naming defaults consumed by providerFile()/normalize(). - name?: string; - fullName?: string; - ServerAddresses?: string[]; - // Optional output filename override (template provider). - file?: string; - // Hidden providers are excluded from README provider table. - hidden?: boolean; - website?: string; - region?: string | string[]; - censorship?: boolean; - // Localized labels and notes used in README rendering. - names: Record; - notes: Record; - // Per-protocol profile definitions. - https?: ProfileCfg; - tls?: ProfileCfg; - formats?: { - unsigned: { https: boolean; tls: boolean }; - signed: { https: boolean; tls: boolean }; - }; - sourceFile?: string; -}; -type ProviderFileInfo = Pick; - -const __filename = fileURLToPath(import.meta.url); -const __dirname = path.dirname(__filename); -// Moved under scripts/: resolve repo-root data paths explicitly. -const ROOT_DIR = path.join(__dirname, '..'); -const CERTS_DIR = path.join(ROOT_DIR, 'certs'); -const CERT_PEM_FILE = path.join(CERTS_DIR, 'cert.pem'); -const CHAIN_PEM_FILE = path.join(CERTS_DIR, 'chain.pem'); -// Shared CMS algorithm parameters for repo signing/building. -// We intentionally omit signingTime and S/MIME capabilities for stable, minimal signed attributes. -export const SIGN_OPTS = { extraEntropy: false } as const; // Deterministic signatures -const LANGUAGES_DIR = path.join(ROOT_DIR, 'src-languages'); -const PROVIDERS_PATH = path.join(ROOT_DIR, 'src'); -const DEFAULT_LANG = 'en'; -const OUTPUT_DIR = ROOT_DIR; -const REPO_RAW = 'https://github.com/paulmillr/encrypted-dns/raw/master'; -const outPath = (p: string) => path.join(ROOT_DIR, p); - -const REGIONS: Record = { - US: '🇺🇸', - CN: '🇨🇳', - RU: '🇷🇺', - NL: '🇳🇱', - DE: '🇩🇪', - SG: '🇸🇬', - CA: '🇨🇦', - FR: '🇫🇷', - CH: '🇨🇭', - SE: '🇸🇪', - CZ: '🇨🇿', -}; - -const escapeXMLText = (s: string) => - s - .replaceAll('&', '&') - .replaceAll('<', '<') - .replaceAll('>', '>') - .replaceAll('"', '"') - .replaceAll("'", '''); -export const validId = (s: string) => /^[A-Za-z0-9.-]+$/.test(s); -export const validHost = (s: string) => - /^(?=.{1,253}$)(?!-)(?:[A-Za-z0-9-]{1,63}\.)*[A-Za-z0-9-]{1,63}$/.test(s) && !s.includes('..'); -export const splitCsv = (s: string) => - s - .split(',') - .map((x) => x.trim()) - .filter(Boolean); -const bad = (where: string, msg: string): never => { - throw new Error(`${where}: ${msg}`); -}; -const validateDnsInputFor = ( - x: DnsInput, - where: string, - protocol: 'https' | 'tls', - opts: DnsValidateOpts = {} -) => { - const requireTlsAddresses = - opts.requireTlsAddresses !== undefined ? opts.requireTlsAddresses : true; - if (!x.server.trim()) bad(where, 'server is required'); - if (protocol === 'https') { - let url: URL; - try { - url = new URL(x.server); - } catch { - bad(where, `https server must be a valid URL, got: ${x.server}`); - } - if (url.protocol !== 'https:') - bad(where, `https server URL must use https://, got: ${x.server}`); - } else if (!validHost(x.server)) bad(where, `tls server must be a hostname, got: ${x.server}`); - for (const ip of x.addresses) if (!net.isIP(ip)) bad(where, `invalid IP address: ${ip}`); - if (requireTlsAddresses && protocol === 'tls' && x.addresses.length === 0) - bad(where, 'tls requires at least one IP in --addresses'); -}; -export const validateDnsInput = (x: DnsInput, where: string, opts: DnsValidateOpts = {}) => { - const protocol = x.protocol.toLowerCase(); - if (protocol !== 'https' && protocol !== 'tls') - bad(where, `protocol: expected https|tls, got ${x.protocol}`); - validateDnsInputFor(x, where, protocol, opts); -}; -export const validateProfileInput = ( - x: ProfileCfg, - where: string, - expectedProtocol?: 'https' | 'tls' -) => { - const dns = x.dns || { - protocol: expectedProtocol || '', - server: x.ServerURLOrName || '', - addresses: x.ServerAddresses || [], - }; - if (expectedProtocol) - validateDnsInputFor(dns, where, expectedProtocol, { requireTlsAddresses: false }); - else validateDnsInput(dns, where); - const payloadId = x.payload?.identifier || x.PayloadIdentifier; - const topId = x.top?.identifier; - const scope = x.top?.scope; - if (payloadId && !validId(payloadId)) - bad(where, `payload identifier must match [A-Za-z0-9.-], got: ${payloadId}`); - if (topId && !validId(topId)) - bad(where, `top payload identifier must match [A-Za-z0-9.-], got: ${topId}`); - if (scope && scope !== 'System' && scope !== 'User') - bad(where, `scope: expected System|User, got ${scope}`); -}; - -const certData = (src: string) => - src - .replace(/-----BEGIN CERTIFICATE-----/g, '') - .replace(/-----END CERTIFICATE-----/g, '') - .replace(/\s/g, ''); -const UUID_DNS_NS = new Uint8Array([ - 0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8, -]); -const hex = (b: Uint8Array) => Buffer.from(b).toString('hex'); -const uuidFormat = (b: Uint8Array, upper: boolean) => { - const s = hex(b); - const out = `${s.slice(0, 8)}-${s.slice(8, 12)}-${s.slice(12, 16)}-${s.slice(16, 20)}-${s.slice(20, 32)}`; - return upper ? out.toUpperCase() : out.toLowerCase(); -}; -const uuidV5 = (seed: string, upper: boolean) => { - const msg = Buffer.from(seed, 'utf8'); - const h = createHash('sha1').update(Buffer.from(UUID_DNS_NS)).update(msg).digest(); - const out = new Uint8Array(h.subarray(0, 16)); - out[6] = (out[6] & 0x0f) | 0x50; - out[8] = (out[8] & 0x3f) | 0x80; - return uuidFormat(out, upper); -}; -export const deterministicUuid = ( - rootIdentifier: string, - tag: 'root' | 'payload', - rel: string, - i?: number -) => { - if (tag === 'root') return uuidV5(`${rootIdentifier}::root::${rel}`, true); - return uuidV5(`${rootIdentifier}::payload::${i || 0}::${rel}`, true); -}; -const deterministicPayloadIdentifier = (rootIdentifier: string, rel: string, i = 0) => - `com.apple.dnsSettings.managed.${uuidV5(`${rootIdentifier}::payload::${i}::${rel}`, false)}`; - -export const providerFile = (p: ProviderFileInfo, https: boolean, signed?: boolean) => { - if (p.file) return `${signed ? 'signed' : 'profiles'}/${p.file}`; - const postfix = (_pr: ProviderFileInfo, isHttps: boolean) => (isHttps ? 'https' : 'tls'); - const name = p.name || p.id; - return `${signed ? 'signed' : 'profiles'}/${name}-${postfix(p, https)}.mobileconfig`; -}; - -const languages: Lang[] = fs - .readdirSync(LANGUAGES_DIR) - .filter((f: string) => f.endsWith('.json')) - .sort() - .map((f: string) => { - const p = path.join(LANGUAGES_DIR, f); - const data = JSON.parse(fs.readFileSync(p, 'utf8')) as LangData; - return { - code: data.code, - name: data.name, - mdFile: p.replace('.json', '.md'), - jsonFile: p, - data, - }; - }); - -const providers: Provider[] = fs - .readdirSync(PROVIDERS_PATH) - .sort() - .map((name: string) => { - const sourceFile = path.join(PROVIDERS_PATH, name); - const p = JSON.parse(fs.readFileSync(sourceFile, 'utf8')) as Provider; - const unsigned = { https: !!p.https, tls: !!p.tls }; - const signed = { - https: !!p.https?.signature || fs.existsSync(outPath(providerFile(p, true, true))), - tls: !!p.tls?.signature || fs.existsSync(outPath(providerFile(p, false, true))), - }; - return { ...p, sourceFile, formats: { unsigned, signed } }; - }); - -const generateSigned = () => { - for (const p of providers) { - if (!p.formats) continue; - p.formats.signed.https = fs.existsSync(outPath(providerFile(p, true, true))); - p.formats.signed.tls = fs.existsSync(outPath(providerFile(p, false, true))); - } -}; - -const FULLWIDTH_PATTERN = - /[\u1100-\u115F\u2329\u232A\u2E80-\u303E\u3040-\uA4CF\uAC00-\uD7A3\uF900-\uFAFF\uFE10-\uFE19\uFE30-\uFE6F\uFF00-\uFF60\uFFE0-\uFFE6]/u; -const chrWidth = (str: string) => { - let width = 0; - for (const c of str) width += FULLWIDTH_PATTERN.test(c) || REGIONS[c] ? 2 : 1; - return width; -}; -const padEnd = (s: string, len: number, chr: string) => - `${s}${chr.repeat(Math.max(0, len - chrWidth(s)))}`; - -const genTable = (rows: string[][]) => { - const widths = rows[0].map(() => 0); - for (const r of rows) - for (let i = 0; i < r.length; i++) widths[i] = Math.max(widths[i], chrWidth(r[i])); - let table = ''; - rows.forEach((r, i) => { - const cells = r.map((c, j) => padEnd(c, widths[j], ' ')).join(' | '); - table += `| ${cells} |\n`; - if (i === 0) table += `| ${r.map((_, j) => padEnd('', widths[j], '-')).join(' | ')} |\n`; - }); - return table; -}; - -const TAGS: Record string> = { - LANGUAGES: (currentLang: Lang) => - languages - .map((lang) => { - if (lang.code === currentLang.code) return lang.name; - return `[${lang.name}](https://github.com/paulmillr/encrypted-dns/${lang.code === DEFAULT_LANG ? '' : `blob/master/README.${lang.code}.md`})`; - }) - .join(' | '), - PROVIDERS_TABLE: (currentLang: Lang) => { - const rows: string[][] = [ - [ - currentLang.data.table_columns.name, - currentLang.data.table_columns.region, - currentLang.data.table_columns.censorship, - currentLang.data.table_columns.notes, - currentLang.data.table_columns.install_signed, - currentLang.data.table_columns.install_unsigned, - ], - ]; - const sorted = Array.from(providers) - .filter((p) => !p.hidden) - .sort((a, b) => a.id.localeCompare(b.id)); - for (const provider of sorted) { - const name = provider.names[currentLang.code] || provider.names[DEFAULT_LANG]; - const note = provider.notes[currentLang.code] || provider.notes[DEFAULT_LANG]; - const censorship = provider.censorship ? currentLang.data.yes : currentLang.data.no; - const regionEmoji = ( - Array.isArray(provider.region) ? provider.region : [provider.region || ''] - ) - .map((r) => REGIONS[r] || '') - .join(' ') - .trim(); - const unsignedLinks: string[] = []; - if (provider.formats?.unsigned?.https) - unsignedLinks.push(`[HTTPS][${provider.profile}-https]`); - if (provider.formats?.unsigned?.tls) unsignedLinks.push(`[TLS][${provider.profile}-tls]`); - const signedLinks: string[] = []; - if (provider.formats?.signed?.https) - signedLinks.push(`[HTTPS][${provider.profile}-https-signed]`); - if (provider.formats?.signed?.tls) signedLinks.push(`[TLS][${provider.profile}-tls-signed]`); - rows.push([ - `[${name}][${provider.id}]`, - regionEmoji, - censorship, - note, - signedLinks.join(', '), - unsignedLinks.join(', '), - ]); - } - return genTable(rows).trim(); - }, - PROVIDERS_LINKS: (_currentLang: Lang) => { - let res = ''; - const addLink = (p: Provider, https: boolean, signed?: boolean) => { - const file = providerFile(p, https, signed); - if (!fs.existsSync(outPath(file))) throw new Error(`missing: ${file}`); - res += `[${p.profile}-${https ? 'https' : 'tls'}${signed ? '-signed' : ''}]: ${REPO_RAW}/${file}\n`; - }; - for (const p of providers) { - if (p.hidden) continue; - if (p.website) res += `[${p.id}]: ${p.website}\n`; - if (p.formats?.unsigned?.https) addLink(p, true); - if (p.formats?.unsigned?.tls) addLink(p, false); - } - for (const p of providers) { - if (p.hidden) continue; - if (p.formats?.signed?.https) addLink(p, true, true); - if (p.formats?.signed?.tls) addLink(p, false, true); - } - return res; - }, -}; - -const processTemplate = (templateContent: string, lang: Lang) => { - let content = templateContent; - for (const [tag, handler] of Object.entries(TAGS)) { - const tagPattern = new RegExp(`<%${tag}%>`, 'g'); - if (content.match(tagPattern)) content = content.replace(tagPattern, handler(lang)); - } - return content; -}; - -const generateReadmes = () => { - for (const lang of languages) { - if (!fs.existsSync(lang.mdFile)) throw new Error(`Template file not found: ${lang.mdFile}`); - const tpl = fs.readFileSync(lang.mdFile, 'utf8'); - const processed = processTemplate(tpl, lang); - const out = lang.code === DEFAULT_LANG ? 'README.md' : `README.${lang.code}.md`; - fs.writeFileSync(path.join(OUTPUT_DIR, out), processed, 'utf8'); - console.log(`Generated ${out}`); - } -}; - -type NormalizeOpts = { - expectedProtocol?: 'https' | 'tls'; - serverAddresses?: string[]; - fullName?: string; -}; -const normalize = ( - x: ProfileCfg, - rel: string, - opts: NormalizeOpts = {} -): Required> & { - escapeXML: boolean; - signature?: string; -} => { - const escapeXML = x.escapeXML !== undefined ? x.escapeXML : true; - const protocolDefault = opts.expectedProtocol ? opts.expectedProtocol.toUpperCase() : ''; - const rootIdentifier = x.top?.identifier || 'com.paulmillr.apple-dns'; - const defaultPayloadDesc = (name: string) => `Configures device to use ${name}`; - const defaultTopDesc = (name: string) => `Adds the ${name} to Big Sur and iOS 14 based systems`; - const proto = (x.dns?.protocol || protocolDefault).toUpperCase(); - const fullNameRaw = x.fullName || opts.fullName || ''; - const fullNameWithProto = (() => { - if (!fullNameRaw) return ''; - if (/ over (HTTPS|TLS)$/.test(fullNameRaw)) return fullNameRaw; - if (proto === 'HTTPS' || proto === 'TLS') return `${fullNameRaw} over ${proto}`; - return fullNameRaw; - })(); - const baseName = x.PayloadDisplayName || fullNameWithProto || x.name || ''; - const topName = x.top?.displayName || x.topName || baseName; - const fullName = fullNameRaw || topName || baseName; - // Mixed-shape input (e.g. CLI `new.ts`) may provide only `dns` and flat payload/top fields. - // Only treat as fully-structured mode when all three nested blocks are present. - if (x.payload && x.top && x.dns) { - const dns = x.dns || { - protocol: protocolDefault, - server: x.ServerURLOrName || '', - addresses: x.ServerAddresses !== undefined ? x.ServerAddresses : opts.serverAddresses || [], - }; - return { - dns, - payload: x.payload!, - top: x.top!, - onDemandRules: x.onDemandRules || [], - certificates: x.certificates || [], - escapeXML, - signature: x.signature, - }; - } - return { - dns: x.dns || { - protocol: protocolDefault, - server: x.ServerURLOrName || '', - addresses: x.ServerAddresses !== undefined ? x.ServerAddresses : opts.serverAddresses || [], - }, - payload: { - description: x.PayloadDescription || defaultPayloadDesc(x.name || baseName), - displayName: baseName, - identifier: x.PayloadIdentifier || deterministicPayloadIdentifier(rootIdentifier, rel, 0), - uuid: x.PayloadUUID || deterministicUuid(rootIdentifier, 'payload', rel, 0), - type: x.PayloadType || 'com.apple.dnsSettings.managed', - version: x.PayloadVersion || 1, - organization: undefined, - prohibitDisablement: x.ProhibitDisablement !== undefined ? x.ProhibitDisablement : false, - }, - top: { - description: x.top?.description || defaultTopDesc(fullName), - displayName: x.top?.displayName || topName, - identifier: rootIdentifier, - removalDisallowed: x.top?.removalDisallowed !== undefined ? x.top.removalDisallowed : false, - scope: x.top?.scope || 'System', - type: x.top?.type || 'Configuration', - uuid: x.top?.uuid || deterministicUuid(rootIdentifier, 'root', rel), - version: x.top?.version || 1, - organization: x.top?.organization, - consentTextDefault: x.top?.consentTextDefault || x.ConsentTextDefault, - }, - onDemandRules: x.onDemandRules || [], - certificates: x.certificates || [], - escapeXML, - signature: x.signature, - }; -}; - -type PlistData = { TAG: 'data'; data: string }; -type PlistNode = - | string - | number - | boolean - | PlistData - | PlistNode[] - | Record; -const plistData = (x: string): PlistData => ({ TAG: 'data', data: x }); -const isPlistData = (x: PlistNode): x is PlistData => - typeof x === 'object' && !Array.isArray(x) && (x as PlistData).TAG === 'data'; -const plistNode = (x: PlistNode, level: number, esc: (s: string) => string): string => { - const pad = ' '.repeat(level); - if (typeof x === 'string') return `${pad}${esc(x)}\n`; - if (typeof x === 'number') return `${pad}${x}\n`; - if (typeof x === 'boolean') return `${pad}<${x ? 'true' : 'false'}/>\n`; - if (Array.isArray(x)) { - let out = `${pad}\n`; - for (const i of x) out += plistNode(i, level + 1, esc); - return `${out}${pad}\n`; - } - if (isPlistData(x)) return `${pad}${x.data}\n`; - let out = `${pad}\n`; - for (const [k, v] of Object.entries(x)) { - if (v === undefined) continue; - out += `${pad} ${k}\n`; - out += plistNode(v, level + 1, esc); - } - return `${out}${pad}\n`; -}; -const plistDoc = (root: PlistNode, rootLevel: number, esc: (s: string) => string) => - ` - - -${plistNode(root, rootLevel, esc)} -`; -const dnsNode = (d: DnsCfg): Record => ({ - DNSProtocol: d.protocol, - ...(d.addresses.length ? { ServerAddresses: d.addresses } : {}), - [d.server.startsWith('https://') ? 'ServerURL' : 'ServerName']: d.server, -}); -const rulesNode = (rules: Rule[]): PlistNode[] => - rules.map((r) => ({ - Action: r.Action, - ...(r.InterfaceTypeMatch ? { InterfaceTypeMatch: r.InterfaceTypeMatch } : {}), - ...(r.SSIDMatch && r.SSIDMatch.length ? { SSIDMatch: r.SSIDMatch } : {}), - ...(r.ActionParameters && r.ActionParameters.length - ? { - ActionParameters: r.ActionParameters.map((p) => ({ - DomainAction: p.DomainAction, - Domains: p.Domains, - })), - } - : {}), - })); -const certNodes = (certs: CertCfg[]): PlistNode[] => - certs.map((c) => ({ - PayloadCertificateFileName: c.fileName, - PayloadContent: plistData(certData(c.data)), - PayloadDisplayName: c.displayName, - PayloadIdentifier: c.identifier, - PayloadType: c.type || 'com.apple.security.pem', - PayloadUUID: c.uuid, - PayloadVersion: c.version || 1, - })); -const renderProfile = (cfg: ReturnType) => { - const p = cfg.payload; - const t = cfg.top; - const esc = cfg.escapeXML ? escapeXMLText : (s: string) => s; - const entry = (k: string, v: PlistNode | undefined): [string, PlistNode] | undefined => - v === undefined ? undefined : [k, v]; - const obj = (xs: Array<[string, PlistNode] | undefined>): Record => - Object.fromEntries(xs.filter(Boolean) as [string, PlistNode][]); - const payload = obj([ - ['DNSSettings', dnsNode(cfg.dns)], - entry('OnDemandRules', cfg.onDemandRules.length ? rulesNode(cfg.onDemandRules) : undefined), - ['PayloadDescription', p.description || ''], - ['PayloadDisplayName', p.displayName], - entry('PayloadOrganization', p.organization), - ['PayloadIdentifier', p.identifier], - ['PayloadType', p.type || 'com.apple.dnsSettings.managed'], - ['PayloadUUID', p.uuid], - ['PayloadVersion', p.version || 1], - entry('ProhibitDisablement', p.prohibitDisablement), - ]); - const payloadContent: PlistNode = [payload, ...certNodes(cfg.certificates)]; - const root = obj([ - ['PayloadContent', payloadContent], - ['PayloadDescription', t.description], - entry('ConsentText', t.consentTextDefault ? { default: t.consentTextDefault } : undefined), - ['PayloadDisplayName', t.displayName], - entry('PayloadOrganization', t.organization), - ['PayloadIdentifier', t.identifier], - entry('PayloadRemovalDisallowed', t.removalDisallowed), - entry('PayloadScope', t.scope), - ['PayloadType', t.type || 'Configuration'], - ['PayloadUUID', t.uuid], - ['PayloadVersion', t.version || 1], - ]); - return plistDoc(root, 0, esc); -}; - -export const generateSingle = (x: ProfileCfg) => { - const cfg = normalize(x, ''); - return renderProfile(cfg); -}; -export const normalizeProfile = (x: ProfileCfg, rel: string, opts: NormalizeOpts = {}) => - normalize(x, rel, opts); -export const generateForRel = (x: ProfileCfg, rel: string, opts: NormalizeOpts = {}) => { - const cfg = normalize(x, rel, opts); - return renderProfile(cfg); -}; -const generateSingleRel = (x: ProfileCfg, rel: string, opts: NormalizeOpts = {}) => { - return generateForRel(x, rel, opts); -}; -const withDefaults = ( - cfg: ProfileCfg, - defaults: { serverAddresses?: string[]; fullName?: string } = {} -): ProfileCfg => { - const needAddrs = !!defaults.serverAddresses; - const needFullName = !!defaults.fullName; - if (!needAddrs && !needFullName) return cfg; - let out = cfg; - if (needFullName && out.fullName === undefined) out = { ...out, fullName: defaults.fullName }; - if (!needAddrs) return out; - if (out.dns) { - if (out.dns.addresses !== undefined) return out; - return { ...out, dns: { ...out.dns, addresses: defaults.serverAddresses } }; - } - if (out.ServerAddresses !== undefined) return out; - return { ...out, ServerAddresses: defaults.serverAddresses }; -}; - -const toBytes = (s: string): Uint8Array => new Uint8Array(Buffer.from(s, 'utf8')); -const fromHex = (s: string): Uint8Array => new Uint8Array(Buffer.from(s, 'hex')); -const fromSignature = (s: string): Uint8Array => { - const txt = s.trim(); - if (/^[0-9a-f]+$/i.test(txt) && txt.length % 2 === 0) return fromHex(txt); - throw new Error('expected compact signature in lowercase/uppercase hex'); -}; -let signerMaterialCache: { cert: string; chain: string } | undefined; -const signerMaterial = (): { cert: string; chain: string } => { - if (signerMaterialCache) return signerMaterialCache; - if (!fs.existsSync(CERT_PEM_FILE)) throw new Error(`missing signer cert: ${CERT_PEM_FILE}`); - if (!fs.existsSync(CHAIN_PEM_FILE)) throw new Error(`missing signer chain: ${CHAIN_PEM_FILE}`); - signerMaterialCache = { - cert: fs.readFileSync(CERT_PEM_FILE, 'utf8'), - chain: fs.readFileSync(CHAIN_PEM_FILE, 'utf8'), - }; - return signerMaterialCache; -}; -const verifyDetached = ( - p: Provider, - protocol: 'https' | 'tls', - parsed: ProfileCfg, - content: Uint8Array -) => { - if (!parsed.signature) return; - const compactSig = fromSignature(parsed.signature); - const mat = signerMaterial(); - const signed = CMS.compact.build(content, compactSig, mat.cert, mat.chain, SIGN_OPTS); - try { - CMS.verify(signed, { allowBER: true, checkSignatures: true, time: Date.now() }); - } catch (e) { - throw new Error(`${p.id}/${protocol}: signature verify failed (${(e as Error).message})`); - } -}; -const signedFromDetached = ( - p: Provider, - protocol: 'https' | 'tls', - isHttps: boolean, - parsed: ProfileCfg, - content: Uint8Array -) => { - if (!parsed.signature) return; - const compactSig = fromSignature(parsed.signature); - const mat = signerMaterial(); - const out = providerFile(p, isHttps, true); - const full = outPath(out); - fs.mkdirSync(path.dirname(full), { recursive: true }); - const signed = CMS.compact.build(content, compactSig, mat.cert, mat.chain, SIGN_OPTS); - fs.writeFileSync(full, signed); - console.log(`Generated ${out}`); -}; - -const generateConfigs = () => { - const generate = ( - file: string, - parsed?: ProfileCfg, - where?: string, - expectedProtocol?: 'https' | 'tls', - defaults: { serverAddresses?: string[]; fullName?: string } = {} - ): Uint8Array | undefined => { - if (!parsed) return; - const input = withDefaults(parsed, defaults); - validateProfileInput(input, where || file, expectedProtocol); - const rel = file.startsWith('profiles/') ? file.slice('profiles/'.length) : file; - const raw = generateSingleRel(input, rel, { - expectedProtocol, - serverAddresses: defaults.serverAddresses, - fullName: defaults.fullName, - }); - const out = outPath(file); - fs.mkdirSync(path.dirname(out), { recursive: true }); - fs.writeFileSync(out, raw); - console.log(`Generated ${file}`); - return toBytes(raw); - }; - for (const p of providers) { - if (p.formats?.unsigned?.https) { - const content = generate( - providerFile(p, true), - p.https, - `${p.sourceFile || `provider:${p.id}`}:https`, - 'https', - { serverAddresses: p.ServerAddresses, fullName: p.fullName } - ); - if (content && p.https) { - verifyDetached(p, 'https', p.https, content); - signedFromDetached(p, 'https', true, p.https, content); - } - } - if (p.formats?.unsigned?.tls) { - const content = generate( - providerFile(p, false), - p.tls, - `${p.sourceFile || `provider:${p.id}`}:tls`, - 'tls', - { serverAddresses: p.ServerAddresses, fullName: p.fullName } - ); - if (content && p.tls) { - verifyDetached(p, 'tls', p.tls, content); - signedFromDetached(p, 'tls', false, p.tls, content); - } - } - } -}; - -const main = () => { - generateConfigs(); - generateSigned(); - generateReadmes(); -}; -if (process.argv[1] && path.resolve(process.argv[1]) === __filename) main(); diff --git a/scripts/sign.ts b/scripts/sign.ts deleted file mode 100755 index 7f40018..0000000 --- a/scripts/sign.ts +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/env node -import { CMS } from 'micro-key-producer/x509.js'; -import fs from 'node:fs'; -import path from 'node:path'; -import { fileURLToPath } from 'node:url'; -import { - generateForRel, - providerFile, - SIGN_OPTS, - validateProfileInput, - type ProfileCfg, -} from './build.ts'; - -type Provider = { - id: string; - name?: string; - file?: string; - fullName?: string; - ServerAddresses?: string[]; - https?: ProfileCfg; - tls?: ProfileCfg; -}; - -const __filename = fileURLToPath(import.meta.url); -const __dirname = path.dirname(__filename); -const ROOT = path.join(__dirname, '..'); -const PROVIDERS = path.join(ROOT, 'src'); -const CERT_PEM = path.join(ROOT, 'certs', 'cert.pem'); -const CHAIN_PEM = path.join(ROOT, 'certs', 'chain.pem'); -const PRIVKEY_PEM = path.join(ROOT, 'certs', 'privkey.pem'); -const USAGE = `node sign.ts expects following files to exist: - -* ${path.relative(ROOT, CERT_PEM)}: pubkey certificate -* ${path.relative(ROOT, CHAIN_PEM)}: pubkey certificate chain -* ${path.relative(ROOT, PRIVKEY_PEM)}: PRIVATE key used to sign requests (never share this) -`; - -const withDefaults = ( - cfg: ProfileCfg, - defaults: { serverAddresses?: string[]; fullName?: string } = {} -): ProfileCfg => { - const needAddrs = !!defaults.serverAddresses; - const needFullName = !!defaults.fullName; - if (!needAddrs && !needFullName) return cfg; - let out = cfg; - if (needFullName && out.fullName === undefined) out = { ...out, fullName: defaults.fullName }; - if (!needAddrs) return out; - if (out.dns) { - if (out.dns.addresses !== undefined) return out; - return { ...out, dns: { ...out.dns, addresses: defaults.serverAddresses } }; - } - if (out.ServerAddresses !== undefined) return out; - return { ...out, ServerAddresses: defaults.serverAddresses }; -}; - -const main = () => { - [PRIVKEY_PEM, CERT_PEM, CHAIN_PEM].forEach(filepath => { - if (!fs.existsSync(filepath)) throw new Error(USAGE); - }); - - const key = fs.readFileSync(PRIVKEY_PEM, 'utf8'); - const cert = fs.readFileSync(CERT_PEM, 'utf8'); - const chain = fs.readFileSync(CHAIN_PEM, 'utf8'); - const files = fs - .readdirSync(PROVIDERS) - .filter((f) => f.endsWith('.json')) - .sort(); - const enc = new TextEncoder(); - let updated = 0; - - for (const fileName of files) { - const full = path.join(PROVIDERS, fileName); - const provider = JSON.parse(fs.readFileSync(full, 'utf8')) as Provider; - let changed = false; - for (const protocol of ['https', 'tls'] as const) { - const src = provider[protocol]; - if (!src) continue; - const input = withDefaults(src, { - serverAddresses: provider.ServerAddresses, - fullName: provider.fullName, - }); - validateProfileInput(input, `${fileName}:${protocol}`, protocol); - const relPath = providerFile(provider, protocol === 'https').replace(/^profiles\//, ''); - const raw = generateForRel(input, relPath, { - expectedProtocol: protocol, - serverAddresses: provider.ServerAddresses, - fullName: provider.fullName, - }); - const content = enc.encode(raw); - const compact = CMS.compact.sign(content, cert, key, SIGN_OPTS); - const signed = CMS.compact.build(content, compact, cert, chain, SIGN_OPTS); - CMS.verify(signed, { allowBER: true, checkSignatures: true, time: Date.now() }); - const sigHex = Buffer.from(compact).toString('hex'); - if (src.signature !== sigHex) { - src.signature = sigHex; - changed = true; - } - } - if (!changed) continue; - fs.writeFileSync(full, `${JSON.stringify(provider, undefined, 4)}\n`); - updated++; - console.log(`Updated ${fileName}`); - } - console.log(`${updated} mobileconfig files updated`); - console.log(`signing done`); -}; - -main(); diff --git a/signed/360-https.mobileconfig b/signed/360-default-https.mobileconfig similarity index 81% rename from signed/360-https.mobileconfig rename to signed/360-default-https.mobileconfig index ceb43d91f2b339e49f9160e99ca7bcea363d103a..3db2d81e493515fb7b983e181fd6adeeff8bc179 100644 GIT binary patch delta 524 zcmaDMzeT~pph>`hjZ>@5qwPB{BRkWACILmDkSr4;qam*WHydX{n+IbmGYb==K@&R% zLLuXVCbpj}O>AE`I)pNb1*ayL7G;)HD!BLsE4bz*7gZLNq^3-cW0jh`k4YcDG~Z+u zW-FDnBtv5hLo;(-OQX~zT~p&kBV9`q%Ou?-lVp=L^JF8-R5R1biY$_ob=i0(FJ}%@ zadU!eaCHJ|a0F{`(seR%HgPj|HnMaDYgjqCf=PDrJr?mGF8_kmqC}vx6p|_xjLi%b zTr$%$OA>Pw;Es1M$}cU@;|fkKDoZU=$jMJmEXmBzvr_mlzkLM|Z`R{-%giZBEy~PG zw^FD~EuQShCO+AKRUU``Hpj6_GpblP85o-zxS8s@IyzhGnmSq<={lLYxam3?xEMQG z8WXD*d?`&ob z11>fWV0@jkWnpGwaW`;fQe-&Koy2givT}E0i|B3PSu5+ab9Y=9H=m<-RryIPla-t? olR|O)g_u2y+5Tm;GVeS1Tkpd#AN85K^Ms}tJP5f7ZLKm4B84Y<2xY;-p+B_IjnOT?^4Vu{Y zAQUn#XkuH-(!{oMqeCbYe?VzcPG+(~aB6aCQD#ZyOex=%Q=n22$u^;;L)mYUZSC z=;r9^;$-CF>}KEwR46&wgJpuBV@gV~LPOF+^2<_-6g)yg0)iDv z@)evi(-neCixd*`QWP@%gB1)-6p|8)Q&SX*D~n4~b0@J$OfF@W$KnU6$vkX4lP|D- zRWUZQG&MCdGt)ITH8IjPbv8HCbuxD~(RH%0G%|6tbTKzIH=4}ICccS%KSyb;+s{sW zUhYkrSx4th+M9T;b*{@3xkYZC$6G_A&xwmqH{fF90LH;NTNY*}7Iyf7Yg_+_~MqnG_i|PW5z(|GYT!ZCd7+=ugwNZ~WO2 SJ#B4)@ZF^*Q_fUIIsyPN#G(KI diff --git a/signed/adguard-default-https.mobileconfig b/signed/adguard-default-https.mobileconfig index 369fa944ed7c7f9dbb6d83ce7501ffeed0620d78..f69e3cf458582fc6d6d261466781f2cdd3bd28d8 100644 GIT binary patch delta 406 zcmZ3XuvXE*ph;jQ8>d#AN85K^Ms}tJO#-ukLerQS84Y<2xY;-p+B_IjnOT?^4Vu`S z5DFO=G_e=6G_mJzbXdg1>0X*xl%n9`7d-hnQzQz{YI7;`GRDdEY#fu%GYQwj6)L!- zrX`lV)4 z7b_&D6zeFI6eT8SXXd3Vs3qnWSSu7{WEN)txq4i|sYM_&fl3ogGV}AS6h6#v-wwpP z^tgE4GIL5&i-5|k6e?3EN3oisI96x#Hr9Mj*2aGZjlU;r^S77SoWI5_UDJ1{xY2S= z@ygEXZ>)EAA7$Z8x9jac&M@ndy8#y)2QcW)*|IP*vA7wyFe#YFK3X?Lj^|@5qwPB{BRkWACIL~PkRTHyqam*WHydX{n+IbmGYb==K@;0A zghIvzO>D1On%JIibXdg1nqHb%lrq_u*=q6|R^iE9EL{AKDPS=Lm(;Yx(wvgb@yzEK z?HyB6iWN#SQWel-6W`I`8B^^S>P46$vdz3C#=|#$;(R+VZVeEg#Lv%m}kE;bIJ$IscaFf*}u7`QPhGTc|3X0xOEO2ygA)@5qwPB{BRkWACV?iPP#qH^qam*WHydX{n+IbmGYb==K@)pA zLLuXVCiV!HCiakx4*g7=?xl%EDGDxr!IQ5rg`@B+Hpek9W1PH&NxB}cNWmpFEwMDG zL?OQ{wMZevCz#8>Ahjs5BsE1LsZzl)1)?xGKdq!Zu_#r+rzAyB!6_#{IlEXPF{M~X zp`<7=IXg2iT|q4|x4>GVAS1Il1IX3m3QjEonFv&xSdy8aXQl9Ae*1PH-lfOomMNA~ zl3D~*W~ES>T5O|VTms_QaZUcuq%b*;l?%nyTASyx=5w+&F)|o5{+%qy-(Kdo@UpLc z_%GLa%ad0(zTW(@yXfD|MM{wo!7Dg7JzA+(W5C760Sv@*wk*s{EFK1KOo|M@Toh(n zuho1Yw@}F8>V2zd-C!|^N1^7^_f|QmPk5JR2UOBK!LWxfVXNAK_sTLK7HvNJ#{Kc9 R13e-0&z%Zf&A}GJ3;?VDm5=}c delta 330 zcmbQL*sI`R&?Lag#;Mij(e|B}k)3Hl6aO!RCjM_sjEsi72Hb3%32h#Xsmv@)j0R0? z4-pC(7c{Y5VrgPKx6z@Wi8Z}6u_$HoPgbqTH<|e+3oy&`f<+WuQqvMkb4oUQF`r>{ za7;-lRw&6xRd7r}kyUW<3sxw}S8&QqR|qaGQb^28QONWURxmVCNJ=bDO;ISWEG|jS zEuMUkO?>iYR#`N&x!Kw|SsVWwH2#@9gTK9$uQoxYXHw1V{hFKDo<@F-Ha(^C!Iam3 zzr~dhPl2?Ctp;3d96;Zmvt?msVsSTcWm05VsuC)>qlIa;-qTBEwzVOpqMPNma-Y;W xW89UrRkk+v50iqJ+#9KRi~RKqk0?tqsD!gD{kW}c=E|~n+pMfMak*>l1_1d}a+d%A diff --git a/signed/adguard-family-https.mobileconfig b/signed/adguard-family-https.mobileconfig index b7a4d9c625a362da23a3c91052a874c684955065..4aac860da3f9b835792e15d9a2aadb54aac5125b 100644 GIT binary patch delta 405 zcmcbn@KVviph@5<8>d#AN85K^Ms}tJO#;_|LYJ5r84Y<2xY;-p+B_IjnOT?^4Vu{Z zArvw$XkuT_(!{=cqr*lfW*5KU$sd?9p|s27 |MOoB0pJvWwoV|%ukm(;Yx(wve61#N}g#2m1^T4HX2wL)SFP*@>3Kd&S; zuSAb4IJF35JWy9+i44#-D}@j9+qVPpED}~C`$&IYmP}iGHKEcMb z`7`T#&XTQa`sHrF+P;}Z2hCq}Cp7B*x}CCHX4D>9trV2`css{M11>fWV91@bWnpGw zaWimXQZT!Js^T1foyr4$%~{i4?l`BvG})~t|9sOKov+@H`OUSN6tXwvusggsD89Dg cxzeWWqU2|tz>4c?XSM%mFuWVfp06wmnxBvhE delta 343 zcmaE@5qwPB{BRkWACIM%lkUbM4qam*WHydX{n+IbmGYb==K@+<+ zLLuXVCUzN?CU%L94jY*!Co(%vmSYp1?9D7B=$4q9nNz6{P?TSinp~2ZpEp^6Sz~e= zo6ux+7WK_{nR6Mv98*$?6-qKv6&zFCOB0Jy6fpECxcCJtl;kToWu_|xmli1`=A|fP z`Ufi*nkXbC7N@2t6jv6Pq~;b+4qz7t+N_Le>*fSDQLd78;%_qIep~$fv2w;-BaQ&` z%ct#`FLobYd&Dkpsdk0wYXdGe4xr!9*|IP*vA7wyFe#KAtlXnIVIL=Z^s~9oZqJ&v zs^)n5=4$Vl<2`oVdfrh#m=su8ea@Rtv6PGJ`q$rHfqReT?L8?$D{2J`&x&vW E0Kj*2%K!iX diff --git a/signed/adguard-family-tls.mobileconfig b/signed/adguard-family-tls.mobileconfig index ec54a627cb9f091fb6ff1a877a9a15e9e82b73f3..791718a7e9b6bcf01b525402fcffd170a6f8e593 100644 GIT binary patch delta 386 zcmdm|a9+{Dph@5~8>d#AN85K^Ms}tJO#*v>LOYlk84Y<2xY;-p+B_IjnOT?^4Vu^& zBNQ?&Xkwqj(!@Stqr*HVW*5KU$%d@LlRq$pAhGo~S2HhToV=Gw5hhrlUzS>=5aJWe z0>Pjrh%+Iq@_%OeHI}q>E<8sT) zDM>BL%u8pnQm9OwoW*Jla}dzQikr`|{^l&@Jeq%N=J&-;f8Gint~H2`SoP2Mr}IlA zcG=>Bs2q;1hYYybIDnya&X$FliN)Q(l}SOU(8=yv?1e?SGUd$L4ett8W$GlE*>zp$ x*t%lQ$9+>+nG_k8i9TAS^;EM{PNr@B&oqT8-tFt}MmImcc`UBuSEA{ReE_||jAQ@+ delta 285 zcmX@FxKF{sph>`rjZ>@5qwPB{BRkWACIM}rkUA41qam*WHydX{n+IbmGYb==K@+UO?LU3u3LSkNuLZ*MPf}x2*Qetsxib8Q^aY<_KfWpa;&`vM@8TxEr`K zDVR(W)~|T6OKMHRt@{ld*fVb5pQ=4$;;zL`#}=-uezMn;Ns(dZ^`I+ZKmXh0vQd#AN85K^Ms}tJO#(}SLJOG~84Y<2xY;-p+B_IjnOT?^4Vu_{ z5DFO=G_lvRG_hB1bXd)#>Ry^yl%n9`7p&lypQoFanNyNll$n>V;F_0QR9R4x3YME3 z!K^Y_i&>sH)te)jPccruz$9Id%kccN)FK6skdT02F8_kmqC}82NtFtYDG&|8`DrEP ziAAXjJ|!u7sP59^3QjEo>CVYdPAtjH&$CkaFu#2}5bx6Ca)Y_vN+B=bM!$G+GOM8h zE;pcfPyykh$qB6DlWUlTHeYAG%URlMSk_dO+Tph4`vl>F$B`bd$}8k|&5e4g{Wyc` zT0o|l0T&wwFb2-qvM@8TxEr`KDKhNxt|$*Po4T!g^Xh5~uev`Mcy=64{U9DEA#eF@ s`ow$#CI#y=N7DprP9L}bq1$MA`sQ|K!(2sM@#JcUjwM3gGr#Eo06~ta_5c6? delta 362 zcmdm?xKhEvph-ZLjZ>@5qwPB{BRkWACIK;^kPs6iqam*WHydX{n+IbmGYb==K@;0w zghIvzO>FO2n%G`#bXd)#nqHb%l%n95ui%!MQ<7Sw;F_0QR9R4xnxf$17p#z91{4bM znJmR@$&aRTvH-Kn<~hvE80{QWQi>HyGEx;BQ_$2Xl;kToWu_|xmli1`=A|fP`Ufi* znkXbC76Z*Mt}HG|%`KiR$1Xnk1FI|+^Tj4>vhz%y!z{EpjqNUH>E)dzFaCEjv$cE8 z*}Tp@s(0Rdzk^G7ew!Y*x-`}Bx^AHX7aIpKG|t(wFf*~Z8@MtlGW=b4<9Hu?%Dm>@ zrK~sSbC#bta&pau-MioX2)L|m^L73nCIzjd#AN85K^Ms}tJO#)p&p*AK)Mnhf$ZZ^(@HV?*BW)>z!gC_Pu zghIvzP3%c5P3&YLgo`%)9jXs+pD3m&iHC4%stBO$>Xv>M@6K#KR|d073Pi^#A|> delta 332 zcmbQMI7z|5ph@5qwPB{BRkWACjS2hP5i%^7#R(D4Y=7j6WTl&Q<+(q7!8`( zo*@)6E@)!A&eFtod85M&CjRu&#G(`hzkCI^%$${4vD-GAT{AWD}aq!J@u- zA9F6FonuN$u|i2ks)Az*ntp|ndbcNv3B89}f6opLxUd#AN85K^Ms}tJO#+L7Li3pz84Y<2xY;-p+B_IjnOT?^4Vu`y z5egX>G_lvPG_hA~bVz1WbInUGsw^l;O;K?13syko<(H)vDR_j01O!j6XO^6No=J@q zL#Wnr|Fs-B&8%y&gJsVOGzzA1rm8BdR)P& zMIevlSVWaj5tDSVjUz8Q!&>T$Vc=9HusW#*+@Ddgo(PGsFltOxnn#V5P4eN}OF zGI23=b+goUGI27|H8pcI)3tOqcGNX7c6Dl399d#AN85K^Ms}tJO#;(_LX(*o84Y<2xY;-p+B_IjnOT?^4Vu_% z5DFO=G_mKhG_hxHbVz0rcJT{V$S+GRQt$`~2?$ou$ji~3{E=C5@*^fSoO15WRw@P- zhG~iBMkc!E#>U3Fra)3R(IhoR*U-`=)i~8M%`h>=6l~Bw<|L3}H%C;(jwY@yAjPi6 zu9j|wjxG?zu`CnnLozap6$*;-(=u~X6;ksOlX6mv6&!O?vy)Pb(iPC$o0FfMSdyBe zkeR38m|I+uT9lHQtDpf?6zu8@)tsWKke{cJn3JQBms(PuUzA;}P+FXsm#$Efk*bjC zAFN<#qM)yko0tq_I%TFyD+HGoDY)h(7gZL3Oa@t)mYP^nT9m3cIhJ)N)=-gU7oY6T zEHpWl?Xilnle424&`Y{Trfx2}rj|~Yx)zp}=DNlfW~OEat}dn~j%JfV8e&=aH&0?$ z;b3cGWH4y_J9#&Md)dCWd6Ehr<@A^j2(j5;Y}v{0vgY37_fnjjrY?5<=h?o&fQyX- z7~|(`S(uqvJPh2J6d9hbc*J|HIcJMp$*QWL`O?R3?K*Q|H&!1;4$J1ZlUvDWa0RYA@5qwPB{BRkWACV?2BPy`brqam*WHydX{n+IbmGYb==K@+QP<2cIa$}#EG0!ZDb2)0*Ua3&C?z>9$=K4&Wb#KQ$;oG!;ffuBik+Q- zid|fEo!p>`U7X#V;EJ zlM)r2bMi}56nsij^tggki$H2~@{d#AN85K^Ms}tJP5d{3LRXm>84Y<2xY;-p+B_IjnOT?^4Vu^v zAQUn#Xky#Q(!{oQqr-G2DHp$B1=qafqRN7j)D#5}FTX6cNFl^0c(Njk3$vs&Be14-aK(-w#V#Pl zE3PAJJ&aLPs}N-PFCvAD9hBsI5q@_aUNpzDOWZHh~ZGV{{yfLbSiV3M4?ij8M7FWXlY zR|_LE7h^L6T@zzNb6rz2M+;pi7biDeCnq;kBMU=AClhB!kRh9G*-bcD{u?y@nOw@> zUMi{)=p6Td+r{n=XKe0%HQv~MFHf@5qwPB{BRkWACIM%lkUbM4qam*WHydX{n+IbmGYb==K@+n536B#3z``zaX_Ju_QG`A*oWqF()%A zF)2~OIVZm~MZu>eMUN{uwFsm#CqFr{Br`wHO5wx&_7y<9S&z#tGp8iAC^IkJN+B#oC1LExPeZx5FpRfQyX-7zyWWS(uqv+znir z6vQ8}NPW`O<=2%H)n8ThGLk8C)?5|lfPy^z*V}izw_nSo$Z#YhMdfdV`d(G;Eu1N5 XB}BbX{%+HWOa80JRry!Qv8)dO?qZu6 delta 427 zcmcbna8=&Hpo#w?8>d#AN85K^Ms}tJP5g&|Li?B)84Y<2xY;-p+B_IjnOT?^4Vu_i zA`~(%Xkwei(!@4xqeBbR6RX52j$xPSC$kN!%*vQ<#GBt7XKIR%_H)B@|XGfSi zM_H$8#qdPq`&^ou@ICjKNcGF>+NpUS6?%;`yWX82(A&i9s2j< z0|PEL4q$Mevt?msVsSTcWl}J_yxmprN@z@mJJ`ijZ>@5qwPB{BRkWACILgBkS-G=qam*WHydX{n+IbmGYb==K@+*~JQpDaASpB}IwJ*_nCi z3TlbD1=b3=i8 vo_SIJ(@Q3WtR06QB>Y=F@sncO%NHfL|Li;&lecz9i^Hy|m$vp_4;BUhV~v@b delta 464 zcmX@2a96>>ph+N-jZ>@5qwPB{BRkWACIK&?kQ);tqam*WHydX{n+IbmGYb==K@+le2-WfTGOY#G*>g$%ah6cx5#()wcI_xAr zry}y}?cRyYrx$U=c>K`}a#b|oV&edY`8it_W+oPQ16L*mi&v(1gr|HvoaUo^|Im(= z7A4vrtmV9})^jsv$vw&|Xkt=ixFYq&XQD#LRjJZoEAIab`+}!s%wY5|d6hir#zQ&% G07U@p``hjZ>@5qwPB{BRkWACILmDkSr4;qam*WHydX{n+IbmGYb==K@&SC zLLuXVCbnNJO>EybI^1HEaCY%i2+d2&%qdANN=;F4%}Xw-EGS7$nLM9KV{#mmDozEP z=QEvSocxnfF%Hd${Ib*{1&@%BfM71qyp+^}R3MR8qNm`OpQj74Co?Zyk1IH}2&6D4 zKRK}^Ge6Ht;lup)T|m4;kIN108lWmGg}nU9!mR6YIs)iQsmV9lcqSib651@r7Rbrk z_|Ks6_vBpu_LACVOLk=?s(031cip@5qwPB{BRkWACV_CEP%slCqam*WHydX{n+IbmGYb==K@+YnbQ-GX+qRiaHqDsxlt68Nc`!E?3 zqlj&Q`9RZB6;ksOlX6mv6`XPsGhFOkS##AG1b zDKlLmxU@*YH7~iSvY-U$FOUUksfi_}MX7p|pRlaQ>#NPHSvxt|niv@j8vjnVRu<(%IKkdebbF7m#2^w&*aR8&@oGlA86N`s|8FMBEceg2|+BcG`ca#{lg-xS$j3;h0l+bJoo9o;}B$NQe1He=B#VQUZh%dmgL W#$x$f9HMit75z}z<@$K1wgCV=Yp0w5 diff --git a/signed/blahdns-germany-https.mobileconfig b/signed/blahdns-germany-https.mobileconfig index 85e679d99e3022a2aaeba6bd4ef9b7122d5adfa6..3ef89dcd39f14a9b6a38a6012c060a77c81a0751 100644 GIT binary patch delta 419 zcmZ3cxLeV|ph;jm8>d#AN85K^Ms}tJO#&-`LQ9w!84Y<2xY;-p+B_IjnOT?^4Vu_{ z5egX>G_lvQG_hB0bVy+mbWbhHP0XuQaLr3Dsw^l;O_{uw$rr1r#%68iWsH;mvvExB zW|FLjY0NK6EmH6Z2?+@1^2|#~El33tc_n%ZPC5C>*~JQpDaASpB}IwJ*_nCi3TlbD z1=b3=i8n?ML<1P3YDqFHu}XS zAdVdur%iThrJZyBCbWd^I>p8TU0!n*dv_njO$ zFH~IIYgQ{oK2Tr*{-dO=h5N^KqYq;yyL&cGymt&H_Dqr5AE@vpwZ?1r<-9SLrKB* IsmhrP02mUT*8l(j delta 410 zcmdn3xJ=Q(ph;j68>d#AN85K^Ms}tJO#+jFLj6pPjE1}h+-#f)Z61uN%q&cd22Jc$ z2!)Ibn%J{hn%L7fI;1dhYPhEs<$rwX~Z?iS?GRFFljLc$%f};Gi z%$!t()V#!`oYZ0kr<}wL7r$TyxG4%CUVd3>k%C7^NC1$Tr;wPFqmY+cQl4LwU93=A zoSB!dP?C|Vkm(<+U}&PCuaFs#m;z&$l)+fJiOE2wQ)aqCaA}c(Yo17QQDs3%Y6{qb zwA93s(xOzo$@#475$@fr&(_Jw+W6m~@z3Oa{OzSppY`~n^5aW?G(;sNzx?2s^40CB z>X9q5v!_3rJyZVmJ_9Z`4q)h=vt?msVsSTcWm05V8>Rf!@6p%#cF9ds8^W39zF))R z)v)WT+~o9pX&;Ht&P)n1br;-9QgzO}5cy-cC35cy$(lK0$9Rgb{MM>_zec)^2LPcv#WFph;jq8>d#AN85K^Ms}tJO#&N$LTi{984Y<2xY;-p+B_IjnOT?^4Vu_z zAQUn#XkzbVX<~2P=#b7N9Gsb#o>-7yl&avGmt0g?P?DN5nTuIt@+~G+Y;v2qn9ngz zZevocM`+A1OD$6H2nh)Y=JL!-Ni9eP5_u(h3Qjrs$=SsUi7CZ83MEB}$=N`w6x0%P z3#=7#6LZQFi&FKtf>Vn?x`8SaOEUBGtQ0=XZ{GpLYxKC>GIL5&i-3Bp6e?4TZS;#v zKpZn5;3E{<1udNg?=KE@PL+#z;k--zgT_)x5m#Gnd#AN85K^Ms}tJO#*X)LNl2d84Y<2xY;-p+B_IjnOT?^4Vu_n z5egX>G_jYlG_efnZH?z`5a??NJeI{LP1e}T4qkF zLTX-OQch~If>TanhKpaY0+Mb85I?^xwMfAuBqRXH%u`6r$x+BlEh*10$}UzYEe2Yo zP?C|Vkm(<+U}&PCuaFs#m;z&$l)+fJiOE2wQ)aqCaA}c(m}_2gQDs3%Y6{qbwA93s z(xOzo$rY^YQQT_9CdyUvYhNPU-W;py%G$|H+dW(sB!%0HKa)`u(M-JJ^t0eyngJIZ z2Qa+O*|IP*vA7wyFexzC&HEJlSLHv~v-s1xL7&1WgcR{wZ1*Wi{ulC7_Ux8GCWTZD je%teZO5fNr{u9zH4rT0N*p=A2Y&+wU+b?xGd)vhU6~%^Q diff --git a/signed/canadianshield-family-https.mobileconfig b/signed/canadianshield-family-https.mobileconfig index 24fd5917401919af8b706de7a7aba80d07c14142..f69ebe250db4fcc34d1304ac88e65aec3d601789 100644 GIT binary patch delta 426 zcmdm?@I}$Vph@5Z8>d#AN85K^Ms}tJO#%;rLU)-M84Y<2xY;-p+B_IjnOT?^4Vu_b zAQUn#Xky>V(!{=Xqr)L4Hn+sw%$&-}jLh)}rqSkh=4FhNZ!&4tL!=e*%TkLJJVHVO zg1P()Qi~ExQd1O?DiumHQWcyN^Ab}s6Y~^2^GZ^S@={9_f>P5ni%WotGV}8k97{_w z@{2M{Dit)GJ%b!I^%R_P@{_ZR6><}E$`gxHbrcFRGK(`Z^U@X65_1cz6%tcQb4nDF z^MR)2m1yg61*aB)EC*@=8)&8QVSf7xAYP`&<(8QPv=XS*N})2fc=9|p@yRW$+6aHB zOkT;xGr65vX!A4HyPTyTukL*0ac~D;!->Bin{+o`{Xds&ZNk2 l_~8~U4=0(YN|kXppU-7|Q@{O2S7vRz1bbfIr{)L7egJ%PpmhKM delta 293 zcmeyOxI@9gph>`ljZ>@5qwPB{BRkWACIMBTkRlT!qam*WHydX{n+IbmGYb==K@&R< zLLuXVCbqvUO>93mIviq}oXDm;S%=wrvM{sy=K0La80{TXQi>HyGExd#AN85K^Ms}tJO#(-OLI;@`84Y<2xY;-p+B_IjnOT?^4Vu{3 zA`~(%Xkwqo(!@S%qr-Y8Hn+sw%$&-}@0el{OoPn@%*z-jA7j$2he#{rm!%ddg!lw= z`4^-XC6=V7C?r)Xlw_nTI49;Mrer4ODR}0Uq!#6+mM8?Jre_wH02O8C=P5XrmSp4? zWtLPbXgGTYIcn-DIOXIgXBR8vCgzkU7NzPa6l7!;XJqE3E2t&r7Fa7Jrj+KCC?w|t zP0K6M#J$K4rh2ZS{47 vTiq|GKWhENq#%?#!S2w{-g9TK@5qwPB{BRkWACIKFx5C;<@qam*WHydX{n+IbmGYb==K@;0& zghIvzO>9qCn%Ev}bXdHyGExFYDbu3Cp+C+K8&7@v$Joao~SiIRO z)pv5|{WjGbaItX!eRR&2g_()P-N2PeLEUb{mn4B0mU9lQk^Aa`O@!w?t&}^c8UNLA v?Y^_gMpKy-8P08sZTe)RkT7G{+_`Dye}gkL_yeytNI5-w$!Sux`H=+x>#u3< diff --git a/signed/canadianshield-private-https.mobileconfig b/signed/canadianshield-private-https.mobileconfig index b3306748a39e61f3aa4b5b221b58ea38c254a6fb..fc0a87c99966b322289b2ec96aa095e3c13dd0e4 100644 GIT binary patch delta 416 zcmdm~a7xj^ph@5u8>d#AN85K^Ms}tJO#<72LYtWw84Y<2xY;-p+B_IjnOT?^4Vu{J zArvw$XkzbYX=3l*=x~@xAfPC-EU_e2!8I?rsIs6Wb#gqj=HymZ;mPjIQW%n(=;1LoM5X|LYkXi&ZDMcZvQlTUxRlzwiFEJ%EF;BrWuOzi7FSSG= zC^bE^xCE#uGe1wkv9u&3zbLb$QbEJnGssa>k1IH}2xMALell2vmBNSl?JIzInI4y0 zW)9Gd%)E3fg}i(l{o=`s*hGM?)W&cj(D~AnSF!O-?qC+${G9bJXX#u`!HGGKUy4;} z>AXl<&GPW)5w2&K6h$^Uzv(o#y!PX?0T&wwFbvPxvM@8TxEr`KDKfm~jyrF;Vq%Z@ zz6pxlO9NvqqSec*ewV)1U`eT9%oVa{Qs6wwuzGr$-^_nat2wnSKdVZtYt)&R_?CC0 LuA-CltsR;GxZ9N3 delta 302 zcmX@5xKqKwph>`#jZ>@5qwPB{BRkWACIK~|kP;Ikqam*WHydX{n+IbmGYb==K@&SK zLLuXVCboYpO>Dn5Ivi%2T*z!V*@jtnvLl=1WIblS$!TmtlT}&NH{WK?Wpr>%Nhww+ z$w*ajPRvV8$xO^s2+qh%%}G&k@e5Wc$yad7OjiglEmBC#OHs)54^}WVQAkQGPEAoL zt}HG|%`Kj6z%C9nU3juMo5W^EHW98;nf07uNA$Pz#wlNITQ&8J>8T9~ZPvN{Z%;(m zPd`@?x7~n?jRWYTbG9tZOf2pOu1pFkm-)-v*0kFhsytEA;mps8IxzR!>3wpJOY3wO uPnb3PE|Vg|za87xhkIT~kx`PqCA_ikcaCRKMGvRrG4d#AN85K^Ms}tJO#*X(LNk~c84Y<2xY;-p+B_IjnOT?^4Vu`S z5egX>G_jYkG_e|D>$_XWL8doGFXL`!iV|oD}Z>J9+z8Y4$zFuymTvt zynGvdpdpik*@PzNv1%hZQfc!B*590^yn u_j)GU?{#ESkf~hQly&n`;-aijD`UOmfp<=G3iI-0Hh=hMeo%g*9vc96zK+-c delta 298 zcmZ3lxIn?dph-Z6jZ>@5qwPB{BRkWACIMcc5GNBOqam*WHydX{n+IbmGYb==K@-~- zghIvzO>9qDn%Ew0blAW&S&mI{axF98jnvLdztK-%+_vub@*;XmM3mM_xa?@5XeQy#}@WbniTk4`f@x7+$Y7 olS#o~qF^xd!{YVA+$B!lZyl{?scd#AN85K^Ms}tJO#%;qLU))L84Y<2xY;-p+B_IjnOT?^4Vu_b zAQUn#Xky>V(!{=Xqr*`qp@5?NlGNmq)D#8RyyT+Ff|At9iOial+gXJtdooL5k=~rh ze4cUg9VX3sgx37B)FK6skdT02F8_kmqC}8!NtFsE8L0}+iFt`BnTdG{o_QsyMR}~I= z+o5osRPV-voyCy`Tx=Y`Fh6I@!py|tX5hl4Pd$=6~{-<4No^|o{ ya?7=`zjZ>@5qwPB{BRkWACIKy=kQx&sqam*WHydX{n+IbmGYb==K@&Sa zLLuXVCUypvCbmBt9gZ?hPGnP_Jd2rcvIDd3=0@hTjP{NxDa8sU8L0}+iFt`BnTdG{ z!5NvUIVlP*e!&VQ`3g>%=?cN6MGA>|DGHhX!3u^Z3Q38@sVNG@mBl5gxswmDNleyZ z)1KVOEIIiM8_(tmY{{H#O^gf%jejTq;BPPE@oV}2*ZbJh&}qEYK@TPeKmM5f$bW5D zR%`^Pq|FS0L<2514xpdT*|IP*v3MA`F)1>%Ncvim3kWXBWNLe%x2% xBEz1mG1s2|Jq1*9J=i;~U{XM^hq*Y5Dd*Ibvxd#AN85K^Ms}tJO#(-OLI;@`84Y<2xY;-p+B_IjnOT?^4Vu{3 zA`~(%Xkwqo(!@S%qr)a9j)0>4lGNmq)X5*1;*dFpllQR-P5#ELzIhFEF5~2rOq%sD zr6~&eWvN99AwI!e{spN;i6yBi3Q3g;B^jv-&WU-6DVd3R3Z8i-sYQ9IB?>{Q>6yhP zKt-APc?yoDB^mienI)A98qS_Uj+%N3PC5C>*~JREi83UqjsYM{GfQk}JWPv7FDSVjUz52bMb<^b&gDzj3kOf8-qz$QMqfK?mW56Y9H z*?2bZV|~wAvTmntrhPQ?ZTG|fqAV_Kc^D#>9Ym8QVd@psf%%5Sv#l`^)$#b?W z%uFn91};nr$@5qwPB{BRkWACILR65Em08qam*WHydX{n+IbmGYb==K@;0I zghIvzO>ECun%Ew1blAi+If+?+vNp5skl2WWt zl98(5oS2uGl9`yN5S)>jnvpdLt%ni>V}u<#SHJ$ZTkO(yo;Xu@8G@N#Q-r1YLNf{ diff --git a/signed/cleanbrowsing-adult-https.mobileconfig b/signed/cleanbrowsing-adult-https.mobileconfig index c7895aa2919d845ab5fd411edd833171a3f72775..1be22cea89ad413f8dbf990a15603324857ed866 100644 GIT binary patch delta 321 zcmcbnuvyW;ph;jo8>d#AN85K^Ms}tJO#%ymLUWiH84Y<2xY;-p+B_IjnOT?^4Vu_H z5DFO=G_hB*G_jX%bTD9^%+74Mc{=kl#>pGlI40j_(uvG3OD$6H2nh)Y=5ou-DM>9V zR>)1vDNig)RZvUJEwENdOexJNQAp0uD@n~O(c=nEEduGt$xlu!$;{8QQur{xeHRe# z(1YsF%uBaYs7x)Myq8UU@_bhPNz7W4Pq6V!p3W?^nU(D>XUT=#RmqCm_MN)A<9v_S zZ}DHhlb!^;O1STEaY@vaMLSYf7;v$10DXDRmW7###m&HlNkRI&n&|b=&0IO!eijS1 ze&jPeRCju!eCcG_DX!OMOz4PbQYgQ*Xhw*F?ZVX_7q@CR*E853+t0C7&ARR1hnl6c I(+}_h05gJkjQ{`u delta 271 zcmdn2cum2@5qwPB{BRkWACIM%lkUbM4qam*WHydX{n+IbmGYb==K@+<+ zLLuXVCUzN?CU%L94hGDV1)0@1FJxZE$nKbuQmjytF*%M^R?WpPSfM0e!6`FcA-J?i zAu%sSA=5ut!O%n@DX};;MWMK|xFj`qas!*h%xB~Sgof|E=N97zSszD;2iUdp{@ozs@XZhH!%9lidf O$&_xk&lX?IbPxaz`B}pN diff --git a/signed/cleanbrowsing-adult-tls.mobileconfig b/signed/cleanbrowsing-adult-tls.mobileconfig index 829e4303b9abe447680e93ded5c0fb059f016dee..2a5a296e2d581c9f3002ed134b718387bde49b59 100644 GIT binary patch delta 327 zcmX@AFi+9Jph;jB8>d#AN85K^Ms}tJO#`%lMnhf$ZZ^(@HV?*BW)>z!gC_PO zghIvzP3*}mP3-X-9Tb=+|76nN+{(O+aq=8Cj>%`4bi(t?Qi~Kqe1f^$GIL5&i;5L; z6LZQFi&7QT5_1cz6%tcQb4nDF^Ycnl^Gfu%f>Vn?>T~jw6H7Al^Q;s;%x~WX#5?q$ z`ZM#=trRL#izgSdiBIlj)t~%{Nn>&i8_(wZtjV0LjsFcA|4jDaZ!cBMQ8-}N^vu`yjZ>@5qwPB{BRkWACIKU$kRB5wqam*WHydX{n+IbmGYb==K@+<; zLLuXVCUy>%CU%yM4hqbhvzSjavOA`v6f2ZuOuoY;tLEYttWc7#;FOuJ5L{ZMkeHXE zkm(<+U}&O{lvtdaqEK8}T#}kQc|WWBW^uMQPVOc~27|`GKuZlgCO_mhnS7hyuk6yj zS@xe-rp0bKXg>SFe_58Y2bWciE=NxPc&jLNcFX)y11>fWpu5l6vM@8Tco?`bDKb3K z+dko;+lwrZ>=^Zk7t6E$xn6yfpyE3*_v@lohjX{WflBVGaNKFWUs?L_W3ow}5Tn?9 U<~HNpc9985zwG)irqA3C00?4YX8-^I diff --git a/signed/cleanbrowsing-family-https.mobileconfig b/signed/cleanbrowsing-family-https.mobileconfig index e92ba0e7c80a581b73dd53712e3f91a51d3e725b..15eeb2ea2f1660b79ec83a2a2baafad3383507c5 100644 GIT binary patch delta 336 zcmcboa6r+)ph;j48>d#AN85K^Ms}tJO#*9yLMxdV84Y<2xY;-p+B_IjnOT?^4Vu`e zAQUn#Xku?=X<~2O=wQq|nUmRY^DO3NjFYc0nI`0yr4}i8goFeHbGc>al%y6FE955T zlqVLYDySvq7Fa7Jrj+KC=qTi7R-~pVBLn=~Gjs$usL8T50-C6W^?xT(EYp_$}SP90pu$96&#xvt?msVsSTcWm05# zD3(^cJ*MUPA(eKmiGsZQ#bY-Y delta 272 zcmX@0cu&E>ph+N#jZ>@5qwPB{BRkWACIN4tkUJA2qam*WHydX{n+IbmGYb==K@+s}N-R!IQ7En~E=kRue2>**axJsu<^Z;QPPQgS27|`GlaKJXm(3UL-h1rQ zaRr@c8^1kStjqRzL(ny=Y-u2drI1l QIMtTh3FTpzmo3i$0GSS8IRF3v diff --git a/signed/cleanbrowsing-family-tls.mobileconfig b/signed/cleanbrowsing-family-tls.mobileconfig index 1984a2d7549f5e40db19ece01fc05af662545064..fc2c8723f43b1b6d796d6611e95e0d8636fd6478 100644 GIT binary patch delta 329 zcmX@5utw3rph;i_8>d#AN85K^Ms}tJO#(B4LQ|O-84Y<2xY;-p+B_IjnOT?^4Vu{N z5DFO=G_mKiG_hxIbWmoV{F_OCa|iP>#>vN+Oyly)Qi~Kqe1f^$GIL5&i;5L;6LZQF zi&7QT5_1cz6%tcQb4qj+ax*JZQxuZ(^GZ_lO7ysbQ;R^_a`KZCOEUBGtQ0=XZ{G#P zJM^H&Wagz?DO9EwPhQ6+K3R)dc=8ff*~wp+G$!w4>pjl0LXG_k!*`l8 zuVUM!yf5v9`T6V8*Y_o`Pg}9)!Na)5v!MoDY#czpp0j0PW@7O$aAQ(rIA^zM(~_i_ z%xZsMd1u$?m&;$$UNl+n*K;L}6Bn~ZKQ09->1}fm$vzS%WVp+?`ujZ>@5qwPB{BRkWACINGxkTDY@qam*WHydX{n+IbmGYb==K@+s}N-R!IQ7En~E=kQTo-DvFK3R)dc=A_P*~z)g;*+J>c{aPTec&uJ`#f#- z%&jK7chqcd+<)+MdbY!!nDufg9fc(#6T9YRd@d#AN85K^Ms}tJO#*X(LNk~c84Y<2xY;-p+B_IjnOT?^4Vu^+ z5egX>G_e=4G_mJxbTDV0%*|}Lc^>mJ#>soxI40j=(s#)(OD$6H2nh)Y=5ou-DM>9V zR>)1vDNig))#D0IEdt5rSVWaj5tDSVjUz6*$V=t0$H=A~OHRHjaz$m%t@fSDa= zy7FWjHl9sv$((FWj0^^ieW8>30K1NJn*aa+ delta 279 zcmZ3l_(Z|Mph+NsjZ>@5qwPB{BRkWACV@bpkS`M>qam*WHydX{n+IbmGYb==K@+P?4aWywVuOe86NY3 X{)zdu-f^&t1$nPFz@W+wmuj~8KF diff --git a/signed/cleanbrowsing-security-tls.mobileconfig b/signed/cleanbrowsing-security-tls.mobileconfig index 6f25c1323cc9be5b44dfc1c48fa0589bd3760e6b..b608c12137870697e65c8b0c95ad36d137527353 100644 GIT binary patch delta 297 zcmX@FFkR8Xph;jd8>d#AN85K^Ms}tJO#&@Ip#~;KMnhf$ZZ^(@HV?*BW)>z!gC_QD zghIvzP3$o&P3#dH9n_g8|7FtO+{3(#aq=-HbEo{W)FOotpI|Px%$$3g^FT-@W^ObWq9{2p^^ fMY;-1bJ;66@_aU5-t&I<`RM%GEQz%xa<^Ln@d|C| delta 281 zcmbQPcwWK5ph>`+jZ>@5qwPB{BRkWACIK6ukOdPXqam*WHydX{n+IbmGYb==K@+0pSPcGeOB83&&KEZ)WjE`rMWX4+{I7!Zdi4Xp=t?}g4p_BE`rs@I~NAc boqs*@%%4@PNlzF235#ZzP}GjU(wGPUgr{aF diff --git a/signed/cloudflare-https.mobileconfig b/signed/cloudflare-default-https.mobileconfig similarity index 80% rename from signed/cloudflare-https.mobileconfig rename to signed/cloudflare-default-https.mobileconfig index 8bb1dc4cb2d6404982aa12225bf82dc4f2dd6852..5d9b9d558ccb397b5159e99e0087750f9e44fd5a 100644 GIT binary patch delta 495 zcmbQJ@L$2fph=*bjZ>@5qwPB{BRkWACV?EFPzDntqam*WHydX{n+IbmGYb==K@)o* zLLuXVCUz&5CU(1x4y%~h4fViq@=K;DB(~AywX8yuYnU}u3@l9(Q%%#1bQ6tDl66fJ zEe&-o&CCpS(+mxaQVf#P%+idECI>Q0PJYOo1XAqiYU*aB>u7A^tZV8BQ|ty*>|)^L zX66P}+`uwn@-ZfraH#DH`DLj^3LYUL0l{4U1*t`eC8;S2NtFuDIr*h2X*r2SsS2KX z$$DJDsYM`#Ir+(nC7JnoRtg{Hx9n?MVWc&RtkCflkM5WCrdL6PcCH@ zM)H-)WG^-zpwGUl7#SFwI=NUH>6#b<-DqlT>7wgo=47dBWMOD%#=nzA`P<8`1wZC~BkCa?Ab$ASkG0=*?yoU?Bv8t+`1QOao+>WCUKwz) zaR6iFoGlA86N`s|8eaw=kGi~FRtZfy$2iO3M;id61E9wM delta 433 zcmeybFj2w5ph@5qwPB{BRkWACjNg0P5i%@7#R(D4Y=7j6WTl&Q<+(q7!8`( zo+1=7E@)!A#?r)gX`{m`rpcd}A}7Z(C#ocx85yM+CMD{oSQsbjnkJ>0>ROs4C+nsd zrluts0-1)1DU%ynBq#r7PEv6MDt0q;a@2LPFm}{6b#enKc6QcvF?4lv0xEVkbaVkK zUTN)^l2WWtl98(5oReRgl9rQLl&aw37pzc{ui%uKt`J;Wq>z}GqLAqytYB!Okd#=Q znxar#SzMBuTReFwt1ZxFlAC$i7#a0UoJ}nZoK4Jh4b5F$bxj>zOmr>X%uRG%O-xM9 zoXrfJOx=ua^ovW1GV{{yxF+|q$ZU>aSK;7l{BO|s2N)s-9+MAnn@rx#?^o)Z7mW7###ofS_Nx{%TQfas5 za|aow8|`l&ubSt~t+z*dbBmV*+w4%`Zi@ycMTT`s`$AS6>V1BvIr3h5uIs&LjAk7f QTe5?aKHHclep+h@0Flj$%>V!Z diff --git a/signed/cloudflare-tls.mobileconfig b/signed/cloudflare-default-tls.mobileconfig similarity index 80% rename from signed/cloudflare-tls.mobileconfig rename to signed/cloudflare-default-tls.mobileconfig index 0a06e64fb99b9cf1030e2b8f4d06036477a8fad8..d13f10dd9742e151d8bb512b77b89a72f9c75d7f 100644 GIT binary patch delta 484 zcmew=e^0@|ph+N#jZ>@5qwPB{BRkWACIN4tkUJA2qam*WHydX{n+IbmGYb==K@+<% zLLuXVCUzB;CU%954pW%e4fViq@@1w7B(}li0A?$dMAKwL3p1lsU1L*=Bwf?wL`z*u z6N^+`%T!CtL{no^Q^RDF$?KS_RUA#7K?+?#3Y~OKogKjnU3D#8EiE0v3Y|d;B`2q` zOqlG)#xZ#ZlT0YoW`+E+)FOotpI|Qkg4CkKlGGH1q)G+nocz+1w4B7ER0YqxWIe9n z)FP0woc!d(lFa-(D}@j9+jjx+4m~cn%$$D}}uL$%d@9f-sX^^OB1y3xFnW z&SjNkR537cbu~9OGS#(kb2Qa8H8*h5wJ>rr)irjpv~V;wHa0MGGY9Gy2fC7f^943l z4wiogjlU=Vd#AN85K^Ms}tJP5h65Lid;$84Y<2xY;-p+B_IjnOT?^4Vu_a zA`~(%Xky#N(!{oHqr()Y$>&%VC;w$KoBWJPb@Fdkp~*GO8Y;<#=BAd$=E=GSmX=1k zrj{0Fx|ZgK2D&L`MurB4iHU|LsYa6nnI$JbWKL3XhA4JMSL^~-?C5A{;tEmRz%s$w zF(su~p(GYBTnn>ZO; znmZdix`1?S)@C>1;QVjU_y-s)1|E|qvYSkv!|zwBWjyirk$c&T_S|j%DZjRBx0rPB z&yz2eHu&Ye{&J*oPMQH18wW6C&)KptGqJcExH2gOp7B^JbI;@vbEo5U&a4F@R>$}a z7&gA$Fm2PXP?>EtyO|Uj+BeTDegC95a>wuJd#AN85K^Ms}tJO#*v>LOYlk84Y<2xY;-p+B_IjnOT?^4Vu^& zBNQ?&Xkwqj(!@Stqr*lfc0)Zdocw_)5s7WNxt@6$+6{`Tljt9>B=+H!{< delta 294 zcmX@FxK_czph-ZJjZ>@5qwPB{BRkWACIKm+kQfsqqam*WHydX{n+IbmGYb==K@&S8 zLLuXVCbmy3O>FNrI&5T`oXBi3nVn5|vJ0~)n_FUTW=`eiLgsUfR*oqt#R?@EsS3_H z`K2joIf+H73NC)Z3MKgpPMPTn!KFnCiFqjsnf}2Fh9(M0iN&cY3dNPhC8@cS-?Q35 zjhbA@EVVhF?Kfv>Wt2)Y(=xHu8S$+=x~V%eb4v=1Q&{DfwQMnbb5wbEwgDF#2hbauA1X_9s&Tx4QcZL diff --git a/signed/cloudflare-malware-https.mobileconfig b/signed/cloudflare-malware-https.mobileconfig index ba39d4c79070e2c306a54315ef73092d71f029c2..b07898d68d59486fc4aab3320b113fc17f0bd3a2 100644 GIT binary patch delta 413 zcmX@Aa7xj^ph@5u8>d#AN85K^Ms}tJO#<72LYtWw84Y<2xY;-p+B_IjnOT?^4Vu{J zArvw$XkzbYX=3l*=&+edz)%ki6@pWfON%l~DkuMCiozynw7HXc8RO*nY#fuXGs)DW zYg5QCOD$6H2nh)Y=JGE{ElMm&O;JdyRB+D8FHK3yNi0fL@XSlrQ*g@3PtGn@$W6>C z2Z^aA<`!5h6l7!;XJqE3>v09A7J8?s%s) u=UZor7BML@{Jj)YZJIh$E_AkA)Eub?9jomZO|E`;rs^i|pQV=1nSB7L8kIBv delta 336 zcmX@5cvQi`ph>`yjZ>@5qwPB{BRkWACIKU$kRB5wqam*WHydX{n+IbmGYb==K@+{^70jY6LZQFi&7`&G8;`cW!69za$u91%)!F9c|P+pMmNWl zlwyUFj8p~Zocz+1v>c!w1%!457r$VIl6(cH%yfm|(jtY#ycC5@|6m0}6NRM2;?xv{ z;>zNZ)ZF692JGUK*wm10+3dj9#mVx|pz-(QbNuZkcBiA0nOB5Iz211ws%O%#-!joI zvERbiUMV^spy&6jbA|yI8wb$S=WJP+nONKmT$mIbWYnB)mVTAxc=~M3AB!Z`k9Jw< zo@%CyAyb*A_x;sg&!iA=qFkatEFz=-k>*^sw--{AFN^9Onx(kQuJ7P;uIH9!0ExtN AYybcN diff --git a/signed/dns4eu-https.mobileconfig b/signed/dns4eu-default-https.mobileconfig similarity index 84% rename from signed/dns4eu-https.mobileconfig rename to signed/dns4eu-default-https.mobileconfig index 88c39630e2cbe84af965a80560e1e761d404cbe0..708b866eb85f9dedf1a0f0150d80d904d836dd8c 100644 GIT binary patch delta 482 zcmbQQ@L9pZph+N~jZ>@5qwPB{BRkWACV>Q?Pz)0zqam*WHydX{n+IbmGYb==K@+PMM{dUsgbd< zZlXnMs%~0RvT<69L6W&ys=;Ih7RkwPnUhp3+>A|~oWY7+Tp)@aEnHo7-JG0_-CPWu z%*|XOihEclOuogW5T9R`TBP6+5)u&1BL%uBaY$jhJX z%O*Zqn^|~sEvqr3im9Wqfw761o35pko13nwsgtp;rLn7puDO|!v6H2Ng{7OR5m-kL z3;*U{Y$_bwO^gf%jemh5Xy7q9klkc*48LEQVs-YbW13~>kKLZVCGs8%_Y2;WJnD%r zmb6*iu1ja|IB3Ad#sQ3kbG9tZOe`J-ZcK^{tK2U0aO-S2_VL@5qwPB{BRkWACIKFx5C;<@qam*WHydX{n+IbmGYb==K@;0& zghIvzO>9qCn%Ev}bl_*69Lb!hVr*%amST{Us%vCwVySCtk!GZ8nPQNpYiVJcXknaU zVwz}{GWi~JHAtbGi-D6XOraZ4p^JeVNTH*Jv5SeRqnQg(q2y#+cK*prSsKk9Q&Nf* zN-|OvT>OGfTth*WLP@@YQ)aqCaA}c3VqS_urhl-4p@~9LVsUDULUCnrNosEK7acDn%=8wW7t&e^gs zGqJcExH2ioT@&UN)>`#9Qf!v5@ah^)hKPiBtzNlHViL+HCd&?FGV#;Mij(e|B}k)3HllYlc&$exLj(U8}Gn~gJ}&4V$OnT3hbpov`z zp^$Mw6T37^6TA3Ehh0pQyIA=qb1@rDE@xE)(tMMbunJ9n!mO^UXP9JWYMN%0q-&a% zVySDIY+l5)CLd=~h|MocEm8>a3Fh)ING(b%Nlj5ms#Hi+NY2kI&Mzv- zEX`HONlgR`hG!(^q$cI(rRs47rxt;<<>V(PmSpDVSt)#&-@XEf_v>-FW#*Km7G>t8 zTPft_Z?hh;baOQ_bF|cTHgk2=H8pf}(zP_UFwk|jv~YBFb}?nb?-IVBVji+-^;K0F$DinWEtj#%*}nh)*Z7!! delta 417 zcmcbn(52vD&?Lad#;Mij(e|B}k)3Hl6aROECjQS%jEsi72Hb3%32h#Xsmv@)j0R0? zcMu907c{Y*WocqNxzS-46N^VkNWf%&W~s?y%qo*VGO13^WVTXCwlqynOi41*O))n% z)ipITGuKTtG&9jPNHwrDOg2bOG)uIY9Kb9&`2lm1inFDuv!jcXk**6|u_IWqD^Rhs zfvcmLBSdjM%LH@Bl$2tHl8jUZ7r$T=*H93pP?E3Ul$ov&Tw0`%n3tlE=^w0MXrhpm zSe%-oP+VDDlA2q*xra5HQN_Z|*wMh*z**PK($zrM)WFDC*U8P;S=Z6j(#*`v#n95+ z*kCg^yB7yr6C;B`E*%ph;jU8>d#AN85K^Ms}tJO#;(^LX(&n84Y<2xY;-p+B_IjnOT?^4Vu{N z5DFO=G_mKiG_hxIbWmiTyoFVHa~1Oz#>orVI40j?Qm)T0OD$6H2nh)Y=JGE{ElMm& zO;JdyR7g}v&d)2(FDl6_%~i-rO#};uXC&sNCgta)>M1zoTw09 z7J&=`iYAt1=I2={e3;+90*LqPak*vYl%y7A=A~OHRHhc&=ogoOICfl|Hrc6_o9kJF zxk^?Se2%gId;VXVVA8AEEdoBOA+y+)6#q11>fWpvTYIvM@8TxEZ)G zDe%c{Q}niZ*qC7D%adnX?x!x|$g{a>4R9JD`qjZ>@5qwPB{BRkWACIMrhkUkS5qam*WHydX{n+IbmGYb==K@+<) zLLuXVCUzc{CU%aE4vNf^71<;w|7PZ!?8YWES(HV6^J(T>MkmLVlwyUFj8p{|zhD#B zP=$b^{F2nUO?LU3u3LSkNuLZ*MPf}x2*Qetsxib8Q^aY<@!@nivZ z@y)MTy}3%xFZrMv>~Z;SD_@2T$DzM>|LGhqP1c_HvNKtJ<bNa#P%T_mWm1FXE01}pAD*ylh diff --git a/signed/dns4eu-malware-tls.mobileconfig b/signed/dns4eu-malware-tls.mobileconfig index 704047cda1b80054533bf5eeabb5470769f85b98..2eaa348d9572306de34308f2633937136316a685 100644 GIT binary patch delta 369 zcmdm>(5L8N&?L~s#;Mij(e|B}k)3HllR!04sGNzB(U8}Gn~gJ}&4V$OnT3hbpou*h zp^$Mw6MG0t6MMi$hl5O$!7lfN;mZ(hTk%Q*QklXiW6 zS!$6&h)*z=e?e+dVo7R>LQ$_XWDHO=u_QA;&r0FL{Pq<Hn4HhXwz-IPA1BK{gT~*JP59eO!d*9|e^HHQ`R28~#&)mYq73;~ zi`40Tr(a&OtqwCN&NJX*;{b-rIa?NHCKfjX7bXRhjl2!&2}@@4rWYNa=wh&GeX1Gj z8Rt!t=RDo?^RME41tx{OrCUQpmVOXDBQs|$U(u!|zfU(U8}Gn~gJ}&4V$OnT3hbpoyIY zp^$Mw6WdpoCbo|o9S$t#Klulf>gHbcNv3B89}f6opLxU04 z!k}V$^@d^0cw$qy*R~(58)?S&lGOb|$Bc^3G0DJ#! A)c^nh diff --git a/signed/dns4eu-protective-ads-https.mobileconfig b/signed/dns4eu-protective-ads-https.mobileconfig index c3f65e3c046d2e1def7ae620fd91b6a31db39f85..a60de366b57561900d7158385e9d1c948495e0d4 100644 GIT binary patch delta 351 zcmeySa9`2Eph@618>d#AN85K^Ms}tJO#)|tLMNCQ84Y<2xY;-p+B_IjnOT?^4Vu_D zBNQ?&XkuT&(!{=Cqk|dqWG-gI&2yQTF-|_q#xeOelYV`ES!$7jM@UFOFqeNpYEfcI zYKlTqr9z@Ya(-TMeo;wgX|6&}Y9d%LJR>nDH7P$YRZqbwCqFs6Siv_jr#!JJRUt7i zMZqzpSdS|>wFqP&P&Tn7Ge6Ht;lup)6+paSkIOAHrzEu~GcVmrp)$4DM!&cO$k{xD z^)@GK<9~z3Ka(r@+e@!LnZ7irr*vb(r{zs64GoK!YIyd{5(!*zP*7_5r!!N147k`h zfI)E1mW7###ofS_Ns-~ix}vpTH}B<3{IL3qXHCcdh)ee>-aWRFSv-69*0-L)ruu>arVsq{WBj;Ell{~o0f9vW7@VgSygXmO#}cfwTo>4 delta 284 zcmcbw_)WpVph=*JjZ>@5qwPB{BRkWACV^z2P&^YOqam*WHydX{n+IbmGYb==K@+n&cC=YqI*5F{RCl`u#yt?2TpC_QQ(p*L-DWe6Ta%V&ech|C}ugGZTx4 zfg6(|!>Z}0lveu8n67^d#AN85K^Ms}tJO#&N%LTi~A84Y<2xY;-p+B_IjnOT?^4Vu_z zAQUn#XkzbVX<~2P=x~Z@@_kmm$x_Uolh3d!Zmwe9!Z`T=lX-o9S!$6&h)*z=e?e+d zVo7R>LQ$_XWE@a7u_QA;&r0FL{Pq<@5qwPB{BRkWACIKIykOvbZqam*WHydX{n+IbmGYb==K@+HRd})`v&LjbX4TCTn3plKJEo)*E0knR z_GML2bMXsSD9KlF%1l=XE-g|>%u7+o^bb}rG*L)OEKW^PD6T9nNzI)+flXrbFV>Ts zY)y;|2919wpWtsV%Zd8bV)V(xp85T`T{ml|Fl){}Ts439+5q+^I%f~%W<46EnV)aMZly&%CuS4? diff --git a/signed/dns4eu-protective-child-ads-https.mobileconfig b/signed/dns4eu-protective-child-ads-https.mobileconfig index 88ab30b0f27118e73a1bf9162dd4b831493e63a9..feba3e4a66ef816dab252974352249f96e642cf4 100644 GIT binary patch delta 384 zcmcbw_*}`sph+;9jZ>@5qwPB{BRkWACczM(PyiDnqam*WHydX{n+IbmGYb==K@*2H zLLuXVCJr5zCJv2_4sVzy`?4udwqoI%{DW0^avHM>oL|ExG&zJteKQwJF5~2zOu_Z} zWvN999w8wC!Cd|YsYQt;sVNFcl?sUp$@zK3`9&p}rMU_@sfl30@QlQq)TI2pR6PZ! zoc!eMVg=vCobtq?R2>D!lwyU%ycC7hih`WXFMVWc&RtlA=iyyFZvHUk^{4@Cpe|zZy-uvzeF;h0V>(_bB z4p}QA(Qw}BmBimqXB{mssT|zgZ@|UI0Su#awk*s{Eba!bObRB9P78`=nk){y*PrR} ze`$@dspq0w6_Q;?l>Sf1_jB69q{y&v`|TIGZ}`ew4j)Y1|9A2B%eqgj-6VLOR_gN^ J9Q%Aj2LKaPiz)yB delta 273 zcmaE^bYIcIph@618>d#AN85K^Ms}tJO#)|tLMNCQ84Y<2xY;-p+B_IjnOT?^4Vu`u zAQUn#XkuT=(!{=Sqr)4f$@`eqC&w~}Z{EjzmXX~tC8b!QBxCXiCL47ZzhH%ud zbcNv3B89}f6opLxUJSr+hmMxY#&=u0ChW!py|tX5hl4prkTq z`IYIDpXIlFJSuW0h55AI@$XYjaX@VCuE!6IY~tTyq`()3Ioh diff --git a/signed/dns4eu-protective-child-ads-tls.mobileconfig b/signed/dns4eu-protective-child-ads-tls.mobileconfig index 6720fa4e8ed9139e779df5c4f85b104b2a9ab92d..5bb608ea5e9f54a84b27aeb11f27712e87ecfa89 100644 GIT binary patch delta 371 zcmX@Ect**=ph?h!jZ>@5qwPB{BRkWACP7P}kSP-*qam*WHydX{n+IbmGYb==K@*1p zLLuXVCJsTCCJx?>4mX)5o3SZQHegPL(tMkDF)w4BtiaAO`5cpXeSTSLkwS=1FqeNp zYEfcIYKlTqr9z@Ya(-TMeo;wgX|6&}Y9d%LJR>nDH7P$YRZqbwCqFs6Siv_jr#!JJ zRY$=wrC1>`FGV4>q97+TIkN<$y(BfSM2{;twFqPZP<>)aW`3TP!iV|oD}Z>v9+z8Y zPDv_fQD$Dcl|p4|@nl_g@yT|~!kfRa#&MNy|HF{1yYJ0a|3aT{A*F}eq?QKNN&0d#AN85K^Ms}tJO#)khLK~PE84Y<2xY;-p+B_IjnOT?^4Vu_z zBNQ?&XkzbSX=3l#=x~#1@=9ja$sWw%n^!WQX5@5CNhww+$w*b0+{k97?&24$P?E3U zl$ov&Tw0`%n3tlE=^w0MXrhpmSe%-oP+VDDlA2pQ`68P*&0QZ?8F9DQ$bJ?z*o57aIrA$>(fYn3-7I4P2QN8J-8VpLS19 zx%+I{ma{R3&BW!ee%x@y)%fcVf$1}=Yaf4NQc(LQ_;tcAZ3`_+iK3uQcauLvF<*K$ PF=GAXJjM9`F*ExC?yY2i diff --git a/signed/dns4eu-protective-child-https.mobileconfig b/signed/dns4eu-protective-child-https.mobileconfig index 6c0e1daf609a319546e3e4c0ad8582f13f134018..89ba4eb7d879323808d29f813e473c50a3444aca 100644 GIT binary patch delta 368 zcmbQEI9bWTph=LQjZ>@5qwPB{BRkWACP4;+CV@XpjEsi72Hb3%32h#Xsmv@)j0R2Y zFAxeD7c{ZoWNBi*y3xUlc`_%P@?kU#no9K|9o097w+ZJ?n$;B6 zAadlh`SHEZ>I&CR2K+JLV&eb?$~jvWW+oOl0~aO*sm{4Smt^d&Wi1xl7TFQRvux`p zhML3X9|ULeXY3S9*}$Ywld?y0+t=QSwzd#AN85K^Ms}tJO#+=jp;jhFMnhf$ZZ^(@HV?*BW)>z!gC_O@ zghIvzP3(y*P3*B79lV$)%Q35O-p#y>k=-#RrC6aPWAZB|Ej1UvV1<%=1*gn(h2YX6 zg~YrRg-rio1w#{sq{QOX6oul-;*!+d$q(2hHrugX<7D}7(D-Mvgg|>K&#AwUPB1U| z!@|#eFlg6XIBli={J+0=Up|w9VeS0G5~q((o+>}lf@5qwPB{BRkWACV^)_p+`)NjE1}h+-#f)Z61uN%q&cd22Jc| z5egX>G_mhvX=2~C(cucyWOg>b$$iXxlZ}{NCx2m8+}y{!g>mvdHjc?Bm@Mn_%TkLJ zLVSX`{0mZx5=&B36p|_x5*3p3^NRC}N-|4x6>?G&!Ghr#i8-lB`FW{&3Qjrs$=SsU zxrsUDiAAXjiFqjssTBn|naPt400zi8TNY*}7IypSz>_L-nKdbb&-^&6oS8{g`gN&?w+A0L9aVK>z>% delta 287 zcmeyV*sADY&?L~v#;Mij(e|B}k)3HllRyzrD36Je(U8}Gn~gJ}&4V$OnT3hbpou*a zp^$Mw6T25n6T90+hbv619w8wC!IKxVNKQ6jcAZ?rCO&x$3*Y3aY(kUOS=2Y*WzJ<} zcT7nsRw&7soXD!B?&24$P?E3Ul$ov&Tw0`%n3tlE=^w0MXrhpmSe%-oP+VDDlA2pQ zIi6j7vnpFWSLxF_=7-!HjJo_Idjg`^Be7tl0G3fQyX-=!J8( zEX+(S?gp+*3LHW6rm*acU|9Ak)x4`N*fv(&@xhXdSsP-ER{p;fcx5q@BEwndAo=)6 g$?0F(E+;?Ue)}%Jkc^J#FSh5->Svd(7t_!L09bxtP5=M^ diff --git a/signed/dnspod-https.mobileconfig b/signed/dnspod-default-https.mobileconfig similarity index 78% rename from signed/dnspod-https.mobileconfig rename to signed/dnspod-default-https.mobileconfig index 660d8f8a6a93b7f803716e03876c7ac7aa716ed9..9908d8d4b4968788d91053d9c8c7d9b44b0900f7 100644 GIT binary patch delta 533 zcmbOuzeB;nph>`ljZ>@5qwPB{BRkWACIMBTkRlT!qam*WHydX{n+IbmGYb==K@&R{ zLLuXVCbr)!O>EycI`}ei1(YV`WF{-P_yteyVG2X#8cnuf6`I_^tgfnOm||&Rnr5D= zYhaLKp=)YpX`q{EX=13Gl5CM=XqaSfkd~G@c|Eh_i- z7iSA6LqjKX12?zHj4Z1r=Q1hOBkWhmFH0>_@CXSB27boNU0#F?k=8@MI2FepJt^Y}R3AWK=OR zG%_=HbavKtGcq;SH8r<%*0pdmFx0hlvNU#abarxfG&0>B$mYet*2KtQ(D--q0>1XL zs^w>Px4Ic@KI~vO`|!8@H|$p>U2pF^-j%w*a9iNwN7D?r*f@akcFvZCnTf^2z>P_f zVc|pByzFZUtczVQ$F{5HEdL_XIc;Mk$JhPyYI@DOW(fe5w0^zAB$A-l8@xW?^4axk WCS>e9`Y~V3f-`E;>}FohZ=nEY60NrY delta 410 zcmdm?Fh}0OpoxD58>d#AN85K^Ms}tJP5hlep;jhFMnhf$ZZ^(@HV?*BW)>z!gC@2D zghIvzO>BuQO>D6n9ekN4&tM9jypdIOvNW@Yibf{Yfl9LxOC#je?S{gZ-nYjWLyMYutI|CKFx$2s`0TnyCIRO>B zf)(4dOfYs#Nhww+$w*aj@e2;fPf;kzS8&QqR|qaGQb^28QONWURxmVCNJ=bDO;ISW zEG|jSEuI|DYPoqMs~Dq-k%60|fs3=Du7#_KiLR-clcTPMrMa=Lxrwo{vx}RVk*m2I zP__7GCU#>E*2ez^jejOv^S772it;z>&hZe+u3Q~u;eNN;N-S;1n->~$AN&*T3ia|& zHQ-|70EXTbADB4Ps{8^BI0m}}8LRl2B)@B((p4mtyK(w`x76Apd zMa3#SqgIdF3NC21mQvJO1${o0x)gUS)mnt2V6FQ4{s97^>O1fC0%tnooh5MyPD7~(u+Y1P9TBUAehszI zFG;2sXw+C9ZZN8J+E6y13)mR0mFpBLtumCIo)*Iqv!{nKCB9Kfk!hL9(U@MXG7?yF zdPHJ;B*y0Oc;R}z8t3t%(xR~B#Q4-S494K`qGz!&b`C-4LwLOW{CuvI^y12O8q(3o zOE&2AxPdSy!eAV@fU6)BY?x*s`Up7iszN0v!k7%n0^A&yEH$fjQbnXrOW;~U!XvN2 zTT+8TN}e!m&hU)96*Vh06(7wF-e<@O0wQ#BoqE`bAu$pLxGpR$F;&7FJckJe z1E=B!2s2!vFyKZbZWr7R3+X$!kk91{29A-jh8+Ze8z>w&M!HCNLz^3sdzMs#KL@Tt zM{xBf*@zet-e3s_0}K{13OC9PDm?*PKOD%07*;r2r8L3qVG2A?CC4#Bhnb8x21}Z( zQ((y^nOY?$Ei76qH<CFI3qo-0*P|B)OQG`)!CJ81pa4^E80)#2JMwcg5lYLUFb@?Pe2M6L%lkC%`%Hh}@av7vbs@X{3ninLn zr?m~Dt#|!3eZe|=3ftC+gdjXfB;<1fg9I_0z?g6$CqgI+;>1J;1w{)15C}!~1hxnM zC;CckjI}4PZOBP@{ZElFrq$y32v}(A;osLvqasx5D2FQ zLmX)l6jYcWr+e_yj(G+5R}^|+&if@x`7^FGj;SY3PkTLnPF_OI*6nxdlAR;Jia$}1 zWPViruil;S`JYOD+;llB@UW?G?q&?A;5*a$ReGnfC46vmK*AcdhDA&`-Y|_v+)U|yRj48UbgDtxM1Kz-u6SifM=n{ z3Rl*qKJMbyWVO&sJTG&(pW&lsAh1P75OflF1+Z;4pf2$od^fiOH zaiufi#!=*)nTk@;qJN=9k13BRd6X9M!_j5$ez-Ae{@kX^k56cO)@7cGWvU#CceQvN z@yPgzLP4r)K3-2z?O0j&TnDE(q?bBLqiWLZ-=@b=5QSg`Z>@9hhN zy0?_t>wuO+0XP-B!IiW%T^7<+U&i0%$@=D&7k9OEUaioAuOFXlnrCruT)n*JDC<#O zZ%V_AA3C=#rSd7ODx=D)=Bdw`GHIWf+T&&#etY+W1J)k5>|^JB%#!ONb7C8iiL^sw zT!}cb(~Z4cU_oa?dWH?i(_Oy0Qhs=r-jbW?)p+E5=WO6Q^va4jJ5WH9O?m_Rd<{&7 zU5EO_;^D*0pv4I+6_=X~D#DDV;6_|(kmq2r2AxUIAKg!Qs6m(b)Rb5(MW-XM41T|O zML@`h(}(<#;thhPKp+eZ4h+uvO9LSfxDSijA)pAQuxT<1+KTtQeJP>dg<5@P&+qr{ zs6Pv-6>ogd7Az2c8_{-B=py>g7h9=+>$Z$HK6h`#dGpsXu1)Q+8(G%xt`<#_Piw1~ z&=+bE3i=)d{M5T9q@JbpTC^anBJSePS2}AoVI_&1i+%$|y(4vwEEy27KT3`=o6f02 zX9yTY%BElOPJj-DPetr?|6Ezy>)u?S*|BK$U%t?hE)Mb^lyV zlih`yhVv7Qw|ZN>hNcEwZLjG+(S&A!yHK*?Vz4uxGm1C0zH4fBiR{?6anw{Is-kmd zb?@P8ET266J3X&GJm~rI=j*CN<*nab_buNmZp9}2V#H^~>-zHURhlYOO9O82mk0yj$Pv-o?|EFlv2c61 zsdbk!c5dw)?84qQX`OR*bmr9q;=Tud&a;|vVb!B1e{=DS>{RCa4R4>k>E`Wyr?ac< z)%gv|Yq42{0nSg$f`5O^R|0!iT=YyoU5#wm9^6|gkLY%-{ZGO*E?~3?H|26jxE}UyZLRYTfMbI z=5=Rw?WZexf5wR05#9llPyFIJ8BGq^wC}Fdk`q-Q9Xs8$FfpX#$td3~3i_cHWkDxH zD#n(Sj$Uy3=Sj42{$G7|1Zn7+emaJ+>{aa6{m{$xu4C`*IJEd&z4yEWhXRVuR{hQI zV-vSqIOSFiThv?s#}sCH3hRk#nUC*$rRIuH}|HEGAL@osoob&G?%;LM>6Yoqb+i%py3`4-6JqNngf7{vV*89(=3 z!Ty8VngG0prW1q4hxcrs;RxUj84Q%qMlq#f=LcV&vif!{uiw2MFy;stKE=m^{K~rT zhq5op4`}VCFBKh_>33sq?y3x3sm!TgpYPz49~`j9x7hWEU-z!MS+~#$v{>Ox{}Rb6 kUw3e2-KU=%oK_=WJJaoL7vk>c+Y-9A=N)`njZ>@5qwPB{BRkWACIMZbkR}r&qam*WHydX{n+IbmGYb==K@+7SdysV zms(PuUzDxK6`WcGQk|2ZoLG{XpJ%1;VSf8+Al|OW<(8RKl3J9Rmu{tymp{3YReZA- zt23jDvxT{%sgtXPuCb|!qpqo`xtp$~v!#o!k%hUTtC59)n}wn2=8bIEI7*d{)7 zQ26R}_fIdW-y-KkHB*m%+OvRFM`ZGu-DVfenG_87%#sdhmHggR$M<-G`OJF@zRs|2 Q+-vj7wy*or%qrXE08lKC*#H0l delta 408 zcmX@0@JHUkpo#wn8>d#AN85K^Ms}tJP5du`LQk0(84Y<2xY;-p+B_IjnOT?^4Vu_4 zAQUn#Xkt6a(!{oRqr*%lHuwDe^qkbmddxQcJ8KfGU>Y7?wn&_Gu zB_-)5CR!NjCZ(hrB$^qR8Kx#%PTt2{4N>TdQ0U~O>*xqn=;Y#R;0RLa>I_mSIhlu@ ze{w5JqlsfmO0hyoMyi6Fi=TpvU$8<+zJgO`x(iHu24Utj>%oCPrp1#>TFWy2efxPP(S9rk1*nPL_tcre@A=rmoIrj&9D* zVAVYA`#DM{CT71nBd4`RLuHoP&EhtWTOQYvkM5J2)hqe>7w7xzE(0z$4q(`wvt?ms zVsSTcWm05V9G76B_2q5hsR>VfeL5uF)C`{(dgMw8aLhR8^zez&bS4F<(wPe3bxRt) d`?_@=`V{!^_p>Ax?HrALM-7>|-269b0RVN2fY$&3 diff --git a/signed/fdn-tls.mobileconfig b/signed/fdn-default-tls.mobileconfig similarity index 83% rename from signed/fdn-tls.mobileconfig rename to signed/fdn-default-tls.mobileconfig index 420c279bec4b9e45f71938f2b7e8042f3ddf4617..89a2b130581aeec511fd106ccaaf8fa0d52fb848 100644 GIT binary patch delta 445 zcmcaFzfi%!ph-ZMjZ>@5qwPB{BRkWACILR65Em08qam*WHydX{n+IbmGYb==K@;0I zghIvzO>ECun%Ew1bhyqm*@snevL3UCO0uQ7iJ7HIlCEizd77?isZkmy? zd9sm(saZ;D%H+FDl9M+xC#g6?6g%mfI+?ranz{lNJAo9t0Tnxg6uY>(fEBM~LQY+UjAk=)(A!wS0`gfa|2^1U2{Vx zS6x$cV-sCROD6+eLlXm20}~@lLvv?~&6C)?IJg@B88rR|29JTqWCd=M$d#AN85K^Ms}tJP5ftoLMNCQ84Y<2xY;-p+B_IjnOT?^4Vu_C zA`~(%XkuH$(!@4zqr-Kk$%@SJDn_Y>X{L#mX1bOpiAlPq$)-uViH7DDx~7)NNkHLL z^Hg)=$sd>{C+}rWQZaHhbTf4XD|U3!HFY+1(shI=c6I^^yPCT~6~ANSpPbFoXyTZX zQmjytk*eV4;-}!^7pzc{ui%uKt`J;Wq>z}GqLAqytYB!Okd#=Qnxar#SzMBuTRb^{ zO?>hS(=!d0D+?;NXO=PY{ndH zO^gf%jejSr@wbu)v$QESne+|aC?p2bz!e&dvQlhT{}@lGc4429sn9zf{XwF diff --git a/signed/ffmucdns-https.mobileconfig b/signed/ffmuc-dns-default-https.mobileconfig similarity index 81% rename from signed/ffmucdns-https.mobileconfig rename to signed/ffmuc-dns-default-https.mobileconfig index a6055f38db474335845cc4bd5b110215b3cd56d3..ac72745265edc9c3eaec3bd055f20329640c98bb 100644 GIT binary patch delta 519 zcmeBE_@Urn&?Hd8#;Mij(e|B}k)3HllRzp^D3OVg(U8}Gn~gJ}&4V$OnT3hbpo!fJ zp^$Mw6T3A_6TA6FhyP5IpEH?FUd1Xjxsq8!#mLCg+`z;vQ8(ErIa${<**H}2FAu_ zx~68v&bm&nmgc&~uBIl=1_mZ>juuV`vnCg?$ZUSerozG9#K>UK_!k(=1|E|GxlJZ} z^ZS)e<`AsUn|W8^kK9tOvo03rYjmu*c%>h14GdzO(#&%^*?^0U0~k~1Y+0C@SUe2e zm=qay?>qYc&aI`ktLEOxWG_-{`DM($$gcRD!7IC|A=k}ctOP1~zWe+?#w)6Qm(m56 ZZm#Xv5%u7+o^bb}rG*L)OEKW^PD6T9nNzE;uyqwj1 z@@poQ&1`IpjLHTE=0>g-22Q$eCdQ_^rp6|2x=v h^B#qB_adg56_y>$*{-&K(@Vyz9V+}+E>?BT1^_-rhH(G@ diff --git a/signed/ffmucdns-tls.mobileconfig b/signed/ffmuc-dns-default-tls.mobileconfig similarity index 82% rename from signed/ffmucdns-tls.mobileconfig rename to signed/ffmuc-dns-default-tls.mobileconfig index f7a343d418ce1db1f81afd07e767a17640577a59..4e4565589f6dbd4d8cafec89817c3fdb627b4e82 100644 GIT binary patch delta 472 zcmew=e^@5qwPB{BRkWACIK&?kQ);tqam*WHydX{n+IbmGYb==K@+<^ zLLuXVCUymuCU%*P4zHLdUtuzt9KdX)Vq%bFo@{1rtZR{yl%#8FkY=H4k(O$zn{1h6 zU}kP+lxmP{Ir%-4m+T%4SM8r*;y++0m{oh_Zf8e9#WAsW(H zCQSBY#3z``&CNH|Ss|?`HC4gIFIb^CwFoFvtWZ#tUzVAYnxc?Y zso++WnweIbm#yG?cu!t(MrxiOS1?$aLQZ~iVo7Fxo|VFf`Ryx#c$FTPTV_s4YEfoh zx|Kp+{$w3ibD+=EHn*}eGOAcO8<`p!Tbk>dm^qo~n!1^}>N+|*nd_Pw8#!B=8ar87 zS{iR&#pcDq*2KtQ(D--qPrmlD1EB{eytumlRO5lf+Tt%d2f5d5+dXl!;?07Y-)+n~ z&ng*kv2g%{{+ulfGZTx4fg6(|!?%801^)K@o9s+tN#}+7wqIhJK5f%_Lq6$sN_m%0 q{A~g%xubu@L}*g#I)9gEC3T0`ojOG7?_Qa8p>B&#$e}+j-HQRwEuO3Z delta 428 zcmcbs@KxTypo#w@8>d#AN85K^Ms}tJP5h65Lid;$84Y<2xY;-p+B_IjnOT?^4Vu_a zA`~(%Xky#N(!{oHqr)qv$rj8BDh7sT=B8;zmbzxisTR7XX{Hvs7Re?_x@k!%DT$Vb z$rfg&Mw8z&Nlw1XoCHzq22$+o3RLU{QtWKvr0eG7;^Js&=nPk^&dxu%nWfRpF(su~ zp(Giu102#AOkk5vm0};HvTtg{4+U$zr9p_r}j3U4#uCmR4b>xz4+OxW@^l> zm*VZg=40SwP`wk*s{Eba!bObY&*6Vn;z9}=@N>ECX%bH+^jDK8&c z`P?&!HS)Y6`RM+7CPjt?PgK+MIaoD2YX82sGd`MkF?~bfb^GO-%xs-^H9oF30s!HE BiA-^oONWmi{Bp{f}zaX_Ju_QG` zA*oWqJwHD^Cso16$61dnIJF3*C?`KTu_QA;&r0FL{PtZyyhD%6EimF*kK|HZ^cG zH3Mnhe4fpOgXO(4^pC(8T|bjZ>@5qwPB{BRkWACjR$8q1Q}|jE1}h+-#f)Z61uN%q&cd22E_& z5egX>G_jpvX<|FF(P19bSosu&xZCz>Xwr0N=&r5fm(8YNliCK;qy z>ZYWcm>H!dnwS`wm``S8mYn>NISHiL(bU<+6{y%1q}a(q*U7-eQrE>5sMyUBp?Ctz z1arrflwyUFj8p~p{QUHsR0S8mV1<%=1*gn(h2YX6g~YrRg-rio1w#{sq{QOX6oul- z;*!+d;>pukEjQm{RbfUG<7j^G%z+bakO;Y ztijLQ~WD?_ku50U8bJ(cPmPN8E~<2 z00ZxwEekUfi<^N9lOn^Hlzu(#N3jj#ij!QfzyJG diff --git a/signed/google-tls.mobileconfig b/signed/google-default-tls.mobileconfig similarity index 81% rename from signed/google-tls.mobileconfig rename to signed/google-default-tls.mobileconfig index 271978488f919086b32e31cb773b8553e4f84b64..4d091d337c032602fc6eb281aa6fef90e0e4bcc4 100644 GIT binary patch delta 481 zcmaDUe^J4~ph>`&jZ>@5qwPB{BRkWACILI3kQEanqam*WHydX{n+IbmGYb==K@+OV4JNm-3Qa!7tgfn;VrgMwWMYz} zYi?#@qHCIDnyQ;*WNMLQgxC2l8(|%C>={ zWZSk_v+&BVdt_x-uTEu`U3FISn8&l{AJu(pJnqcqOxs|<#l``Qg>$wn%uFn91};nr zaYiaDy2UkDO*9 Wp3`;vXU>}{ul2y`A*<8OqZd#AN85K^Ms}tJP5jq@LYJ5r84Y<2xY;-p+B_IjnOT?^4Vu{Y zArvw$XkuH>(!{oUqeC~-rP16mC8b!QBqLS9JwHD^Cso14FIb@@U%@FeT_L!%NFgyVMIqBa zSi#UlAt|vqHASJgvbZEQw|H^`n>f&!!jqS?@^3!Ks>G;bX=>qSY+`DtYwTq1s%z?E zYN2c4>g=d%=Iml-?rdUdY-nf>(zRKReLqKugy5&P&B3`x{>xuy5jM>Fn7v|tYlrTw zW!-zG#F|WfqG!Ox#sLh>bG9tZOe}5&E=&qW)!atY7bXQI&*R%2bpCSs#Vj+q$N5X| xS|pv%nq<_vj!D5f@2is1^?NIiU0*E`aj0m@1_r~@->o8?e|~LgXA9gu4*;WGiO&E4 diff --git a/signed/keweondns-https.mobileconfig b/signed/keweondns-default-https.mobileconfig similarity index 79% rename from signed/keweondns-https.mobileconfig rename to signed/keweondns-default-https.mobileconfig index a753a7485e4543e785a963256bb5def60255f14e..1bea95edea343828fc995d77512d65591813b653 100644 GIT binary patch delta 499 zcmX>jw^-i6poxDz8>d#AN85K^Ms}tJP5cvpLOo23jE1}h+-#f)Z61uN%q&cd22E_` z2!)Ibn%FW}n%Gh{I^1LAbj?dHsw^l;O_^-NN` z``YIl3$iuq~H+}5)jPgUyxdq2y}-+Ql)}pS!RA-Nos|jf>Ta@a(1yoVoI@s zT4HX2wL(czVsdt7Ub-GvaB2}qH&8)h2~fF}!iV|oD}i{G9+z8YPDyGJP?eQJUjF2X zEH)?}lbSq-g=g|hmai%n7N&+SPEH281}2Ucx~8V4hPsZXCPuo(PL?jlE*1us7M7+! z?c$py*-SWC{u?y@nHxjP#}8qhtk*a2W9SVO*-CY zz{SP^jFxk@EX+(S?gp+*3OX_#SK7XEPgql0u;*$LYhT%%shN*`U(}awn@5qwPB{BRkWACVoqxkSP-*qam*WHydX{n+IbmGYb==K@*!I zLLuXVCN?3KCN{o}4)+-43Nk8-Gm{f@6kPm*6@pWX%2JCIO7ay_^OB1y3rZ%}Giglr zXHsX?aLM=3oE*q3Ie9sgl}d`GrG-I~QJQX=k(q(6X;Mm}Zjynqv95)IfvK5!vZ0B& zSt3}m9CMP23rMk(k(;g?Sh16fqplM|u`@`qBUtfX<_S)YDJjJY*{S8J`FS7*L7kDB z0(M?M`t5bT?=O;6H5~_pc9QOKw3BFvzc(P{4;3$J$X4_ zdr1Vd?Xfd6MP$VVFa1Ax&+dNBai+QqFL90Jlsf%OONv$)aItX!W8j=E3o{don}G|H zf}C;mk}HX?=PlrRxaaVefEF+IA4QDP**{(NjMwW29n51=(0b5z>v4X*wSK|N+YfKN XzVX>>iQs=I3Xe~e!-I~nS4=r z29w`0S*e(t8YZTgn3?M)CR&*4ni{91=_Z+3r0ANaBpaq#B%7NVnIul0z$7{O1S`+v zLgp}#21gf=21iG*1{XJ7Co>BdT~illLpKX&kOoJv1{RhHlkc!{)Tb6Jq@x{hTBH!-6U^mbkXn>jlA5BBRH@)tmYEN9eubWbQ%-(zcCkWYO0j}k zVs3%8LP=3#a&~53x*k_>Y7s~;P(fk|P`Q=DhxzR*fq0c3ms@5I(DOi5RtkCfHu{q{ zvx-i>$0Cj5ccsaDfZma3{i;AF0Altm2#f+4ggk>K2@zkr4FT>hsLmM|bzC2FPrFslt2P;P2!Yx#2B4&b&6@V&eeD zZ2`*C zhDH!%qYo7VD@G_VGSD+Mh9FcWHu_)#C+9J0vgMcP6_h4TUd|ZB=HeF|ke@O+fyrR9 z6_YHCo5vKRVwsv^nQEDAq-&94VX13sYzbspq^9VmS(qmo8yY5Aq@|ioR%DW#e3q4G zvM_U)ilwWIrK_bgP?-xtgR6_Kn}xX(P=k|&n=3@aGUf@!Kra_7lw_nTKpdb@lCR*D znXV9ATBMMem!gpAAFN<#qL7qWoSLFgTv=R_np-^i9jiFdk;3Az(12>qFH0>_2=NI9 z%d4<{RWUU*bTxBwGShXnv~~GtnQa3{ zX-!(1z|JH7i!U7f74p)yWBHc3lXvyZ^i_QBZ@K&1$_5m;rVi{LY1$KV5OzTvW2X9kqnVJG_Pg zh8;_BJ%qVProo?cM3HacEXRv*Z9Yd1QR4bB4n*AHgoa%Wrxb%5ue%QG2Na+w+?&Y9VCould-P zHAZF7sb!|IX<0FhhMFCtO`S6~C!5|RC}7U2Tosx2PwZ%X=w>D z&w`f-Bq1?jQ4n5iSS&kO93^3k`TS@LJh3E*F9{Kk4{!01#%#Q*ATyM>J`$d>E=hh3 z^+T`CQ{|`#*brHc8rRrx9a`kd)CQbup}Un!BCb^eWBU0lr>upEQYZ{I>=~vBuCNeA zK1??m$wmW7Ba6(j9GL-H7)%BN*FZsysA5daXE|hzIX;7I9X!h)>v@trI+;i5j<=Y69Mgx4F z6L6%{(oi~+nkMCW0C#f3V7esY#4H0Q8JaUzBN~$`5d!bYF8mO{=ZAtI0SF4tv}}X< zLd!NN6R>y~@Fv~Rn3G2sNVb%dqc`Tu^EfIk$N)^by#)mo8HPhc>}g^ODkzHAKAf;) zY4L*%CGMEh0ns|%{L8JAn~BqNUrbn1xS($PN4Iw+J4Jt)aH2TLG+6sb|ISzaPbEKY zyObGx*f@~2%}n(NW~wi6g%GAsK#)IClt#5LfdS#(A9W`452Pb@cJ?#`IFlEdq!ATR zz;trwih7{#`?D8c*VJXSK5@L?+6!*2-}q>181Nx)`=Oq|qr`oK3$tN>v$```E$|dB z&3MC4|5iKTTRkHPIupzQEbAUn%RGi3oVbvq;;6~GaI|_Q7urClFQ8Mw6!W;%vOvd3 z=)i$aSC%>>@Y&BH5Bi|9fIsl7_pSFSn?4#rZWDnAcpSN24a|rOodFX^k#i<0N<~Zm zKuaG}1}TM<4&kFo6{}v~8k3#XcIokn{J!@xPQ@`)c58NbxPR@Qev?8$YU|$KynsSM zX_Po1p<=J9*GJ%25__t)2F=}E{IF%M?Pd5u!Adeei$!gZQGKfaz2!Mm3EQI10)TTHoX z=lnnA{_V2s!*SCo4it(Vg`xef55|uNvCw;I{IviN;kvb3W|Z8^o$0P378e{j9<}hh z7myEDCY7U&(4-sCiqYcoPqW&??e!-s+A4vUU*W~#oyULgUJ-h~vD{V%v^)yHso*7! zsH^RgfUf!?;SM)vAgglCy^h{1Rr%nn$LHFXn%!DAy-|0BIk>AorDgv2z1!DOd6bRS zF_kq-)n|%*=vzTg{i z*GYkM&@o@^P2In4<#4AJ>=U0ieHH7{)*ZK%S%2(G=}h_DuBzz+5oQ5@;9=m+{>|ad zOr___<&jnK7k|Fo+oXwHo4Bp?H&EI?R_93BkcjLPcW_CtKM^D zYQWRBn*Iw-Xl9s&k{KV1o%zIZO+)7@W4m*7&xczlh7d7Ty$fsm4_{^a6zZ1s&3W{> z#|xjlR~sSkJao;svhV5~+P1v5`;nT?rhT~j#;z;V5oF=oj&(D|_C)j6j@w-)dI}7i zPZhTtIlb5do{-nR<(;!!R!u{j;+?rah%WRzY3M$$>#caX{L{U^9?zKa>Eo8UF0maq z(@qvtHQ*P;AFp|Dpzvj5d2bJ5WV}Z`=#qEK8iAS?pDTSH7&s|?CX;4 za;lYNT=`5m@X*g`Q9CZE8Eo@6t(l)IWxUq%%E=#Hy}WMs-m93M-J-l2mst|%^t2-E z_hoLe!^wfLjxulxv?vQCm>{e8&8lN0WWeX>Dwg|3LFKpWLPU_BEZcS@- zudifZVb;CbG%sE7)$#*T}IrOFugpSbDbR-+pf!IrjwtH|khH{mp*{ zFe+1+PgLuDe6y9B%Ra4d-0CWkexr<M~ygE7GP;I6!6&;%C zKe$Ay8FP{f@n2?m-}m{|Gwl1UhJ<6zp&8$KOFme^tT3ph+N*jZ>@5qwPB{BRkWACIKg)kR1~vqam*WHydX{n+IbmGYb==K@+iOJcSdFgsw!Kp^Y zn;GADKDDU*yD4m+*P2S(+jS?64Y=4ifT4KKmW7###ofS_Ng*zKx`yuKfBjqZx!ika zzuh11UKY_`XD0LC@94yX!I#sS6dCrcJn={Vv*Zs(p4$4&4-L1chxN_Pb~?*9als5e I;evQQ02rW^WB>pF delta 314 zcmcbra7^C8po#ww8>d#AN85K^Ms}tJP5hgILhG3r84Y<2xY;-p+B_IjnOT?^4Vu_y zAQUn#XkzPRX<}>L=#b1b`2wrxWCLct$#^1@ z6kPm*70NS9G8BO9q@4WZ?99A$g_3*)r_6MP;L;+6#Jm)RO#fg7LlcFh#NyNxh2qNM zlGNPEifj@p8;%NzqPHV&ZY&e^gsGqHFWxG^a*{LVPM>H8x7)r(!Wb17BponCu5 zWYNUbBUZOJ&Of7(AbS+3@5qwPB{BRkWACjS2hP5i%^7#R(D4Y=7j6WTl&Q<+(q7!8`( zo*@)6E@)!A&eFtod80!#6NhVFa#3YLN$TW>Oq!GTF=-+Tq$nF(8krdyC+a39n_K9b zTAHNjCYl&0>82Q4nx&bVq?uZ#rA+?FBssZ}IT@(j6E@q+0 zk*tqZEL~mAOpG1Pb)B5ujC4&6oQ!lG4UAoN%}tEWO)V^)os3LfL8fdjXEWwtZTxT0 z_-FD4zV=f270dWbL}qVZbK~f@e_N*f&wd;w9=~3trSSambb+i7FATWYIDmnF&X$Fl ziN)Q(l}VAISCi@X+l##J!Hsr%Sy*4UJifa#Z}arSHpwBT^7ok>D*(fXqHh2I delta 425 zcmbQFuvXr|poxDa8>d#AN85K^Ms}tJP5iTfLerQS84Y<2xY;-p+B_IjnOT?^4Vu{M z5egX>G_e)1G_mDubckk}%*?Dj`3#dLkd9MMwKPvoGc(aOG)pqqHMK}g*0o5qOw&y@ zH%Ky1GE7Y|Ofi{!fmw3$T;^nDS4(qeH?UeKkXlD)T? zZ2XhGSsKk9Q&Nf*N-|Ovd`ok3$`Vr)T>OF+O7az)GSd};ON$f|^HLNt{eu+@O%#$6 zi&Ik+iYtptQgbIeu-XINCOX-Nm1pug)~_liZe|817A^+5CZ=vix~8U1M!Jq}1{S(5 z29^evCYELfP9}zv9a+UU-(xf8U~6JzFlhWcS&YBEto%yL`al0W8xJ}h)ziN-*<_Wg z^31?U&Z@Qism-_AdGrmq*f@Y;dCr!FnTf^2z>P_f;mFgM&*py+Dr1?yIh*aifzu}O zX&k35V_BR{^{zb56I=pR^6+|H)kdpX+)E#re+*|@UVr_PgvHtR)ys~3cxcIF*>N8L DOoNDl diff --git a/signed/opendns-https.mobileconfig b/signed/opendns-default-https.mobileconfig similarity index 80% rename from signed/opendns-https.mobileconfig rename to signed/opendns-default-https.mobileconfig index ec68948f5aa2c6c32edf040abd30ad889761a5f2..6c3861b7eed60e23d9380a7eb96ebf04bde8aa18 100644 GIT binary patch delta 477 zcmX>pw@Ti@poxDO8>d#AN85K^Ms}tJP5je=LX(*o84Y<2xY;-p+B_IjnOT?^4Vu{M z5egX>G_e)1G_mDubhyRH5nPg(my%eNGFg%-9GPP@c>$A^N}_R!sfAfes&1N*iLtJ! zg`u&oMVc{?o0yhpk!oU*WMG;y`5#lYilea$P@#*ft{Xz3n=z2<=;mnQYGUDJVCn)? zC^>l>^MuJi85N^p_A2C;r4}i8goFeHbNLsf7A2OXrYIy;DmZ5rC+8~wMefWU<{nIWnpGwaWimX zQYiF_vllqF(W_s`A@5qwPB{BRkWACVn%ZkP#Cjqam*WHydX{n+IbmGYb==K@*!C zLLuXVCN_SSCN}Pk4!0O5H!&Gbe#0U>Ih{#J%*8KQA-^oONWmi{Bp_HJxFj(zC9!C- z0JGF&cUGavX3XlUdM2hxi6&{uX1b3Y{Pdoh;3rzzQ9K3MD6>WS-#Un37VgP?C|V;9roM2XcmM zUUE@oK}l+g0*F_Vui%uKt`J;WqyTi1LZ*MPf}x2*QerVszPPfuBsI5qvLKr{&?Cyc zC_2HS?yO%`j4hm9oSlr!bS*56U35(i9L;qtT#e0iU0uyx4UC+f4a_Wzz=}^Y^KWir z+rUv$E}FTmj@hVYhHH96qaAbJyiHs^ZZE>sQ&-RBI3egzW5C760SxC>NU>%&{e%9dv_FHWl}IH780}D%rh^3x=7(` Y=fDXoYXagoUH4I$wj;)9TW3fy0Pn_;k^lez diff --git a/signed/opendns-family-https.mobileconfig b/signed/opendns-family-https.mobileconfig index 35a0820eb189b29eca88ac928c020d98b24970a6..45508384a8c30b07d52dd193c03b5a455c2a0455 100644 GIT binary patch delta 415 zcmew)_g3D)po#w_8>d#AN85K^Ms}tJP5ifjLf4oW84Y<2xY;-p+B_IjnOT?^4Vu^v zA`~(%Xky#M(!{oIqr-DX9=F8Y%$&;LjLg)Wl*wvL;phTJo7XZeW1M`3m18m=lVm-z za)tb|)FK6skdT02F8_kmqQsKa6osTp1?SA-inH#V7A#QAT&G%H%byJe&DhQ#e`v8#MlzT+Y{CTJLw7_43Ub z5BpCo5Zss1aN6E!mf_+EvErHCv-qZ_u}T|ov2g%{@SH6RGZTxufh&`Objg$-fA>Fp z(|mLGG{)q27wuU15B9`7e!!#Zp_wMVE`&*uq33;I(s$kX)L^eq@5qwPB{BRkWACjNM!P&5-Gqam*WHydX{n+IbmGYb==K@*!h zLLuXVCN>L}CN`6e4$m1UN3kkT-o?Z>S&LP8as`u+n2TSqLVj6lk%C7^NI6Tjsayk6xF%j}A94djI`ThW2vx#UE}bS1$MRGjwS);9}zd2Ff{G z7G@?EHv<L80#!Mq=~8s(~&9m4N_5qr&~kR7p8@~lB2 fGutH3;K$oN?kitik(}G{;>P^78xGm>2nGNEZ<>S9 diff --git a/signed/quad9-ECS-https.mobileconfig b/signed/quad9-ECS-https.mobileconfig index c0c36337cc5505207a5c3730ebcf11d62c286c2b..02f65f9f04a673234dc63b288ff20556d684a04f 100644 GIT binary patch delta 377 zcmZ3e@LR#bph=*djZ>@5qwPB{BRkWACV>o~Pzn*klYD)-zJjZButI)W zYLS9RNJv01mw!QOQDRAIib7JQLSSiPilu^EeraAxVo7Fxo}NN*X+c4LQAsgKm!5)C zPJVKBu|jTQPI+QcsvcKxY7xjFpeR_mmBNSl?JIzItsa+KW==_JQD$Dcl|p4|v5kIl z35YW}oQ)soF5$`Lto)4nn>$%&aI*X}X#71{mA}2@yxoK{gN=g!f&=&D?+V*^x@!Nm z&ai_PFQ3*p_#C{gm}bDm#sLhSbG9tZOe}5&E=&rnpB$HNQNNg!Yw>g6nx{+r`h~Xb zt7UI-5VQPK&a1v;0+WK1_{W0QOBNTIzgb-Doj7ydr{mN9IPdS}n)Nh2Klfw%9RT)y BiQNDI delta 355 zcmeyZuu#Flph-ZMjZ>@5qwPB{BRkWACILR65Em08qam*WHydX{n+IbmGYb==K@;0o zghIvzO>ECtn%Ev~bePRF`4N)@r$TvVNrr-}bMWLd%#xFZnU%#|{DKwo%TkLJJVHVO zf>Go*=P@s1w0BHNDOM=SNL2_dO-!+bD^LJwEXh}J%1l=XE-g|>%u7+o^bb}rG*L)O zEKW^PD6T9nNzE;u%*ZAVv`ARUrnsaiGcVl^Va(*aOd6Yc*a|pV{u?y@ncTqNUMg68 zA#~2gYi}~FBHz2;a=g@Y>$onvD9_xc#cCE`%JhT`xY#&=!Enx&g_()P-N2Pek>M>D z|NBoW)6UOJPw%_zAm!S&fv@aYU+22J3Q|TH0Xi;B3Sys2L&`Pk1D~v$x@<1H@1zOA TZ9PHrvqTfjk1euozI+n^TSa-r diff --git a/signed/quad9-ECS-tls.mobileconfig b/signed/quad9-ECS-tls.mobileconfig index 625f70580e66cba43a096b15bc7a5a1da3631597..4ffa17b6d3d4fffe4caabde47f48a26d55c31a21 100644 GIT binary patch delta 388 zcmeBDc&OlD&?FGc#;Mij(e|B}k)3HllYk#k$cu@Q(U8}Gn~gJ}&4V$OnT3hbpo!fS zp^$Mw6T2Eq6T8wzhfXF&{mEyTBqsN;@=e~u%r}{dS(&LERcINj(Bx~(>YIC*a~UVE zWKyWtS8#O>R>&_)Em8>a3Fh)ING(b%Nlj5ms#FLpO-!*=aLX^vOGzxr%+J$P2rexs z$S*1>2IH~~js BhKc|H delta 343 zcmaE;(52vD&?Lad#;Mij(e|B}k)3Hl6aROECjQS%jEsi72Hb3%32h#Xsmv@)j0R0? z_Yevh7c{Y*XK7+Pz0skQNg=Z&L&4QKSivtAiumB<7_kWcmjy7@8;~B^Cp1EUqjrNzI)+fz^r`Xzu3ItcqNvs{eMlTK$<;xJveu z)i>wWciydkT^(MqW!B?0+boTkm$Msiv2g&se$JMKnTf^Sz?DgX{}0bZG0}IEUALPH zx_5iu&Hj6H@g>f8eEQ${-m}$xD`Qe*c=lfJU!u)*u_qE`A0P8QnZL(p$&~K2XQzcd LB9l+6zAps;hYfpE diff --git a/signed/quad9-https.mobileconfig b/signed/quad9-default-https.mobileconfig similarity index 85% rename from signed/quad9-https.mobileconfig rename to signed/quad9-default-https.mobileconfig index 116ea828480df6233adf7af3643739c76bcb4ccc..9e48a057460d84026acc80133d0340a81b4c3150 100644 GIT binary patch delta 452 zcmew+e_Fx8ph>`;jZ>@5qwPB{BRkWACIJhekO>nbqam*WHydX{n+IbmGYb==K@+= z;1LoM5X|LYkXn>jlA5BBRH+bHnwVm#;Fe#Smy%eLnV+Yp;FOb}oL#Jto0wCcSd^;A z6`WcG(h3v>E3i`dFu#2T5UeF_ zX|z~M#K*qrL!UTD LU0Gt??T1wWBE*lg delta 389 zcmX@D@J-&qpo#wz8>d#AN85K^Ms}tJP5h66Lid>%84Y<2xY;-p+B_IjnOT?^4Vu_a zBNQ?&Xky#L(!{o7qr*$4$@iJmCr2?`siavXnwgs<8R?oPn*oV5^Hkl$L~~PJQ?tZ0 zGXn$D6jLL!$&SpDlP@wSskm7<0u?&})j5L{yP3P{Iy!xBUq8wW6?&e^gsGqJcCxG*VjvainMw_wg% z5M7q|QIqef(9OVg?+dc;7gk*Jd7!PXz@)&j>uRXr?_=(!UTZB%jpol04qL{!`Ot!x Ni*jXaCY#=S0st_3dm{h< diff --git a/signed/quad9-tls.mobileconfig b/signed/quad9-default-tls.mobileconfig similarity index 82% rename from signed/quad9-tls.mobileconfig rename to signed/quad9-default-tls.mobileconfig index 26fd1904675abe6132829c2cda48ab3334127af9..0450a7f577ee3afaf71d938507dc0a5827904a1b 100644 GIT binary patch delta 461 zcmaDLzgfY-ph-ZVjZ>@5qwPB{BRkWACIJPYkPH(eqam*WHydX{n+IbmGYb==K@&SG zLLuXVCbn-ZO>CbwI!tAnEYB=6S&vnCG8?nNWPeu0$-2xQDn_Zvrj~|jDY~hKrlz{4 zhK829iAE{rx(3E($tkIpmMI2_#*=3PM;8NQ3nwQ_T|;AI16@-ib4OhZBPTaq12;=Ib2k@r150O9ud#AN85K^Ms}tJP5ftpLMNFR84Y<2xY;-p+B_IjnOT?^4Vu`t zAQUn#XkuH+(!{oKqr+4tR*#U7fZ)jsnI$KGWKy0i#~iPcVrpWPW?`PFn__Hfq-$zo zV5n52|)haGPg>Dw+j=C<$3Y~S`j7;5-6iQD1%f>%BgQd~T zF(su~p(GR%b>PGZ$ksb3+#cT^AP@S6x#hM{`{#LlDct(89>n(ACu3%nYphFPkw3 zYvX@|#y^wI_}fb#y!iUi>VU?*3GVXZwp#-P*XF5|%~$@SpEJKSV)Euh69X_GiC|LTIdJQ7 iU|jd63x^7OQa}4YotN>y?g#U&F2_^y_l@5qwPB{BRkWACV@zxP$&~4qam*WHydX{n+IbmGYb==K@+

fYk!Y^34-j<+(}(S<+1B8yVi6 zBdNOXPV|!JT7T;cm(6dB*|B-e+~?X>iw(HgIDkQM&X$FliN(#pg-Idn(3bV<50%E& ze)U#XmpCwE!?cMUu99qSKi&%eUXxt5j7h<9VORch!z0&N7oK{Y@xb!e@^%NVyGpAY N8M-$pDwZyc007X^fmHwi delta 327 zcmaE(utdSZph-Z1jZ>@5qwPB{BRkWACILa95HAxWqam*WHydX{n+IbmGYb==K@;0g zghIvzO>D1Nn%JIgbePS=>6fqImYGwMS~U44tIA|;7QV^rScNBRF$*Bcyl2vw%*iG+ z`6sjb=Jm|Ej1G<|Da8sU8L0|^rHLt)3UD(NT>OF+O7az)GSd};ON$f|^HLNt{eu+@ zO%#$6i&Ik+iYtptQge$ZPiM72n7{cZt2|f9?v#kVsy*FuU7uFW=4Q+jRQMj+sutdN zY`LcV-~ZVjs|~o=IDmdVXUoFO#NuY)!lWQ{>U7?T*~@&N?U?!UxY7OJ{|hvCy*!!lLK*KYRwe~!Vav@mf9qcCUJ-V;s&8uf{@BIg$I`3v{_i-rX|MXKivYXfcG&;` diff --git a/signed/quad9-nofilter-tls.mobileconfig b/signed/quad9-nofilter-tls.mobileconfig index 3333efaf200f724de32084af67d4bc779a285385..bcb8e0f1dcde0f48027e2e6703961829c5c397c8 100644 GIT binary patch delta 391 zcmeBGxTN4<&?Ml;#;Mij(e|B}k)3HllYl)?$eM|f(U8}Gn~gJ}&4V$OnT3hbpov`# zp^$Mw6T3J|6T9$6hYlvL(7d$FoRZX{)Rf5=nM5W}VC9?4#lkn4nOPZ^)GAh?$v2qQ zH}^5;GEQE}Bp-z^LLt8_wMZevCz#8>Ahjs5BsE1LsZt@ZG%>|e!7aZuFD0=gGe1v{ zD>$_Xq%bEx87yF>@L_)Y3Lsvq$K?igO=e!Yl|o+rWNTInG-qs{z*@)2`QM=N573_m z9+LyPO(uKu`;~H6hZtXT<@?%vhgZP-k!y2j^L=iHSqvpxln?T0)pfcWaItX!gX)|u z3o{doyMZf{LavkA-@n4r8z-GkGjyNCdtLmPScJIP{MMEgJhsKs4;C>gGBh>()bX|w fIl;={G`sJ)9qSC4c~^3zmC~25Ij8gA|IGpb3ZH}8 delta 338 zcmcbl(5v8J&?Lag#;Mij(e|B}k)3Hl6aO!RCjM_sjEsi72Hb3%32h#Xsmv@)j0R0? zj}QtO7c{Y5W@%zOztN$CiPJA%!7VeVB(-Sr0ag)KkC2dn;K_TLB_~g16`m~0EPy0` zhe>U7Jo7R}2gj6@Vug~7RE5CO#1u;fxCsg_e!&VQ`3g>%=?cN6MGA>|DGHhX!3u^Z z3Q38@sVNG@mBl5gxy6$k*u;V6D@n14qyqJ{ELkbNE=Q*%VMQsVrpn?Vs2rqYiej@q-&a(l%#8E zmYSlQW}1{{VPRonXli0KS(~*QU7@3s6HuY6i>{lglN*vk$;pu%{F6ViHcr-Ov1H_$ zT+HUHq{kJUT2z)=q>z)JoLG{XpJ%0@$K{rpQ<7SgnU`**ke5IC0GkKUNy?jL*%=vC z3@lCDEZm&Tbd3yLEP)PlG1IkhGj-85b2WA|HZrs{ay2pm>JZ-?$zjaF*2KtQ(D--q zM1l6Q);a+j>?W28L5x5p=WXtZ%zx(Pe)m4- b-IphX_V3x_D{$tr+>#TOHzJ>G7rYGsF71Tv delta 379 zcmbQQ(yQ!X&?MN&#;Mij(e|B}k)3HllVBB4sEmn`(U8}Gn~gJ}&4V$OnT3hbpot?9 zp^$Mw6GsqB6NleM2RW9>7g&@h_p_)@KEslzl9-fikdkC-p_`IuV6JOwYG$UJXlk0I zYiePhl4fXZVU%K$I608DTE)@H*}%mKsL;g`rqI#U)Cr`}#SNs;#l#V)P;xRS+XQyU zl$2tHl8nh4*pw#!VN;px#O?vKRdn-Oc1A`OOIHI!b7NN%U2{tlpp}N^Cc2ImrsldX zmgdfu28I@v#wMnlFL8Kra5ernX#4~8n}NsV1YVQL(Sm-ZbHuNyq!^S;i;P%Wb$5@( z=bH6(&)Tcj#vGm?^ZHNYvvdP4HV$C$oU>(NW@2$SaAi^`Eo8f;uDgHoLB;#}UJi=h z7x)poxDC8>d#AN85K^Ms}tJP5g6#LNl2d84Y<2xY;-p+B_IjnOT?^4Vu_m z5DFO=G_jSkG_e(KbkJs+EXHIw`38&7WKm{yRlT&7RHGDQV+-B1R3lSeQxmf!-NYml z3tcl4(LQSDVu6BZUb3EoQ%-(zcCkWYO0kYY zNl{{Qc4l6>jzU33W-*YVpq7|hV6Bjwm{Xoul&Z%SoLU4j5vV1xBr`wHO5wx&_8maH z2E^C};^=X?W#*Km76CO|DKJ;27EeCNB0kxjNtnZ?xCA6>H<_PFYx5ZvMn)B5OBVxE z0}}&XGe40923%|$z^FNA%figW;%?x|q{#5d>VwUO zMIna*-ptLe|CQjljoozPC)e5a5~qGIb=9;y$)q4XS>c&_`F-mmPL>&_PWK=0b6maQ RyGC&gzvjKa&F5a40{}x3t3Ch# delta 431 zcmdlWzgy11po!m{jZ>@5qwPB{BRkWACVmZ|kO~tcqam*WHydX{n+IbmGYb==K@*z* zLLuXVCN@TvCf2_j9kiJyD=?`~p2K9Nl4OyTmXc(asB2_tnxbo(WMrtDWMFEpo0?>t zY>{M;Xl`MaI$4iNa|2?P_Yw8v8$7@vxSp^BT%s`SaA&- z|Kx+rjZTg!Da8sU8L0{(nTbV-1qv>H!3z0hsYMDNAt3?53MKgpPMPTn!KFnCiFqjs znf}2Fh9(M0iN&cY3dNPhC8@c^lkc&LPyWrK1az?EW(QVAMio;ROE)KHb4y)kV2$!nec#y*X9F%a4q%v`vt?msVsSHYVNyuFrM@{lJLCIvm(7bF zevn92Jt)L<(PfqO#TAVUCVH=W#H0{EYw>|9N49+>5&JAec%DC!ET}o^w$p`ozQ5Uh I)uu&H0GiB)@c;k- diff --git a/signed/tiarapp-tls.mobileconfig b/signed/tiarapp-default-tls.mobileconfig similarity index 81% rename from signed/tiarapp-tls.mobileconfig rename to signed/tiarapp-default-tls.mobileconfig index 6bf8dbaebef9e20d45390928691089b2e73143eb..74c8acd8b68959e4c9ebf80d0c645e870d432a3f 100644 GIT binary patch delta 488 zcmZ21H&x!jpoxDX8>d#AN85K^Ms}tJP5ezjp*ki;Mnhf$ZZ^(@HV?*BW)>z!gC@32 zghIvzO>9vtO>AKs9mJR>Gc)N=-pe91xtB>pCB@v_+$cH4Lf6DJF-_Mr&BRjI!qm)I z*EGc}*~lOz%{a}>bn;E6Y84ldLT49{LPs}UQ#ZIm7c*xg0~a@AH=x1_=9QBlGb+^Q zm!%ddg!lw=`4^-XC6=V7C?r)Xgk&ZbB^D@n<|XSXIOXIgXBR6ZrWETaloTZnIdtWEKM%3TlbD1=b3=i8!(%#xW@}bVq*J@NkmWK|lK$)^(oyOoJLWGsm2B&0Xlre%!bwhywsgzoK*i delta 419 zcmbO#zgW(}pow3ejZ>@5qwPB{BRkWACVl~+5Dyb0qam*WHydX{n+IbmGYb==K@;m& zghIvzO{~vYnphugbP!{joWK;XVwh@bk&>EhqMK}(XsK&zkeIA%VVInxo1AQ!Y-DDb zW@%tzI9Z=ra`GRhBo#wfQwtYYXA@m#Lr0KeM`xg7XD3}}XG>?GVmG+r*~}B{9aB<@ z6-qKv6+$u-ixLYIT>OF+^2<_-6heH06-x3IoHElDf=i1O67y0NGW~-U3{4c05{pw) z6pAa0OHy+uC$dURe#D{#bfx%aRaPcOWhYBR6H6mkT{m+RH(gV619M#qCre9RS4Rt1 zOCuLoOEV|4&0cI?9BfUD3+-BYn!`w*15d0Pv5!DNVrDq%wo4VmGlb$>BWTV diff --git a/src/00-360.json b/src/00-360.json index 44f7706..2092795 100644 --- a/src/00-360.json +++ b/src/00-360.json @@ -1,10 +1,4 @@ { - "id": "360-dns", - "profile": "360-dns-profile", - "name": "360", - "website": "https://sdns.360.net/dnsPublic.html", - "region": "CN", - "censorship": true, "names": { "en": "360 Security DNS", "cmn-CN": "360 安全 DNS", @@ -15,13 +9,19 @@ "cmn-CN": "由 360 数字安全集团运营", "cmn-TW": "由 360 數位安全集團營運" }, - "ServerAddresses": [ - "101.198.198.198", - "101.198.199.200" - ], - "https": { - "PayloadDisplayName": "360 Public Security DNS over HTTPS", - "ServerURLOrName": "https://doh.360.cn/dns-query", - "signature": "3045022000f1c4afee39b143a5b3193fc849d5b1775488e202ca6dc5ff9ab2e50b6d8bfb022100b19549425ff3a369ed6669f45bf2972bd8fcb85b96ad7013dda53494cc795941" + "website": "https://sdns.360.net/dnsPublic.html", + "region": "CN", + "censorship": true, + "variants": { + "default": { + "ServerAddresses": [ + "101.198.198.198", + "101.198.199.200" + ], + "https": { + "ServerURLOrName": "https://doh.360.cn/dns-query", + "signature": "3045022100cf0b6200ce7979bb818415db139aa97f6b6db8d717379c2ed523e485023a1e330220735fd05cbca306fe688503bec1fb2edcdd4688b8c95fe0e8b0e8e6db173b1de7" + } + } } } diff --git a/src/01-adguard-default.json b/src/01-adguard-default.json deleted file mode 100644 index 8e98882..0000000 --- a/src/01-adguard-default.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "id": "adguard-dns-default", - "profile": "adguard-dns-default-profile", - "name": "adguard-default", - "website": "https://adguard-dns.io/kb/general/dns-providers/#default", - "region": "RU", - "censorship": true, - "names": { - "en": "AdGuard DNS Default", - "cmn-CN": "AdGuard DNS 默认", - "cmn-TW": "AdGuard DNS 預設" - }, - "notes": { - "en": "Operated by AdGuard Software Ltd. Blocks ads, tracking & phishing", - "cmn-CN": "由 AdGuard 运营,拦截广告、跟踪器和钓鱼网站", - "cmn-TW": "由 AdGuard 營運,阻擋廣告、追蹤器和釣魚網站" - }, - "fullName": "Adguard Default DNS", - "ServerAddresses": [ - "2a10:50c0::ad1:ff", - "2a10:50c0::ad2:ff", - "94.140.14.14", - "94.140.15.15" - ], - "https": { - "ServerURLOrName": "https://dns.adguard.com/dns-query", - "PayloadDescription": "Configures device to use Adguard Default Encrypted DNS over HTTPS", - "signature": "3046022100df21963cb87bd478cd7985c27eff370522620f349febe9bdc7046ca086da0f46022100f752055d9bca317503ef427103087a18aab012b9be057ff7717c6afb97f8c8ae" - }, - "tls": { - "ServerURLOrName": "dns.adguard.com", - "PayloadDescription": "Configures device to use Adguard Default Encrypted DNS over TLS", - "signature": "3045022100a5245519b88402ab2ee5d2763d7d547515b31eb50bc92ccc338a62b51d7d5dfc0220161eec1a9ea24f2f71c4231a00245704a5f1b67699a976eeb63a3ab20a472abb" - } -} diff --git a/src/01-adguard.json b/src/01-adguard.json new file mode 100644 index 0000000..174d1de --- /dev/null +++ b/src/01-adguard.json @@ -0,0 +1,96 @@ +{ + "names": { + "en": "AdGuard DNS" + }, + "notes": { + "en": "Operated by AdGuard Software Ltd.", + "cmn-CN": "由 AdGuard 运营", + "cmn-TW": "由 AdGuard 營運" + }, + "website": "https://adguard-dns.io/kb/general/dns-providers/#default", + "region": "RU", + "censorship": true, + "variants": { + "default": { + "names": { + "en": "Default", + "cmn-CN": "默认", + "cmn-TW": "預設" + }, + "notes": { + "en": "Blocks ads, tracking & phishing", + "cmn-CN": "拦截广告、跟踪器和钓鱼网站", + "cmn-TW": "阻擋廣告、追蹤器和釣魚網站" + }, + "ServerAddresses": [ + "2a10:50c0::ad1:ff", + "2a10:50c0::ad2:ff", + "94.140.14.14", + "94.140.15.15" + ], + "https": { + "ServerURLOrName": "https://dns.adguard.com/dns-query", + "signature": "30440220375de2ae941e0cd18808a45a84441afe3bdc4b48546022965796123257afa5eb02201226d86321cc6346d4c404f466fa0fdd42b8e9ef5f893783216cbacc321505fc" + }, + "tls": { + "ServerURLOrName": "dns.adguard.com", + "signature": "3046022100fa4420993bad29e01ea11240d5df3a5b2d531618e2553797bd7a402790ee663e0221008d90318c0e60b526c0ef231cf0a2b3cdec47e3f2c08c549fceca51ab08065403" + } + }, + "family": { + "website": "https://adguard-dns.io/kb/general/dns-providers/#family-protection", + "names": { + "en": "Family Protection", + "cmn-CN": "家庭保护", + "cmn-TW": "家庭保護" + }, + "notes": { + "en": "Blocks `Default` + malware & adult content", + "cmn-CN": "除默认规则外,额外拦截恶意软件和成人内容", + "cmn-TW": "除預設規則外,額外阻擋惡意軟體和成人內容" + }, + "ServerAddresses": [ + "2a10:50c0::bad1:ff", + "2a10:50c0::bad2:ff", + "94.140.14.15", + "94.140.15.16" + ], + "https": { + "ServerURLOrName": "https://dns-family.adguard.com/dns-query", + "signature": "3044022036dfca78ce0f7e24e04f299a96e9b8ce2fa563467c6fcf82cc2cf54be30f372b02206bb26c0740e8c117ad80e722f2a8d5a65bfdacdc967590a516d56e9d03a985af" + }, + "tls": { + "ServerURLOrName": "dns-family.adguard.com", + "signature": "304502201271423ed65dd0a26d1c77032b80ee70aa692c62363e8ad088b5a89cf1be9405022100a615e2a22ae529891e1c86aff96620944b87afdd5b83e3d9c65e88fa613598be" + } + }, + "nofilter": { + "website": "https://adguard-dns.io/kb/general/dns-providers/#non-filtering", + "names": { + "en": "Non-filtering", + "cmn-CN": "无过滤", + "cmn-TW": "無過濾" + }, + "notes": { + "en": "Non-filtering", + "cmn-CN": "无过滤", + "cmn-TW": "無過濾" + }, + "censorship": false, + "ServerAddresses": [ + "2a10:50c0::1:ff", + "2a10:50c0::2:ff", + "94.140.14.140", + "94.140.14.141" + ], + "https": { + "ServerURLOrName": "https://dns-unfiltered.adguard.com/dns-query", + "signature": "3045022100ba4b7877563695b68bb3ab7b384a7efcd00cb8c365f0175e181f39f697916f3002203bccc566117ccbc73ff82d8139cbd9b703316d213d17637b4088a4124b99f62c" + }, + "tls": { + "ServerURLOrName": "dns-unfiltered.adguard.com", + "signature": "304502207d32991b63ececdb6217056c9ce4af7d5a7caa7b540d36665ae0bf57234d2473022100c336269381b09ed2e3d5363a42f4599cc6c23f025a9156e9aae3081358e1e4dc" + } + } + } +} diff --git a/src/02-adguard-family.json b/src/02-adguard-family.json deleted file mode 100644 index 4bd1326..0000000 --- a/src/02-adguard-family.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "id": "adguard-dns-family", - "profile": "adguard-dns-family-profile", - "website": "https://adguard-dns.io/kb/general/dns-providers/#family-protection", - "name": "adguard-family", - "region": "RU", - "censorship": true, - "names": { - "en": "AdGuard DNS Family Protection", - "cmn-CN": "AdGuard DNS 家庭保护", - "cmn-TW": "AdGuard DNS 家庭保護" - }, - "notes": { - "en": "Operated by AdGuard Software Ltd. Blocks `Default` + malware & adult content", - "cmn-CN": "由 AdGuard 运营,除默认规则外,额外拦截恶意软件和成人内容", - "cmn-TW": "由 AdGuard 營運,除預設規則外,額外阻擋惡意軟體和成人內容" - }, - "fullName": "AdGuard Family Protection DNS", - "ServerAddresses": [ - "2a10:50c0::bad1:ff", - "2a10:50c0::bad2:ff", - "94.140.14.15", - "94.140.15.16" - ], - "https": { - "ServerURLOrName": "https://dns-family.adguard.com/dns-query", - "PayloadDescription": "Configures device to use AdGuard Family Protection Encrypted DNS over HTTPS", - "signature": "3044022074c179bc2590be09075be69de6db9a9aaa7cc767b37b4b5cc78c3e0b2e4b5af8022004054ccf3791385580848d180da5fd4f3f200bbc39dbbc6452a87d1171cd1408" - }, - "tls": { - "ServerURLOrName": "dns-family.adguard.com", - "PayloadDescription": "Configures device to use AdGuard Family Protection Encrypted DNS over TLS", - "signature": "304502203492132f78e8ba1aac60dadf80b00768dbdf952b9891baa342c6a1ae7be4bd3502210099d752d456f9ff3c6d06795926fd48c896de056e6b9fa5067be3c7d9680e698d" - } -} diff --git a/src/02-alekberg.json b/src/02-alekberg.json new file mode 100644 index 0000000..96da496 --- /dev/null +++ b/src/02-alekberg.json @@ -0,0 +1,28 @@ +{ + "names": { + "en": "Alekberg Encrypted DNS", + "cmn-CN": "Alekberg 加密 DNS", + "cmn-TW": "Alekberg 加密 DNS" + }, + "notes": { + "en": "Independent", + "cmn-CN": "由个人提供", + "cmn-TW": "由個人提供" + }, + "website": "https://alekberg.net", + "region": "NL", + "censorship": false, + "consent": "Privacy policy: https://alekberg.net/privacy", + "variants": { + "default": { + "ServerAddresses": [ + "89.38.131.38", + "2a0c:b9c0:f:451d::1" + ], + "https": { + "ServerURLOrName": "https://dnsnl.alekberg.net/dns-query", + "signature": "3044022005dac8a915cbafbd1e7eb7a118df0c206335fc4b49ec383b27361f1a3448cf5202205d5210e724aa386b7d28f9dd67471ae0e4df4ddb04d1fd2bf371ab392df206a8" + } + } + } +} diff --git a/src/03-adguard-nofilter.json b/src/03-adguard-nofilter.json deleted file mode 100644 index 3bc2d00..0000000 --- a/src/03-adguard-nofilter.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "id": "adguard-dns-unfiltered", - "profile": "adguard-dns-unfiltered-profile", - "website": "https://adguard-dns.io/kb/general/dns-providers/#non-filtering", - "name": "adguard-nofilter", - "region": "RU", - "censorship": false, - "names": { - "en": "AdGuard DNS Non-filtering", - "cmn-CN": "AdGuard DNS 无过滤", - "cmn-TW": "AdGuard DNS 無過濾" - }, - "notes": { - "en": "Operated by AdGuard Software Ltd. Non-filtering", - "cmn-CN": "由 AdGuard 运营,无过滤", - "cmn-TW": "由 AdGuard 營運,無過濾" - }, - "fullName": "Adguard No Filter", - "ServerAddresses": [ - "2a10:50c0::1:ff", - "2a10:50c0::2:ff", - "94.140.14.140", - "94.140.14.141" - ], - "https": { - "ServerURLOrName": "https://dns-unfiltered.adguard.com/dns-query", - "PayloadDescription": "Configures device to use Adguard No Filter Encrypted DNS over TLS", - "signature": "3045022100fdaed8c78e07649e838da505d99f0977c8c4c9acd0bbbbecf850d32b3cf59fbc02202aa3e3f3b8f534404a553067d09e42c3d3c1dc56e564add9aa1f575af66629aa" - }, - "tls": { - "ServerURLOrName": "dns-unfiltered.adguard.com", - "PayloadDescription": "Configures device to use Adguard No Filter Encrypted DNS over TLS", - "signature": "3045022100a98724a7b116b17a4298420cd6485094dd4ee7f99c205e5be3cdaf8ddb1f89d002202f030d4ab8db9892b4e616d5f40e5f34fc6c820d93dd8a53ba5807feeff2b9cf" - } -} diff --git a/src/03-alibaba.json b/src/03-alibaba.json new file mode 100644 index 0000000..55fc749 --- /dev/null +++ b/src/03-alibaba.json @@ -0,0 +1,33 @@ +{ + "names": { + "en": "Aliyun Public DNS", + "cmn-CN": "阿里云公共 DNS", + "cmn-TW": "阿里雲公共 DNS" + }, + "notes": { + "en": "Operated by Alibaba Cloud Ltd.", + "cmn-CN": "由阿里云计算运营", + "cmn-TW": "由阿里雲計算營運" + }, + "website": "https://www.alidns.com/", + "region": "CN", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "2400:3200::1", + "2400:3200:baba::1", + "223.5.5.5", + "223.6.6.6" + ], + "https": { + "ServerURLOrName": "https://dns.alidns.com/dns-query", + "signature": "3043022006a1f7c364f18b69de9a65ad82cc5647f6ec035a9efb7d84bb16237c656e8ea5021f7a0b048a82d147acfb2726cdc48a9bb5ce0c19b701d0b2dde23baf51b6b073" + }, + "tls": { + "ServerURLOrName": "dns.alidns.com", + "signature": "3045022017e0041af2292d0f2d1e152faa7ae95902699a9d240350706e2febb7b8ef3fad022100c4686424fd5827bd250bb40964cd18154bc9fb862c5e63fd2e0a79fd1241768e" + } + } + } +} diff --git a/src/04-alekberg.json b/src/04-alekberg.json deleted file mode 100644 index 7606da5..0000000 --- a/src/04-alekberg.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "id": "alekberg-dns", - "profile": "alekberg-dns-profile", - "name": "alekberg", - "website": "https://alekberg.net", - "region": "NL", - "censorship": false, - "names": { - "en": "Alekberg Encrypted DNS", - "cmn-CN": "Alekberg 加密 DNS", - "cmn-TW": "Alekberg 加密 DNS" - }, - "notes": { - "en": "Independent", - "cmn-CN": "由个人提供", - "cmn-TW": "由個人提供" - }, - "ServerAddresses": [ - "89.38.131.38", - "2a0c:b9c0:f:451d::1" - ], - "https": { - "PayloadDisplayName": "Alekberg DNS over HTTPS (nl)", - "ServerURLOrName": "https://dnsnl.alekberg.net/dns-query", - "top": { - "description": "This profile enables Alekberg DNS over HTTPS located in Amsterdam (DNSSEC enabled) on all networks using the iOS 14 / macOS Big Sur Encrypted DNS feature." - }, - "ConsentTextDefault": "Privacy policy: https://alekberg.net/privacy", - "signature": "3046022100e5a8e20dd6836cb41e74aa7a529f1bc6dabaccd0b191cbe09f973815c3d035fd022100a7250b2209274b5e0f54deed17a2d221e33dbe836e4f0cad08e5fa4bf5da20a4" - } -} diff --git a/src/04-blahdns.json b/src/04-blahdns.json new file mode 100644 index 0000000..e47513d --- /dev/null +++ b/src/04-blahdns.json @@ -0,0 +1,91 @@ +{ + "names": { + "en": "BlahDNS" + }, + "notes": { + "en": "Independent.", + "cmn-CN": "由个人提供", + "cmn-TW": "由個人提供" + }, + "website": "https://blahdns.com/", + "region": "US", + "censorship": true, + "consent": "Privacy policy:\nhttps://blahdns.com", + "variants": { + "cdn-adblock": { + "https": { + "ServerURLOrName": "https://doh1.blahdns.com/dns-query", + "signature": "3045022100d1197f91d4678bd68cfa78cfd487a37b3783a1e7aedfe6048f835b99d11ff2e902206ab8c2e060feab91f22166e9e874dbfcb9c95c6eadb88440ba95d2b58fd75313" + }, + "names": { + "en": "CDN Filtered", + "cmn-CN": "CDN 过滤", + "cmn-TW": "CDN 過濾" + }, + "notes": { + "en": "Blocks ads, tracking & malware", + "cmn-CN": "拦截广告、跟踪器和恶意软件", + "cmn-TW": "阻擋廣告、追蹤器和惡意軟體" + } + }, + "cdn-unfiltered": { + "names": { + "en": "CDN Unfiltered", + "cmn-CN": "CDN 无过滤", + "cmn-TW": "CDN 無過濾" + }, + "notes": { + "en": "Non-filtering", + "cmn-CN": "无过滤", + "cmn-TW": "無過濾" + }, + "censorship": false, + "https": { + "ServerURLOrName": "https://doh1.blahdns.com/uncensor", + "signature": "304402203ff18b8ee33567f827fb9fbab11313653e88070f314fa95e40dc1558f39b733702204f9f5b74815023320b5d3e558257fdb135832425b384087e141a4995b8da75d3" + } + }, + "germany": { + "region": "DE", + "names": { + "en": "Germany", + "cmn-CN": "德国", + "cmn-TW": "德國" + }, + "ServerAddresses": [ + "78.46.244.143", + "2a01:4f8:c17:ec67::1" + ], + "https": { + "ServerURLOrName": "https://doh-de.blahdns.com/dns-query", + "signature": "30460221009f91f2f5b4905134c7e4e0bbcbae1331b0f32283affdd911f33e86760ce2a3e0022100dca0ee0fda0c9ff9c5ec23b255c2bc4f90288a4bfc8b0091007470b7952369a0" + }, + "notes": { + "en": "Blocks ads, tracking & malware", + "cmn-CN": "拦截广告、跟踪器和恶意软件", + "cmn-TW": "阻擋廣告、追蹤器和惡意軟體" + } + }, + "singapore": { + "region": "SG", + "names": { + "en": "Singapore", + "cmn-CN": "新加坡", + "cmn-TW": "新加坡" + }, + "ServerAddresses": [ + "46.250.226.242", + "2407:3640:2205:1668::1" + ], + "https": { + "ServerURLOrName": "https://doh-sg.blahdns.com/dns-query", + "signature": "304402203afd29c961f211de6ff5b73896bdb7d7d3a9255a6147233df434ac371bf4a75e022053f66d018a48b159212cfb64382b7b0d0def6982a70be6526d8a05b087a3b20c" + }, + "notes": { + "en": "Blocks ads, tracking & malware", + "cmn-CN": "拦截广告、跟踪器和恶意软件", + "cmn-TW": "阻擋廣告、追蹤器和惡意軟體" + } + } + } +} diff --git a/src/05-alibaba.json b/src/05-alibaba.json deleted file mode 100644 index fed05f6..0000000 --- a/src/05-alibaba.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "id": "aliyun-dns", - "profile": "aliyun-dns-profile", - "name": "alibaba", - "website": "https://www.alidns.com/", - "region": "CN", - "censorship": false, - "names": { - "en": "Aliyun Public DNS", - "cmn-CN": "阿里云公共 DNS", - "cmn-TW": "阿里雲公共 DNS" - }, - "notes": { - "en": "Operated by Alibaba Cloud Ltd.", - "cmn-CN": "由阿里云计算运营", - "cmn-TW": "由阿里雲計算營運" - }, - "fullName": "AliDNS", - "ServerAddresses": [ - "2400:3200::1", - "2400:3200:baba::1", - "223.5.5.5", - "223.6.6.6" - ], - "https": { - "topName": "AliDNS over HTTPS", - "PayloadDisplayName": "AliDNS DNS over HTTPS", - "ServerURLOrName": "https://dns.alidns.com/dns-query", - "PayloadDescription": "Configures device to use AliDNS Encrypted DNS over TLS", - "signature": "304502200170d17180aa1ae7c71775a5c1f79c0b1cf3e4edbf509f6e502a1c391feb1b280221009c90577368953b0025f316cbf40054bcf47c9b57da56d7b812847372746c3427" - }, - "tls": { - "topName": "AliDNS over TLS", - "PayloadDisplayName": "AliDNS DNS over TLS", - "ServerURLOrName": "dns.alidns.com", - "PayloadDescription": "Configures device to use AliDNS Encrypted DNS over TLS", - "signature": "3045022031d3b7452ed4555c68470a9f62c91836aa16dfc1fc615ecf835fb75fba8f3447022100f8081ce3e5c4f1227d9c79da26850ef595833c7133e6dce199d7936fd81c2365" - } -} diff --git a/src/05-canadianshield.json b/src/05-canadianshield.json new file mode 100644 index 0000000..73d0071 --- /dev/null +++ b/src/05-canadianshield.json @@ -0,0 +1,90 @@ +{ + "names": { + "en": "Canadian Shield" + }, + "notes": { + "en": "Operated by the Canadian Internet Registration Authority (CIRA)", + "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营", + "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運" + }, + "website": "https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses", + "region": "CA", + "censorship": false, + "variants": { + "private": { + "ServerAddresses": [ + "2620:10a:80bb::10", + "2620:10a:80bc::10", + "149.112.121.10", + "149.112.122.10" + ], + "https": { + "ServerURLOrName": "https://private.canadianshield.cira.ca/dns-query", + "signature": "3045022100eb0b5ecf39a8918c17be90210ba5515d385b27777afb75eb28046478016d123f022009c500ab97664e99fe82ab092a39f32518ae812c9661ed0db12d21421bdab829" + }, + "tls": { + "ServerURLOrName": "private.canadianshield.cira.ca", + "signature": "3045022100e4a9a6f7eddd3db61efa16d68a44351c365bc751fe03974125f9de8c913fbd4102201c79a1826ad9d261a26a553a332ec751dccb09130d0c6983f0fe37c11f912e06" + }, + "names": { + "en": "Private", + "cmn-CN": "私人", + "cmn-TW": "私人" + } + }, + "protected": { + "names": { + "en": "Protected", + "cmn-CN": "保护", + "cmn-TW": "保護" + }, + "notes": { + "en": "Blocks malware & phishing", + "cmn-CN": "拦截恶意软件和钓鱼网站", + "cmn-TW": "阻擋惡意軟體和釣魚網站" + }, + "censorship": true, + "ServerAddresses": [ + "2620:10a:80bb::20", + "2620:10a:80bc::20", + "149.112.121.20", + "149.112.122.20" + ], + "https": { + "ServerURLOrName": "https://protected.canadianshield.cira.ca/dns-query", + "signature": "304402207ecc88b83c46bb83d3d37b8c0b4150ff66d0839ad1eba739ad25261ffc61a75802200b8ad6da7849f7a1a7d3c5cc635060c6191d9f0a4a7d96fae8367b2c06115e47" + }, + "tls": { + "ServerURLOrName": "protected.canadianshield.cira.ca", + "signature": "304402206397986a7d3def4e12c25c3414f872a3de1dfd3a72b8e8e75b1e28441775fd9002200b240cbb7ec3b2a563d7304a0b9134e888d2694dc5e2df87c7037721c5b6dd2f" + } + }, + "family": { + "names": { + "en": "Family", + "cmn-CN": "家庭", + "cmn-TW": "家庭" + }, + "notes": { + "en": "Blocks malware, phishing & adult content", + "cmn-CN": "拦截恶意软件、钓鱼和成人内容", + "cmn-TW": "阻擋惡意軟體、釣魚和成人內容" + }, + "censorship": true, + "ServerAddresses": [ + "2620:10a:80bb::30", + "2620:10a:80bc::30", + "149.112.121.30", + "149.112.122.30" + ], + "https": { + "ServerURLOrName": "https://family.canadianshield.cira.ca/dns-query", + "signature": "3045022070c870743bf71838de470b99667cdec2a804dbe3df7697040571d63272b19e57022100c3e1b42a48421ce522795ed9e79d05ec7fb7d88a697d5f18076e6ef283e0334e" + }, + "tls": { + "ServerURLOrName": "family.canadianshield.cira.ca", + "signature": "304402202c6e7f0fe6f7362a12ba559771c24068448bca3faf06abd730da8be997e285f20220126d903ec2f98dcecdd46c7db18e5e3950af4b8b1f97868113dec088cb1e1846" + } + } + } +} diff --git a/src/06-blahdns-cdn-adblock.json b/src/06-blahdns-cdn-adblock.json deleted file mode 100644 index 0bc249f..0000000 --- a/src/06-blahdns-cdn-adblock.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "id": "blahdns", - "profile": "blahdns-cdn-filtered-profile", - "name": "blahdns-cdn-adblock", - "website": "https://blahdns.com/", - "region": "US", - "censorship": true, - "names": { - "en": "BlahDNS CDN Filtered", - "cmn-CN": "BlahDNS CDN 过滤", - "cmn-TW": "BlahDNS CDN 過濾" - }, - "notes": { - "en": "Independent. Blocks ads, tracking & malware", - "cmn-CN": "由个人提供,拦截广告、跟踪器和恶意软件", - "cmn-TW": "由個人提供,阻擋廣告、追蹤器和惡意軟體" - }, - "https": { - "PayloadDisplayName": "BlahDNS (CDN / Adblock / Primary) DNS over HTTPS", - "ServerURLOrName": "https://doh1.blahdns.com/dns-query", - "top": { - "description": "This profile enables BlahDNS (CDN / Adblock / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature." - }, - "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com", - "signature": "3045022038ea35dc1394f6c3664c23dfc2b8a938742bf03b1e4ad57f0b016a1ee26e7082022100d41aec4c912054d51a75533a0bffa18e53966898014834ea6392d8e11e2f5021" - } -} diff --git a/src/06-cleanbrowsing.json b/src/06-cleanbrowsing.json new file mode 100644 index 0000000..31fdea0 --- /dev/null +++ b/src/06-cleanbrowsing.json @@ -0,0 +1,88 @@ +{ + "names": { + "en": "Cleanbrowsing" + }, + "website": "https://cleanbrowsing.org/filters/", + "region": "US", + "censorship": true, + "variants": { + "family": { + "ServerAddresses": [ + "2a0d:2a00:1::", + "2a0d:2a00:1::", + "185.228.169.168", + "185.228.168.168" + ], + "https": { + "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/family-filter/", + "signature": "3045022100e116667db75c84e7c224872a91110dbf175db1e307d13c0cb3fe903aed084ab402203a5addc46dfa935ab72bb2cf1be35ba44463c8358186d3e016e300328eb26ea0" + }, + "tls": { + "ServerURLOrName": "family-filter-dns.cleanbrowsing.org", + "signature": "3046022100ce3eb2b2a462990326fdea4b6b7c2f771fd22ba2932efae72228c8d16b15f1a50221008d8640146bc45e1231ba3388d1a5f8019054b7454192b7f9825577f42d6cea2d" + }, + "names": { + "en": "Family Filter", + "cmn-CN": "家庭过滤器", + "cmn-TW": "家庭過濾器" + }, + "notes": { + "en": "Filters malware & adult, mixed content", + "cmn-CN": "过滤恶意软件、成人内容和混合内容", + "cmn-TW": "過濾惡意軟體、成人內容和混合內容" + } + }, + "adult": { + "names": { + "en": "Adult Filter", + "cmn-CN": "成人过滤器", + "cmn-TW": "成人過濾器" + }, + "notes": { + "en": "Filters malware & adult content", + "cmn-CN": "过滤恶意软件和成人内容", + "cmn-TW": "過濾惡意軟體和成人內容" + }, + "ServerAddresses": [ + "2a0d:2a00:1::1", + "2a0d:2a00:2::1", + "185.228.169.10", + "185.228.168.10" + ], + "https": { + "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/adult-filter/", + "signature": "304402201bcf2615d755b30a6c2b4e38a0b5f10e31c27ecb911f75931d9445d69890885f022077daa29854203da1ab48d1b52b837f003fc6bf08a5263b86fef07ca59b67c00d" + }, + "tls": { + "ServerURLOrName": "adult-filter-dns.cleanbrowsing.org", + "signature": "30450221008ca3aa72e34af676d5ff24afe939a9ad5ce08bb695f33b572a7a970c29c2ba88022050909ba8c55dbb6e4eb3c36c24b0fa51a32e8056a46e822cc5618185cf073dc6" + } + }, + "security": { + "names": { + "en": "Security Filter", + "cmn-CN": "安全过滤器", + "cmn-TW": "安全過濾器" + }, + "notes": { + "en": "Filters malware", + "cmn-CN": "过滤恶意软件", + "cmn-TW": "過濾惡意軟體" + }, + "ServerAddresses": [ + "2a0d:2a00:1::2", + "2a0d:2a00:2::2", + "185.228.168.9", + "185.228.169.9" + ], + "https": { + "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/security-filter/", + "signature": "3046022100aff11ce818e66df55d4b59761c7714d23f1dc37d848f7a9e9d9135844ba5e2f8022100ac8cd28cccac15fbd7c9ef6a647200fbdde5aee299bd2ab8f11edc5127c20b38" + }, + "tls": { + "ServerURLOrName": "security-filter-dns.cleanbrowsing.org", + "signature": "3045022100e746604c4b341d9563f14fc87658157e16737909e9836d6e748eeeb1ce5ee3db022053320f489c7d148a70356d0778086e4cb3d3bcefbbcf5b6f7d6a18ad741edb85" + } + } + } +} diff --git a/src/07-blahdns-cdn-unfiltered.json b/src/07-blahdns-cdn-unfiltered.json deleted file mode 100644 index a14f062..0000000 --- a/src/07-blahdns-cdn-unfiltered.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "id": "blahdns", - "profile": "blahdns-cdn-unfiltered-profile", - "name": "blahdns-cdn-unfiltered", - "region": "US", - "censorship": false, - "names": { - "en": "BlahDNS CDN Unfiltered", - "cmn-CN": "BlahDNS CDN 无过滤", - "cmn-TW": "BlahDNS CDN 無過濾" - }, - "notes": { - "en": "Independent. Non-filtering", - "cmn-CN": "由个人提供,无过滤", - "cmn-TW": "由個人提供,無過濾" - }, - "https": { - "PayloadDisplayName": "BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS", - "ServerURLOrName": "https://doh1.blahdns.com/uncensor", - "top": { - "description": "This profile enables BlahDNS (CDN / Unfiltered / Primary) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature." - }, - "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com", - "signature": "3046022100e7d9c2efa6e913f79fa26f324c95e06c855111ec723fd651f7f7b6ca1a0ab88b022100c78ee5cb36042c74068754fd00bfb0b1731fda08159dd672f824ba45e3b92b30" - } -} diff --git a/src/07-cloudflare.json b/src/07-cloudflare.json new file mode 100644 index 0000000..b6f41c5 --- /dev/null +++ b/src/07-cloudflare.json @@ -0,0 +1,78 @@ +{ + "names": { + "en": "Cloudflare 1.1.1.1" + }, + "notes": { + "en": "Operated by Cloudflare Inc.", + "cmn-CN": "由 Cloudflare 公司运营", + "cmn-TW": "由 Cloudflare 公司營運" + }, + "website": "https://developers.cloudflare.com/1.1.1.1/encryption/", + "region": "US", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "2606:4700:4700::1111", + "2606:4700:4700::1001", + "1.1.1.1", + "1.0.0.1" + ], + "https": { + "ServerURLOrName": "https://cloudflare-dns.com/dns-query", + "signature": "3046022100a02a5c33109ca27befc04ef356f2cf6bf108be7a90063ee58263f126e8de59bc022100fe97730bb1fc44d4995e201a0bbfc725d551cee28a4b44aa1292ce019a40f886" + }, + "tls": { + "ServerURLOrName": "one.one.one.one", + "signature": "304402206bc315756e6167b9cddb2af35283b366e92a52dd972d8c6f231d53a143bcaeff022038325f16dda82a4e3539fb8da458c2d2f37f0b2bfd6e44120db039faf8c97f3c" + } + }, + "malware": { + "names": { + "en": "Security", + "cmn-CN": "安全", + "cmn-TW": "安全" + }, + "notes": { + "en": "Blocks malware & phishing", + "cmn-CN": "拦截恶意软件和钓鱼网站", + "cmn-TW": "阻擋惡意軟體和釣魚網站" + }, + "censorship": true, + "ServerAddresses": [ + "2606:4700:4700::1112", + "2606:4700:4700::1002", + "1.1.1.2", + "1.0.0.2" + ], + "https": { + "ServerURLOrName": "https://security.cloudflare-dns.com/dns-query", + "signature": "304502206319ac3ea232414c6acffd2771a27b854e01c18b4a9f0b469d91b7f3dacc72a2022100fdd25c7b3565991e559b465a9c1ae088ab3fa2937be1cc7ad90dfca539e7034c" + } + }, + "family": { + "website": "https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families", + "names": { + "en": "Family", + "cmn-CN": "家庭", + "cmn-TW": "家庭" + }, + "notes": { + "en": "Blocks malware, phishing & adult content", + "cmn-CN": "拦截恶意软件、钓鱼和成人内容", + "cmn-TW": "阻擋惡意軟體、釣魚和成人內容" + }, + "censorship": true, + "ServerAddresses": [ + "2606:4700:4700::1113", + "2606:4700:4700::1003", + "1.1.1.3", + "1.0.0.3" + ], + "https": { + "ServerURLOrName": "https://family.cloudflare-dns.com/dns-query", + "signature": "30450220020714ea5d23a024b1f021ade296da07e9f1b165df402938c571999d5e9e72eb02210094f10b12d8746caf66486e7dec454767d6fb58283b4914ae1607edc5b93abe54" + } + } + } +} diff --git a/src/08-blahdns-germany.json b/src/08-blahdns-germany.json deleted file mode 100644 index ca4b301..0000000 --- a/src/08-blahdns-germany.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "id": "blahdns", - "profile": "blahdns-germany-profile", - "name": "blahdns-germany", - "region": "DE", - "censorship": true, - "names": { - "en": "BlahDNS Germany", - "cmn-CN": "BlahDNS 德国", - "cmn-TW": "BlahDNS 德國" - }, - "notes": { - "en": "Independent. Blocks ads, tracking & malware", - "cmn-CN": "由个人提供,拦截广告、跟踪器和恶意软件", - "cmn-TW": "由個人提供,阻擋廣告、追蹤器和惡意軟體" - }, - "ServerAddresses": [ - "78.46.244.143", - "2a01:4f8:c17:ec67::1" - ], - "https": { - "PayloadDisplayName": "BlahDNS (Germany) DNS over HTTPS", - "ServerURLOrName": "https://doh-de.blahdns.com/dns-query", - "top": { - "description": "This profile enables BlahDNS (Germany) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature." - }, - "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com", - "signature": "3045022100ad5a23f54ee2f57f8719b2958057029defac0c4a80bad51e93676f1b4c18f34302205c7ed04674652ccce814fc31b459bda8197c9c16c60c73d4fb2a7eefac1b860c" - } -} diff --git a/src/08-dns4eu.json b/src/08-dns4eu.json new file mode 100644 index 0000000..cdac242 --- /dev/null +++ b/src/08-dns4eu.json @@ -0,0 +1,122 @@ +{ + "names": { + "en": "DNS4EU" + }, + "notes": { + "en": "Operated by a consortium lead by Whalebone." + }, + "website": "https://www.joindns4.eu/for-public", + "region": "CZ", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "2a13:1001::86:54:11:100", + "2a13:1001::86:54:11:200", + "86.54.11.100", + "86.54.11.200" + ], + "https": { + "ServerURLOrName": "https://unfiltered.joindns4.eu/dns-query", + "signature": "3046022100aa46d30c0b2cb4c6f1d6a70bc5c8bd34cb4db765035eb322e065f84844bc7cef022100d94354875d46e9fadf7143b851323f9582c2426d78b264abb662aad1f92315d7" + }, + "tls": { + "ServerURLOrName": "unfiltered.joindns4.eu", + "signature": "3045022100a55d8e2d7f9fca9bbcb61dc18b8bad6faebc4550481c6ebdfcb01c8b3a66b1af022067f8972c113c21e50954bda40ef916481d667f7a7a68c7e42d4aa71c3a6cbfa0" + }, + "names": {} + }, + "malware": { + "names": { + "en": "Protective" + }, + "notes": { + "en": "Blocks Malware." + }, + "censorship": true, + "ServerAddresses": [ + "2a13:1001::86:54:11:1", + "2a13:1001::86:54:11:201", + "86.54.11.1", + "86.54.11.201" + ], + "https": { + "ServerURLOrName": "https://protective.joindns4.eu/dns-query", + "signature": "304402200e1eb6214b3ce181603a4d0c6e3577412e78944e69e19cf6939c56d5c860f7d10220461e4700ac321a2ffab3b8c13dc65c6185ace5839c6c5c81cbdcdbc9a1a7a4c0" + }, + "tls": { + "ServerURLOrName": "protective.joindns4.eu", + "signature": "3044022034b10d802760a49b0d6772c3914430b2af653605cc43b2939ce5b2f9fd21df2002206ea5b55414a5f015cc1c9cad0e72b2a4fbca41a0650e2c5e4b965a8436e978dc" + } + }, + "protective-ads": { + "names": { + "en": "Protective ad-blocking" + }, + "notes": { + "en": "Blocks Malware and Ads" + }, + "censorship": true, + "ServerAddresses": [ + "2a13:1001::86:54:11:13", + "2a13:1001::86:54:11:213", + "86.54.11.13", + "86.54.11.213" + ], + "https": { + "ServerURLOrName": "https://noads.joindns4.eu/dns-query", + "signature": "3045022100c8ae72adf5b3bd0e61f0abf4497c88ff58d2de78eee33c1ca39bbbb5ed4953cb02204c0664b2b1355ca588cdccbfbf99e2957160f84d6664d2f166b6ac6a7aed9a91" + }, + "tls": { + "ServerURLOrName": "noads.joindns4.eu", + "signature": "3045022100cb38254dfebf0791401d7d0ab155bc888f0c9e974080753f9f5e71ebcda0ea8702204b8b6315430e6ca4e7ee62ac79d21469ae0affdead708bf7c1b901e0b9f97d8c" + } + }, + "protective-child": { + "names": { + "en": "Protective with child protection" + }, + "notes": { + "en": "Blocks malware and explicit content." + }, + "censorship": true, + "ServerAddresses": [ + "2a13:1001::86:54:11:12", + "2a13:1001::86:54:11:212", + "86.54.11.12", + "86.54.11.212" + ], + "https": { + "ServerURLOrName": "https://child.joindns4.eu/dns-query", + "signature": "304402201a899df9a468bb7d057316b65988520ca6b5f2007cc337f011990f68b91664b002207c64bc19b6f58d913d6dc701e7f034fa8dd1594b5f79794388637fe85d168bb3" + }, + "tls": { + "ServerURLOrName": "child.joindns4.eu", + "signature": "30450220294497a83786624a1b24102b61de64b65701dd243e1aef5b3386d0836b9cf8e2022100c550c6824e2a027f01779db87bf07be2676710611b29e9be96f89733a13250c3" + } + }, + "protective-child-ads": { + "names": { + "en": "Protective with child protection & ad-blocking" + }, + "notes": { + "en": "Blocks Malware, Ads and explicit content" + }, + "censorship": true, + "ServerAddresses": [ + "2a13:1001::86:54:11:11", + "2a13:1001::86:54:11:211", + "86.54.11.11", + "86.54.11.211" + ], + "https": { + "ServerURLOrName": "https://child-noads.joindns4.eu/dns-query", + "signature": "30450220340142a0729934a351de8f6948ffa57c133549a2da78198ac422ff906f4e42b4022100a1b7dbe86dec0e7644c3c161bffda3b7d32de43b46180d42a92f0e30c6f3d82c" + }, + "tls": { + "ServerURLOrName": "child-noads.joindns4.eu", + "signature": "304502210097d5ea662df171fab1ccce018539162c955aa56c5973072d7798664531d38f6902201883387630877a5091fdeb28cb9f2ac9bb0ce075098dfde2d378886af7383f71" + } + } + } +} diff --git a/src/09-blahdns-singapore.json b/src/09-blahdns-singapore.json deleted file mode 100644 index 8c443aa..0000000 --- a/src/09-blahdns-singapore.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "id": "blahdns", - "profile": "blahdns-singapore-profile", - "name": "blahdns-singapore", - "region": "SG", - "censorship": true, - "names": { - "en": "BlahDNS Singapore", - "cmn-CN": "BlahDNS 新加坡", - "cmn-TW": "BlahDNS 新加坡" - }, - "notes": { - "en": "Independent. Blocks ads, tracking & malware", - "cmn-CN": "由个人提供,拦截广告、跟踪器和恶意软件", - "cmn-TW": "由個人提供,阻擋廣告、追蹤器和惡意軟體" - }, - "ServerAddresses": [ - "46.250.226.242", - "2407:3640:2205:1668::1" - ], - "https": { - "PayloadDisplayName": "BlahDNS (Singapore) DNS over HTTPS", - "ServerURLOrName": "https://doh-sg.blahdns.com/dns-query", - "top": { - "description": "This profile enables BlahDNS (Singapore) DNS over HTTPS on all networks using the iOS 14 / iPadOS 14 / tvOS 14 / macOS Big Sur Encrypted DNS feature." - }, - "ConsentTextDefault": "Privacy policy:\nhttps://blahdns.com", - "signature": "30440220037e9ef25dfd24ff0ae65fcb2d52f2579054720d38b74c7463fe54f91dcdb451022065280f3dcffc75ec3d01fe12297355018c00ba6185a6b701a4dbe92c898d8717" - } -} diff --git a/src/09-dnspod.json b/src/09-dnspod.json new file mode 100644 index 0000000..e8f24b9 --- /dev/null +++ b/src/09-dnspod.json @@ -0,0 +1,31 @@ +{ + "names": { + "en": "DNSPod Public DNS", + "cmn-CN": "DNSPod 公共 DNS", + "cmn-TW": "DNSPod 公共 DNS" + }, + "notes": { + "en": "Operated by DNSPod Inc., a Tencent Cloud Company", + "cmn-CN": "由腾讯公司 DNSPod 运营", + "cmn-TW": "由騰訊公司 DNSPod 營運" + }, + "website": "https://www.dnspod.com/products/public.dns", + "region": "CN", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "1.12.12.12", + "120.53.53.53" + ], + "https": { + "ServerURLOrName": "https://doh.pub/dns-query", + "signature": "3046022100a1e11d6e6bd66005a345d35d87256ca7f4148996b15908f5bf9e7c8d368a9a1002210085f5dc0214602e8d53af50d3cdafac9068b9c5f16f1638095a929b830d09f655" + }, + "tls": { + "ServerURLOrName": "dot.pub", + "signature": "3046022100eb47e3b0933d906768b49b77051f77392bb221850ddaf1b394e3af7a0830cba0022100ba015a8c9ab990afa499b93b9d63984d0e5e0c74ebaca84befa976c35cd938a3" + } + } + } +} diff --git a/src/10-canadianshield-private.json b/src/10-canadianshield-private.json deleted file mode 100644 index f53e09c..0000000 --- a/src/10-canadianshield-private.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "id": "canadian-shield", - "profile": "canadian-shield-private-profile", - "name": "canadianshield-private", - "website": "https://www.cira.ca/cybersecurity-services/canadian-shield/configure/summary-cira-canadian-shield-dns-resolver-addresses", - "region": "CA", - "censorship": false, - "names": { - "en": "Canadian Shield Private", - "cmn-CN": "Canadian Shield 私人", - "cmn-TW": "Canadian Shield 私人" - }, - "notes": { - "en": "Operated by the Canadian Internet Registration Authority (CIRA)", - "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营", - "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運" - }, - "fullName": "Canadian Shield DNS", - "ServerAddresses": [ - "2620:10a:80bb::10", - "2620:10a:80bc::10", - "149.112.121.10", - "149.112.122.10" - ], - "https": { - "ServerURLOrName": "https://private.canadianshield.cira.ca/dns-query", - "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over HTTPS", - "signature": "3045022064d30f7786ac873e3124e4242c096f6c5ac09df6cbbe1e41a57e2da3909a9bdd022100feb8b7af5749d0641c221bda13b18efb6c4972788c0941c627a78f62f7ed00c4" - }, - "tls": { - "ServerURLOrName": "private.canadianshield.cira.ca", - "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over TLS", - "signature": "3045022100ccd427a95a8cf6a36759d7c3bed8971cbd307dbe2ddce55f5106a801577f269902203091115303e173af130b74424bed413b9a240a037e8d47a558d3414fae7d88ed" - } -} diff --git a/src/10-fdn.json b/src/10-fdn.json new file mode 100644 index 0000000..515ea6a --- /dev/null +++ b/src/10-fdn.json @@ -0,0 +1,31 @@ +{ + "names": { + "en": "FDN" + }, + "notes": { + "en": "Operated by French Data Network", + "cmn-CN": "由法国数据网络运营", + "cmn-TW": "由法國資料網路營運" + }, + "website": "https://www.fdn.fr/actions/dns/", + "region": "FR", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "2001:910:800::12", + "2001:910:800::40", + "80.67.169.12", + "80.67.169.40" + ], + "https": { + "ServerURLOrName": "https://ns0.fdn.fr/dns-query", + "signature": "3045022100fe76e468888071eacb8bf94a1afb14ce152965c5f2bca0052c1493ccbb36d037022031bc9a1b508519f7827e0ee3903799dea0f5983b81bd3cea3d8e8bd2997a3da7" + }, + "tls": { + "ServerURLOrName": "dns.fdn", + "signature": "3044022066e68e444d5c97c4ae03ed5b02790acce9dc156103d28e1299b7e51bef53f8a7022027805e23cc2abd2ac41b000399af91770713e8cd202b5dd44cfe8248f8f7b93f" + } + } + } +} diff --git a/src/11-canadianshield-protected.json b/src/11-canadianshield-protected.json deleted file mode 100644 index c1742f5..0000000 --- a/src/11-canadianshield-protected.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "id": "canadian-shield", - "profile": "canadian-shield-protected-profile", - "name": "canadianshield-protected", - "region": "CA", - "censorship": true, - "names": { - "en": "Canadian Shield Protected", - "cmn-CN": "Canadian Shield 保护", - "cmn-TW": "Canadian Shield 保護" - }, - "notes": { - "en": "Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware & phishing", - "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件和钓鱼网站", - "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體和釣魚網站" - }, - "fullName": "Canadian Shield DNS", - "ServerAddresses": [ - "2620:10a:80bb::20", - "2620:10a:80bc::20", - "149.112.121.20", - "149.112.122.20" - ], - "https": { - "ServerURLOrName": "https://protected.canadianshield.cira.ca/dns-query", - "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over HTTPS", - "signature": "3046022100ea3e2a32c9388934fadf4c2fa85a8fb7cda2e8b7c74d28d100bcd55cd6e7fdca022100d7534b66709250534837170435099564cd2171b1a2a6417eba4b0780306a0067" - }, - "tls": { - "ServerURLOrName": "protected.canadianshield.cira.ca", - "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over TLS", - "signature": "304402207fba8c60ec07e86af9f0a4af52824cf0f8b49e60ee08bd4fa11f6c3bb1d5f4ea02206749502bb42c7b0f0820902665b0e9277300ef673c8ffe54ee5b9dfec1debb73" - } -} diff --git a/src/11-ffmuc-dns.json b/src/11-ffmuc-dns.json new file mode 100644 index 0000000..324d542 --- /dev/null +++ b/src/11-ffmuc-dns.json @@ -0,0 +1,29 @@ +{ + "names": { + "en": "FFMUC-DNS" + }, + "notes": { + "en": "FFMUC free DNS servers provided by Freifunk München." + }, + "website": "https://ffmuc.net/wiki/knb:dohdot_en", + "region": "DE", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "2001:678:e68:f000::", + "2001:678:ed0:f000::", + "5.1.66.255", + "185.150.99.255" + ], + "https": { + "ServerURLOrName": "https://doh.ffmuc.net/dns-query", + "signature": "3046022100bbbec5ffdcdaa53daa9ddc6907722684fa3307a23e73ce30ea3e9554d737e8a9022100e7bbcffe01d4258ed26710a5b37d88b45390848051f28d5e8f7fbef70de27988" + }, + "tls": { + "ServerURLOrName": "dot.ffmuc.net", + "signature": "3046022100f68f3d200f876fd907021662cf128eb7d2029796b2af310e1bae226ed3c8fd82022100dc2fd434129265ae4f44e6747ec2074288147fddd49ad07eb42c54c2fc448ba3" + } + } + } +} diff --git a/src/12-canadianshield-family.json b/src/12-canadianshield-family.json deleted file mode 100644 index 9637324..0000000 --- a/src/12-canadianshield-family.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "id": "canadian-shield", - "profile": "canadian-shield-family-profile", - "name": "canadianshield-family", - "region": "CA", - "censorship": true, - "names": { - "en": "Canadian Shield Family", - "cmn-CN": "Canadian Shield 家庭", - "cmn-TW": "Canadian Shield 家庭" - }, - "notes": { - "en": "Operated by the Canadian Internet Registration Authority (CIRA). Blocks malware, phishing & adult content", - "cmn-CN": "由加拿大互联网注册管理局 (CIRA) 运营,拦截恶意软件、钓鱼和成人内容", - "cmn-TW": "由加拿大網際網路註冊管理局 (CIRA) 營運,阻擋惡意軟體、釣魚和成人內容" - }, - "fullName": "Canadian Shield DNS", - "ServerAddresses": [ - "2620:10a:80bb::30", - "2620:10a:80bc::30", - "149.112.121.30", - "149.112.122.30" - ], - "https": { - "ServerURLOrName": "https://family.canadianshield.cira.ca/dns-query", - "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over HTTPS", - "signature": "3045022100e438440001c1efd68be7986f050e6b0376c982b6ea5948d1f4266839801628920220271416bfb37f6e0f9257648eb35a17c54059e60812d6e0c543921b47f7cc086e" - }, - "tls": { - "ServerURLOrName": "family.canadianshield.cira.ca", - "PayloadDescription": "Configures device to use Canadian Shield Encrypted DNS over TLS", - "signature": "30450220273eb0f462105c04ce400559be7e5334139ee5791ec1295ff531adbecd633295022100ceb65d82f23c206098ba9d9d6637fd5368280f51d5801a42e6e909347ab3e238" - } -} diff --git a/src/12-google.json b/src/12-google.json new file mode 100644 index 0000000..9739a52 --- /dev/null +++ b/src/12-google.json @@ -0,0 +1,33 @@ +{ + "names": { + "en": "Google Public DNS", + "cmn-CN": "Google 公共 DNS", + "cmn-TW": "Google 公共 DNS" + }, + "notes": { + "en": "Operated by Google LLC", + "cmn-CN": "由谷歌公司运营", + "cmn-TW": "由谷歌公司營運" + }, + "website": "https://developers.google.com/speed/public-dns/docs/secure-transports", + "region": "US", + "censorship": false, + "variants": { + "default": { + "ServerAddresses": [ + "2001:4860:4860::8888", + "2001:4860:4860::8844", + "8.8.8.8", + "8.8.4.4" + ], + "https": { + "ServerURLOrName": "https://dns.google/dns-query", + "signature": "30450220082db0be790fa00a8cec06c0d0f5df87bf84fd230014c49cad59d33df892e91c022100ea911e0f6bd8890095cc67c3ba19e9e83c661152841581f7e6012a2af17faa7a" + }, + "tls": { + "ServerURLOrName": "dns.google", + "signature": "304402205e3224a88b1729aa91a9bfeaf3a6290f365449c8153e55f6a989e2a97ce91ae202206528f35e0fde9278bd2e01fb32f0c8bccb7ebf999e951f2ae042e1054299c5b0" + } + } + } +} diff --git a/src/13-cleanbrowsing-family.json b/src/13-cleanbrowsing-family.json deleted file mode 100644 index fa067ac..0000000 --- a/src/13-cleanbrowsing-family.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "id": "cleanbrowsing", - "profile": "cleanbrowsing-family", - "name": "cleanbrowsing-family", - "website": "https://cleanbrowsing.org/filters/", - "region": "US", - "censorship": true, - "names": { - "en": "Cleanbrowsing Family Filter", - "cmn-CN": "Cleanbrowsing 家庭过滤器", - "cmn-TW": "Cleanbrowsing 家庭過濾器" - }, - "notes": { - "en": "Filters malware & adult, mixed content", - "cmn-CN": "过滤恶意软件、成人内容和混合内容", - "cmn-TW": "過濾惡意軟體、成人內容和混合內容" - }, - "fullName": "Cleanbrowsing Family Filter DNS", - "ServerAddresses": [ - "2a0d:2a00:1::", - "2a0d:2a00:1::", - "185.228.169.168", - "185.228.168.168" - ], - "https": { - "topName": "Cleanbrowsing Family DNS over HTTPS", - "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/family-filter/", - "PayloadDescription": "Configures device to use Cleanbrowsing Family Filter Encrypted DNS over HTTPS", - "signature": "30460221009a8b3e836dcd59615a032bcdb5457c130d60de00a35e0a977ac4c00384c7c1e6022100aaf0bd19f4c8a525e12b2563f1a5482837bb9466b85e2584db607756d3a6a76c" - }, - "tls": { - "topName": "Cleanbrowsing Family DNS over TLS", - "ServerURLOrName": "family-filter-dns.cleanbrowsing.org", - "PayloadDescription": "Configures device to use Cleanbrowsing Family Filter Encrypted DNS over TLS", - "signature": "30460221009d4ac8509bec6151edb7ba73a010f4821d1fea2d088a42c8bc927db82d2d0364022100bc688d2f963000e6dcaadfabc996ce9d6f3e74fc885b7dc5b924eaef8224409e" - } -} diff --git a/src/13-keweondns.json b/src/13-keweondns.json new file mode 100644 index 0000000..9f2fe6f --- /dev/null +++ b/src/13-keweondns.json @@ -0,0 +1,25 @@ +{ + "names": { + "en": "keweonDNS" + }, + "notes": { + "en": "Operated by Aviontex. Blocks ads & tracking", + "cmn-CN": "由 Aviontex 运营,拦截广告和跟踪器", + "cmn-TW": "由 Aviontex 營運,阻擋廣告和追蹤器" + }, + "website": "https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/", + "region": "DE", + "censorship": false, + "variants": { + "default": { + "https": { + "ServerURLOrName": "https://dns.keweon.center/dns-query", + "signature": "304502202c1c48d486f50b90ac7570bcd562058e769c9569e34de87f75b696134fd209a302210089988f94bb6f708855f2a267ff60583bc1e46cecdc4d3005cd37d428786e7404" + }, + "tls": { + "ServerURLOrName": "dns.keweon.center", + "signature": "3045022100933322f8ae95f6f5f096f5dcf63988b2c2d16de787f65d44a82f1406f391e24502203fac2ca76ba7f05c2f6132a33da47c73ea13ec849943cf6a46982a3b2bf3770c" + } + } + } +} diff --git a/src/14-cleanbrowsing-adult.json b/src/14-cleanbrowsing-adult.json deleted file mode 100644 index 6cba483..0000000 --- a/src/14-cleanbrowsing-adult.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "id": "cleanbrowsing", - "profile": "cleanbrowsing-adult", - "name": "cleanbrowsing-adult", - "region": "US", - "censorship": true, - "names": { - "en": "Cleanbrowsing Adult Filter", - "cmn-CN": "Cleanbrowsing 成人过滤器", - "cmn-TW": "Cleanbrowsing 成人過濾器" - }, - "notes": { - "en": "Filters malware & adult content", - "cmn-CN": "过滤恶意软件和成人内容", - "cmn-TW": "過濾惡意軟體和成人內容" - }, - "fullName": "Cleanbrowsing Adult Filter DNS", - "ServerAddresses": [ - "2a0d:2a00:1::1", - "2a0d:2a00:2::1", - "185.228.169.10", - "185.228.168.10" - ], - "https": { - "topName": "Cleanbrowsing Adult DNS over HTTPS", - "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/adult-filter/", - "PayloadDescription": "Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over HTTPS", - "signature": "3044022011d99bf0bb586c483fa9ecb306cd5b70b62d811343e11dac856b390c7ffe70c90220086270a6f6940113a50bacae42b4c346bc705b414afc661c75b33f6b17a302c1" - }, - "tls": { - "topName": "Cleanbrowsing Adult DNS over TLS", - "ServerURLOrName": "adult-filter-dns.cleanbrowsing.org", - "PayloadDescription": "Configures device to use Cleanbrowsing Adult Filter Encrypted DNS over TLS", - "signature": "3046022100e42eb790e146e86a486b5c2758e8a76afe45d5ec60244d916df5a28540ceda57022100dd2408dc83df7975e1f163346e1201169f0386336d87149062fa3e8fd16799b7" - } -} diff --git a/src/14-mullvad.json b/src/14-mullvad.json new file mode 100644 index 0000000..fa57420 --- /dev/null +++ b/src/14-mullvad.json @@ -0,0 +1,45 @@ +{ + "names": { + "en": "Mullvad DNS" + }, + "notes": { + "en": "Operated by Mullvad VPN AB", + "cmn-CN": "由 Mullvad VPN AB 运营", + "cmn-TW": "由 Mullvad VPN AB 營運" + }, + "website": "https://mullvad.net/help/dns-over-https-and-dns-over-tls/", + "region": "SE", + "censorship": true, + "variants": { + "default": { + "ServerAddresses": [ + "2a07:e340::2", + "194.242.2.2" + ], + "https": { + "ServerURLOrName": "https://doh.mullvad.net/dns-query", + "signature": "30450221008d2902dbedd10d4753813ebd0405eb84e3ddb96eb397c3d9a55b788136c191870220600f18d6807ca534b07a75f8b1760c5d7d2de232fb1dc62d4f915039fbcc6c3a" + } + }, + "adblock": { + "names": { + "en": "Adblock", + "cmn-CN": "广告拦截", + "cmn-TW": "廣告阻擋" + }, + "notes": { + "en": "Blocks ads & tracking", + "cmn-CN": "拦截广告和跟踪器", + "cmn-TW": "阻擋廣告和追蹤器" + }, + "ServerAddresses": [ + "2a07:e340::3", + "194.242.2.3" + ], + "https": { + "ServerURLOrName": "https://adblock.doh.mullvad.net/dns-query", + "signature": "304502205e6b97282de3fe8fb42f0a478d9bedbf574776588f7e361cff4ec591c153d367022100bca9c8fc1ff319f8010c7d7fb3e131b767568e9d6b42cd0e91a0980e13705f2e" + } + } + } +} diff --git a/src/15-cleanbrowsing-security.json b/src/15-cleanbrowsing-security.json deleted file mode 100644 index 757f012..0000000 --- a/src/15-cleanbrowsing-security.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "id": "cleanbrowsing", - "profile": "cleanbrowsing-security", - "name": "cleanbrowsing-security", - "region": "US", - "censorship": true, - "names": { - "en": "Cleanbrowsing Security Filter", - "cmn-CN": "Cleanbrowsing 安全过滤器", - "cmn-TW": "Cleanbrowsing 安全過濾器" - }, - "notes": { - "en": "Filters malware", - "cmn-CN": "过滤恶意软件", - "cmn-TW": "過濾惡意軟體" - }, - "fullName": "Cleanbrowsing Security Filter DNS", - "ServerAddresses": [ - "2a0d:2a00:1::2", - "2a0d:2a00:2::2", - "185.228.168.9", - "185.228.169.9" - ], - "https": { - "topName": "Cleanbrowsing Security DNS over HTTPS", - "ServerURLOrName": "https://doh.cleanbrowsing.org/doh/security-filter/", - "PayloadDescription": "Configures device to use Cleanbrowsing Security Filter Encrypted DNS over HTTPS", - "signature": "3045022100a029e18ed7d32aefb22ebe233a70e2da8a71f6cacf0a0a83832963137edb77500220583c5d5ec630aa95e0c93468489e52ff15198befc173d5c10b9d995636ae9b60" - }, - "tls": { - "topName": "Cleanbrowsing Security DNS over TLS", - "ServerURLOrName": "security-filter-dns.cleanbrowsing.org", - "PayloadDescription": "Configures device to use Cleanbrowsing Security Filter Encrypted DNS over TLS", - "signature": "304402202e650e4cedf2daf322b7fe3c4ce79561e8f31b0b68404717c98db0aade007aa4022016affa44117b33b9a1529d9fd759ccfcaa0562e5a0fc565b0718212b5fd48161" - } -} diff --git a/src/15-opendns.json b/src/15-opendns.json new file mode 100644 index 0000000..960aa00 --- /dev/null +++ b/src/15-opendns.json @@ -0,0 +1,43 @@ +{ + "names": { + "en": "OpenDNS" + }, + "notes": { + "en": "Operated by Cisco OpenDNS LLC", + "cmn-CN": "由思科 OpenDNS 运营", + "cmn-TW": "由思科 OpenDNS 營運" + }, + "website": "https://support.opendns.com/hc/articles/360038086532", + "region": "US", + "censorship": false, + "variants": { + "default": { + "https": { + "ServerURLOrName": "https://doh.opendns.com/dns-query", + "signature": "30440220714a5e3f10c6b14a8f12405a39eed00c408b648b5af603434a06fdacefddc64b02204e1273ddb49649e84cb7a667f7fa0f273eaf0e0a39d151c66cca2f9e83aa946e" + }, + "names": { + "en": "Standard", + "cmn-CN": "标准版", + "cmn-TW": "標準版" + } + }, + "family": { + "names": { + "en": "FamilyShield", + "cmn-CN": "家庭盾", + "cmn-TW": "家庭盾" + }, + "notes": { + "en": "Blocks malware & adult content", + "cmn-CN": "拦截恶意软件和成人内容", + "cmn-TW": "阻擋惡意軟體和成人內容" + }, + "censorship": true, + "https": { + "ServerURLOrName": "https://doh.familyshield.opendns.com/dns-query", + "signature": "304502201b7494f8fdbfe1ec83d99b960163eed13e040fc18c5ce3e00c254829661bae540221008cef5162f72d5f65534af2774c882288e627c4a8bb5ba2bf56e5047d628efff1" + } + } + } +} diff --git a/src/16-cloudflare.json b/src/16-cloudflare.json deleted file mode 100644 index 1a31965..0000000 --- a/src/16-cloudflare.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "id": "cloudflare-dns", - "profile": "cloudflare-dns-profile", - "website": "https://developers.cloudflare.com/1.1.1.1/encryption/", - "name": "cloudflare", - "region": "US", - "censorship": false, - "names": { - "en": "Cloudflare 1.1.1.1" - }, - "notes": { - "en": "Operated by Cloudflare Inc.", - "cmn-CN": "由 Cloudflare 公司运营", - "cmn-TW": "由 Cloudflare 公司營運" - }, - "fullName": "Cloudflare DNS", - "ServerAddresses": [ - "2606:4700:4700::1111", - "2606:4700:4700::1001", - "1.1.1.1", - "1.0.0.1" - ], - "https": { - "ServerURLOrName": "https://cloudflare-dns.com/dns-query", - "PayloadDescription": "Configures device to use Cloudflare Encrypted DNS over HTTPS", - "signature": "3045022031401922bb29e7401c02d887ede3aa9e430b2ebc1bb3844a18069b55138b3880022100ae22be54a8c28de7dc8359de676d45dee601368868b46b5262f33c3761f2ad39" - }, - "tls": { - "ServerURLOrName": "one.one.one.one", - "PayloadDescription": "Configures device to use Cloudflare Encrypted DNS over TLS", - "signature": "3045022051cc48a51cde34e203894197096aa0143ac60f3000b1edb096b2fa551cb67cbb02210087b39e75efe47359b8fb5ba702b56e1495d0da52252e5f27b10b958ed568d028" - } -} diff --git a/src/16-quad9.json b/src/16-quad9.json new file mode 100644 index 0000000..f1dff6a --- /dev/null +++ b/src/16-quad9.json @@ -0,0 +1,84 @@ +{ + "names": { + "en": "Quad9" + }, + "notes": { + "en": "Operated by Quad9 Foundation.", + "cmn-CN": "由 Quad9 基金会运营", + "cmn-TW": "由 Quad9 基金會營運" + }, + "website": "https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/", + "region": "CH", + "censorship": true, + "variants": { + "default": { + "ServerAddresses": [ + "2620:fe::fe", + "2620:fe::9", + "9.9.9.9", + "149.112.112.112" + ], + "https": { + "ServerURLOrName": "https://dns.quad9.net/dns-query", + "signature": "30440220449a8c668084c46a548138abc02602a41707822177b0254dde3f6375577cf38e022070761626257a056982438de6320102ae8f920e07b2f08e17087e76617edbe17a" + }, + "tls": { + "ServerURLOrName": "dns.quad9.net", + "signature": "3046022100daab299a5f45b8cdafe59634d1c77253d83959f83d9105cd9d0538ccbff315e2022100c49acf66acbb9bcc01ef273ec13a39e8c5f03710b5e416250231ee2c68537464" + }, + "notes": { + "en": "Blocks malware", + "cmn-CN": "拦截恶意软件", + "cmn-TW": "阻擋惡意軟體" + } + }, + "ECS": { + "names": { + "en": "w/ ECS", + "cmn-CN": "带 ECS", + "cmn-TW": "帶 ECS" + }, + "notes": { + "en": "Supports ECS. Blocks malware", + "cmn-CN": "支持 ECS,拦截恶意软件", + "cmn-TW": "支援 ECS,阻擋惡意軟體" + }, + "ServerAddresses": [ + "2620:fe::fe:11", + "2620:fe::11", + "9.9.9.11", + "149.112.112.11" + ], + "https": { + "ServerURLOrName": "https://dns11.quad9.net/dns-query", + "signature": "3044022005f241a5b427d1626d38f9beace5a44e8f12b6be7d0784401639fc770d27a49002204217f17085d238d103f638d18d9199aef2c796fc43bf8d0a9ae5676f6df187dc" + }, + "tls": { + "ServerURLOrName": "dns11.quad9.net", + "signature": "3045022100be5d4f3d9d148c16ab5df0bf077d2f8acee7d724fe884e80f1534d7ef6d03525022020bdeca5d766b21f067af9d444089d156ca3e065a50d05f97f71eeb5de971809" + } + }, + "nofilter": { + "names": { + "en": "Unfiltered", + "cmn-CN": "无过滤", + "cmn-TW": "無過濾" + }, + "censorship": false, + "ServerAddresses": [ + "2620:fe::10", + "2620:fe::fe:10", + "9.9.9.10", + "149.112.112.10" + ], + "https": { + "ServerURLOrName": "https://dns10.quad9.net/dns-query", + "signature": "304402206ac2b4afafc2755d7df54b232718c098b096910845190646f8ed13fbac6376a6022041a18a6fe731c4d605a1cae368e039faa787400add22ab81008bb0212175a158" + }, + "tls": { + "ServerURLOrName": "dns10.quad9.net", + "signature": "304502206d4226fdfd131bb192cb663147920dd717c6165817169f8584a80c3d731be0a20221008280f92c4b3a14c80500429b8ee73e05981c9ed46c1b2267a7acce2cff4feca0" + } + } + } +} diff --git a/src/17-cloudflare-malware.json b/src/17-cloudflare-malware.json deleted file mode 100644 index a004234..0000000 --- a/src/17-cloudflare-malware.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "id": "cloudflare-dns-family", - "profile": "cloudflare-dns-security-profile", - "name": "cloudflare-malware", - "region": "US", - "censorship": true, - "names": { - "en": "Cloudflare 1.1.1.1 Security", - "cmn-CN": "Cloudflare 1.1.1.1 安全", - "cmn-TW": "Cloudflare 1.1.1.1 安全" - }, - "notes": { - "en": "Operated by Cloudflare Inc. Blocks malware & phishing", - "cmn-CN": "由 Cloudflare 公司运营,拦截恶意软件和钓鱼网站", - "cmn-TW": "由 Cloudflare 公司營運,阻擋惡意軟體和釣魚網站" - }, - "fullName": "Cloudflare no Malware DNS", - "ServerAddresses": [ - "2606:4700:4700::1112", - "2606:4700:4700::1002", - "1.1.1.2", - "1.0.0.2" - ], - "https": { - "ServerURLOrName": "https://security.cloudflare-dns.com/dns-query", - "PayloadDescription": "Configures device to use Cloudflare no Malware Encrypted DNS over HTTPS", - "signature": "30440220401c2642d975f51d08e5e6acfc386205f13e6a6749263501549502978efd2baf022050c87718701658688fe2299d06edd06563d3152ec29a21ba3e8ec1e70ae73936" - } -} diff --git a/src/17-tiarapp.json b/src/17-tiarapp.json new file mode 100644 index 0000000..e7e8dc4 --- /dev/null +++ b/src/17-tiarapp.json @@ -0,0 +1,28 @@ +{ + "names": { + "en": "Tiarap" + }, + "notes": { + "en": "Operated by Tiarap Inc. Blocks ads, tracking, phising & malware", + "cmn-CN": "由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件", + "cmn-TW": "由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體" + }, + "website": "https://doh.tiar.app", + "region": [ + "SG", + "US" + ], + "censorship": true, + "variants": { + "default": { + "https": { + "ServerURLOrName": "https://doh.tiar.app/dns-query", + "signature": "3045022100e23af03cb0a254c250ec9d6b7ffa6041b60735b1f2459b7f18cafba5452939c902201b9320e62777df3b720904983542dfe3be41abb0f728735c0f29defd83cee937" + }, + "tls": { + "ServerURLOrName": "dot.tiar.app", + "signature": "3045022075fba1923446ee05daa54b20c90b771a3a52b0614d69d98082e14e2c51736d5e0221008b59f0b0e1922ac14e3f983b7e49be355280b3035cce456da14d07c7337c5208" + } + } + } +} diff --git a/src/18-cloudflare-family.json b/src/18-cloudflare-family.json deleted file mode 100644 index 7d78003..0000000 --- a/src/18-cloudflare-family.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "id": "cloudflare-dns-family", - "profile": "cloudflare-dns-family-profile", - "name": "cloudflare-family", - "website": "https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families", - "region": "US", - "censorship": true, - "names": { - "en": "Cloudflare 1.1.1.1 Family", - "cmn-CN": "Cloudflare 1.1.1.1 家庭", - "cmn-TW": "Cloudflare 1.1.1.1 家庭" - }, - "notes": { - "en": "Operated by Cloudflare Inc. Blocks malware, phishing & adult content", - "cmn-CN": "由 Cloudflare 公司运营,拦截恶意软件、钓鱼和成人内容", - "cmn-TW": "由 Cloudflare 公司營運,阻擋惡意軟體、釣魚和成人內容" - }, - "fullName": "Cloudflare DNS", - "ServerAddresses": [ - "2606:4700:4700::1113", - "2606:4700:4700::1003", - "1.1.1.3", - "1.0.0.3" - ], - "https": { - "PayloadDisplayName": "Cloudflare Family DNS over HTTPS", - "ServerURLOrName": "https://family.cloudflare-dns.com/dns-query", - "PayloadDescription": "Configures device to use Cloudflare Family Encrypted DNS over HTTPS", - "signature": "3045022100d38f6fac850cf25c3e7eecd854117bb89c625b88a9c0abdaf9c66d229394d8bf022012156579494761c67484f5837bf6add97ec2d8a411a99277aadd44ba7cc7dce1" - } -} diff --git a/src/19-dnspod.json b/src/19-dnspod.json deleted file mode 100644 index 072c4df..0000000 --- a/src/19-dnspod.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "id": "dnspod-dns", - "profile": "dnspod-dns-profile", - "website": "https://www.dnspod.com/products/public.dns", - "name": "dnspod", - "region": "CN", - "censorship": false, - "names": { - "en": "DNSPod Public DNS", - "cmn-CN": "DNSPod 公共 DNS", - "cmn-TW": "DNSPod 公共 DNS" - }, - "notes": { - "en": "Operated by DNSPod Inc., a Tencent Cloud Company", - "cmn-CN": "由腾讯公司 DNSPod 运营", - "cmn-TW": "由騰訊公司 DNSPod 營運" - }, - "fullName": "DNSPod", - "ServerAddresses": [ - "1.12.12.12", - "120.53.53.53" - ], - "https": { - "ServerURLOrName": "https://doh.pub/dns-query", - "PayloadDescription": "Configures device to use DNSPod Encrypted DNS over HTTPS", - "signature": "304502203c4a4b2d09d6ac37740d42930b74e2a975c5b229c2f4eb709ea0e78caf50c06f02210096f9a367d9aa8c9f8dde330a48d812d258b80f41007e06f8e97cb76b0583db6f" - }, - "tls": { - "ServerURLOrName": "dot.pub", - "PayloadDescription": "Configures device to use DNSPod Encrypted DNS over TLS", - "signature": "30450221008410ec40a129258e730892e1da04d3c57feb3db2f288fed9f518bd26fced82c902200adcf30ab1d8bb91379b68bf64d95d3cdb380c8ac4fa5dccdb8fad8843e77f60" - } -} diff --git a/src/20-fdn.json b/src/20-fdn.json deleted file mode 100644 index 8b9e2ec..0000000 --- a/src/20-fdn.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "id": "fdn-dns", - "profile": "fdn", - "website": "https://www.fdn.fr/actions/dns/", - "name": "fdn", - "region": "FR", - "censorship": false, - "names": { - "en": "FDN" - }, - "notes": { - "en": "Operated by French Data Network", - "cmn-CN": "由法国数据网络运营", - "cmn-TW": "由法國資料網路營運" - }, - "fullName": "FDN DNS", - "ServerAddresses": [ - "2001:910:800::12", - "2001:910:800::40", - "80.67.169.12", - "80.67.169.40" - ], - "https": { - "topName": "FDN Encrypted DNS over HTTPS", - "ServerURLOrName": "https://ns0.fdn.fr/dns-query", - "PayloadDescription": "Configures device to use Google Encrypted DNS over HTTPS", - "signature": "3045022100a35e60382af4ed71ca90e44d4c8819462631e431486d1a100898ce42e1e4229702201a759920577ea480f74d4689c2f251e1fbe662042b6c28bec531030a464fb22a" - }, - "tls": { - "topName": "FDN Encrypted DNS over TLS", - "ServerURLOrName": "dns.fdn", - "PayloadDescription": "Configures device to use FDN Encrypted DNS over TLS", - "signature": "3046022100e83f6ebda04a7440e10fbc1801bca35dae016d6f75b04f292c111990c0c3ee95022100c01fb44e36d3136b05aa3856573f28bb7e56ea9b4a0b5895ad9124295655339e" - } -} diff --git a/src/21-google.json b/src/21-google.json deleted file mode 100644 index 802d322..0000000 --- a/src/21-google.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "id": "google-dns", - "profile": "google-dns-profile", - "name": "google", - "website": "https://developers.google.com/speed/public-dns/docs/secure-transports", - "region": "US", - "censorship": false, - "names": { - "en": "Google Public DNS", - "cmn-CN": "Google 公共 DNS", - "cmn-TW": "Google 公共 DNS" - }, - "notes": { - "en": "Operated by Google LLC", - "cmn-CN": "由谷歌公司运营", - "cmn-TW": "由谷歌公司營運" - }, - "fullName": "Google DNS", - "ServerAddresses": [ - "2001:4860:4860::8888", - "2001:4860:4860::8844", - "8.8.8.8", - "8.8.4.4" - ], - "https": { - "topName": "Google Encrypted DNS over HTTPS", - "ServerURLOrName": "https://dns.google/dns-query", - "PayloadDescription": "Configures device to use Google Encrypted DNS over HTTPS", - "signature": "3044022100f4648f2e0ba7d04e8e3da24cb02fbdc4d9f81ba9603b007c561314137eb1478e021f460943164fb4d769603a8324ecdb1dfff45c31bd79065741a27e6877de5d67" - }, - "tls": { - "topName": "Google Encrypted DNS over TLS", - "ServerURLOrName": "dns.google", - "PayloadDescription": "Configures device to use Google Encrypted DNS over TLS", - "signature": "30440220327b0b3297a16252639e0ebb52cfd367d16a361ee36fa5dd3862cf6a923285ae02203b6ef52222d7dea9c6d7ab1858c27294b0003175fb851409fcfab4870651b79e" - } -} diff --git a/src/22-keweondns.json b/src/22-keweondns.json deleted file mode 100644 index c3c548a..0000000 --- a/src/22-keweondns.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "id": "keweondns", - "profile": "keweondns-profile", - "website": "https://forum.xda-developers.com/t/keweondns-info-facts-and-what-is-keweon-actually.4576651/", - "region": "DE", - "censorship": false, - "names": { - "en": "keweonDNS" - }, - "notes": { - "en": "Operated by Aviontex. Blocks ads & tracking", - "cmn-CN": "由 Aviontex 运营,拦截广告和跟踪器", - "cmn-TW": "由 Aviontex 營運,阻擋廣告和追蹤器" - }, - "https": { - "top": { - "description": "Adds keweonDNS encrypted DNS configurations to Apple based systems" - }, - "PayloadDisplayName": "keweonDNS (DoH)", - "PayloadDescription": "Configures device to use keweonDNS physical DNS Server to encrypt DNS over HTTPS", - "ServerURLOrName": "https://dns.keweon.center/dns-query", - "signature": "304402201e335ba4d461eb9ea00ae1bcc3b450844a07f872011b6bf9452e33af2f52c16e02202ae086dae36f6f3b2f70e9dbe1d8ebd8f34aa421e4c8616468ba525f12a5c9a7" - }, - "tls": { - "top": { - "description": "Adds keweonDNS encrypted DNS configurations to Apple based systems" - }, - "PayloadDisplayName": "keweonDNS (DoT)", - "PayloadDescription": "Configures device to use keweonDNS physical DNS Server to encrypt DNS over TLS", - "ServerURLOrName": "dns.keweon.center", - "signature": "3046022100dc0d3e6c0a294f7665ec241ef01ff11839da5ba249c70c3759d51e53309d2deb022100a5f963b15507b29910d24ab29cc0cb8aceaee776605074959b612c5fe5bbf3c7" - } -} diff --git a/src/23-mullvad.json b/src/23-mullvad.json deleted file mode 100644 index 9b4cada..0000000 --- a/src/23-mullvad.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "id": "mullvad-dns", - "profile": "mullvad-dns-profile", - "name": "mullvad", - "website": "https://mullvad.net/help/dns-over-https-and-dns-over-tls/", - "region": "SE", - "censorship": true, - "names": { - "en": "Mullvad DNS" - }, - "notes": { - "en": "Operated by Mullvad VPN AB", - "cmn-CN": "由 Mullvad VPN AB 运营", - "cmn-TW": "由 Mullvad VPN AB 營運" - }, - "fullName": "Mullvad DNS", - "ServerAddresses": [ - "2a07:e340::2", - "194.242.2.2" - ], - "https": { - "ServerURLOrName": "https://doh.mullvad.net/dns-query", - "signature": "3046022100c4e5e9e69ff01276049fb36b06df3042b2179608cb395d0443352ed4e36e11a4022100e1d77e7ab13a9a0ba5e037f15702a77fd7d21838cd87aba6c6f0e139023988df" - } -} diff --git a/src/24-mullvad-adblock.json b/src/24-mullvad-adblock.json deleted file mode 100644 index 3c06e1f..0000000 --- a/src/24-mullvad-adblock.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "id": "mullvad-dns", - "profile": "mullvad-dns-adblock-profile", - "name": "mullvad-adblock", - "region": "SE", - "censorship": true, - "names": { - "en": "Mullvad DNS Adblock", - "cmn-CN": "Mullvad DNS 广告拦截", - "cmn-TW": "Mullvad DNS 廣告阻擋" - }, - "notes": { - "en": "Operated by Mullvad VPN AB. Blocks ads & tracking", - "cmn-CN": "由 Mullvad VPN AB 运营,拦截广告和跟踪器", - "cmn-TW": "由 Mullvad VPN AB 營運,阻擋廣告和追蹤器" - }, - "fullName": "Mullvad DNS with ad blocking", - "ServerAddresses": [ - "2a07:e340::3", - "194.242.2.3" - ], - "https": { - "PayloadDisplayName": "Mullvad DNS over HTTPS", - "ServerURLOrName": "https://adblock.doh.mullvad.net/dns-query", - "signature": "3046022100fb68c3b2f7a20faba344b70a227b2ecbadc354a29165c43adbb19fcc28601dc5022100d7c007414b1c5b56ea0e07e4d21ffcec9ce4de2a2dd8b983dbc52601a75786dc" - } -} diff --git a/src/25-opendns.json b/src/25-opendns.json deleted file mode 100644 index 7cd2867..0000000 --- a/src/25-opendns.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "id": "opendns", - "profile": "opendns-standard-profile", - "website": "https://support.opendns.com/hc/articles/360038086532", - "region": "US", - "censorship": false, - "names": { - "en": "OpenDNS Standard", - "cmn-CN": "OpenDNS 标准版", - "cmn-TW": "OpenDNS 標準版" - }, - "notes": { - "en": "Operated by Cisco OpenDNS LLC", - "cmn-CN": "由思科 OpenDNS 运营", - "cmn-TW": "由思科 OpenDNS 營運" - }, - "https": { - "PayloadDisplayName": "OpenDNS DNS over HTTPS Standard", - "PayloadDescription": "Configures device to use OpenDNS Encrypted DNS over HTTPS", - "ServerURLOrName": "https://doh.opendns.com/dns-query", - "topName": "OpenDNS Encrypted DNS", - "signature": "304402204affca5bb1d7939ce042c08a7eb3d428b11691f895d6096f55aa8d74bdb873d50220347312163eb30c9e5f971471eb435190a97c505fb2d74c2496b85c32b6895473" - } -} diff --git a/src/26-opendns-family.json b/src/26-opendns-family.json deleted file mode 100644 index 2e14ce8..0000000 --- a/src/26-opendns-family.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "id": "opendns", - "profile": "opendns-familyshield-profile", - "name": "opendns-family", - "region": "US", - "censorship": true, - "names": { - "en": "OpenDNS FamilyShield", - "cmn-CN": "OpenDNS 家庭盾", - "cmn-TW": "OpenDNS 家庭盾" - }, - "notes": { - "en": "Operated by Cisco OpenDNS LLC. Blocks malware & adult content", - "cmn-CN": "由思科 OpenDNS 运营,拦截恶意软件和成人内容", - "cmn-TW": "由思科 OpenDNS 營運,阻擋惡意軟體和成人內容" - }, - "https": { - "PayloadDisplayName": "OpenDNS DNS over HTTPS Standard", - "PayloadDescription": "Configures device to use OpenDNS Encrypted DNS over HTTPS", - "ServerURLOrName": "https://doh.familyshield.opendns.com/dns-query", - "topName": "OpenDNS Encrypted DNS Family Shield", - "signature": "304402206c22993e532e134d74d6b2f9b166cac10442709ef83d287725d34057dff416eb02206b58b919cd30710306924953e3b748df23d5a8636d88e8d89fadb0c23d0c1150" - } -} diff --git a/src/27-quad9.json b/src/27-quad9.json deleted file mode 100644 index 464cded..0000000 --- a/src/27-quad9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "id": "quad9", - "profile": "quad9-profile", - "website": "https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/", - "region": "CH", - "censorship": true, - "names": { - "en": "Quad9" - }, - "notes": { - "en": "Operated by Quad9 Foundation. Blocks malware", - "cmn-CN": "由 Quad9 基金会运营,拦截恶意软件", - "cmn-TW": "由 Quad9 基金會營運,阻擋惡意軟體" - }, - "fullName": "Quad9 DNS", - "ServerAddresses": [ - "2620:fe::fe", - "2620:fe::9", - "9.9.9.9", - "149.112.112.112" - ], - "https": { - "topName": "Quad9 Encrypted DNS over HTTPS", - "ServerURLOrName": "https://dns.quad9.net/dns-query", - "PayloadDescription": "Configures device to use Quad9 Encrypted DNS over HTTPS", - "signature": "304402200907ab690f38036aa05b7661f1290ee512d951aeef706bdf7178d64ce02b2720022008bad55511fbc647354aad3875329f9c1356a601b3c2a05cd11e76ac9335dee4" - }, - "tls": { - "topName": "Quad9 Encrypted DNS over TLS", - "ServerURLOrName": "dns.quad9.net", - "PayloadDescription": "Configures device to use Quad9 Encrypted DNS over HTTPS", - "signature": "3045022100ed942feb36a94df5e8f022a9a1bf2b5f43a0a857ad310c5ce384691eb24f945802200cc0dae3515e8bb2d0c2718c65f34fe59e68ff7ef803da8a41ca1fdf33faed0d" - } -} diff --git a/src/28-quad9-ECS.json b/src/28-quad9-ECS.json deleted file mode 100644 index 1641be2..0000000 --- a/src/28-quad9-ECS.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "id": "quad9", - "profile": "quad9-ecs-profile", - "name": "quad9-ECS", - "region": "CH", - "censorship": true, - "names": { - "en": "Quad9 w/ ECS", - "cmn-CN": "Quad9 带 ECS", - "cmn-TW": "Quad9 帶 ECS" - }, - "notes": { - "en": "Operated by Quad9 Foundation. Supports ECS. Blocks malware", - "cmn-CN": "由 Quad9 基金会运营,支持 ECS,拦截恶意软件", - "cmn-TW": "由 Quad9 基金會營運,支援 ECS,阻擋惡意軟體" - }, - "fullName": "Quad9 with ECS DNS", - "ServerAddresses": [ - "2620:fe::fe:11", - "2620:fe::11", - "9.9.9.11", - "149.112.112.11" - ], - "https": { - "topName": "Quad9 with ECS Encrypted DNS over HTTPS", - "PayloadDisplayName": "Quad9 DNS over HTTPS with ECS", - "ServerURLOrName": "https://dns11.quad9.net/dns-query", - "PayloadDescription": "Configures device to use Quad9 Encrypted DNS over HTTPS with ECS", - "signature": "3045022100ed0a0feff22496cf9e67678ed3401a4586b00e76e68e89aedd201a3268502c44022016f3755477287f51e4ae95a69d074d929053868c529f6a156037c6a23d83d3d9" - }, - "tls": { - "topName": "Quad9 with ECS Encrypted DNS over TLS", - "PayloadDisplayName": "Quad9 DNS over TLS with ECS", - "ServerURLOrName": "dns11.quad9.net", - "PayloadDescription": "Configures device to use Quad9 with ECS Encrypted DNS over HTTPS", - "signature": "304502200ffc0c911615ee9345b73711478b4bdd6bfdd9a3d209ee0e2ff70eef067ef676022100e6ef2efe613cd716e41876f1e30ee49fbc4ca4948b66e6cb13485963cb25ef75" - } -} diff --git a/src/29-quad9-nofilter.json b/src/29-quad9-nofilter.json deleted file mode 100644 index 87d79f7..0000000 --- a/src/29-quad9-nofilter.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "id": "quad9", - "profile": "quad9-profile-unfiltered", - "name": "quad9-nofilter", - "region": "CH", - "censorship": false, - "names": { - "en": "Quad9 Unfiltered", - "cmn-CN": "Quad9 无过滤", - "cmn-TW": "Quad9 無過濾" - }, - "notes": { - "en": "Operated by Quad9 Foundation.", - "cmn-CN": "由 Quad9 基金会运营", - "cmn-TW": "由 Quad9 基金會營運" - }, - "fullName": "Quad9 No Filter DNS", - "ServerAddresses": [ - "2620:fe::10", - "2620:fe::fe:10", - "9.9.9.10", - "149.112.112.10" - ], - "https": { - "topName": "Quad9 No Filter Encrypted DNS over HTTPS", - "ServerURLOrName": "https://dns10.quad9.net/dns-query", - "PayloadDescription": "Configures device to use Quad9 No Filter Encrypted DNS over HTTPS", - "signature": "3044022012cacb6ec89ba64de6b899e9c732dffbff7029bae9cb65680d999f20760d9a050220431339b37cfd7ee8bba856dd7a8e9577bf5da357c6677a6effb8c1b2bd27aad1" - }, - "tls": { - "topName": "Quad9 No Filter Encrypted DNS over TLS", - "ServerURLOrName": "dns10.quad9.net", - "PayloadDescription": "Configures device to use Quad9 No Filter Encrypted DNS over HTTPS", - "signature": "304402205fdc0c11fab426cd5f302b66a13ae7fb590540166e29d97f475870eeb8fcb9d602205ec77522860ac13359b8bad5c93f923803396b019bff8e22f14a10e52aac1490" - } -} diff --git a/src/30-tiarapp.json b/src/30-tiarapp.json deleted file mode 100644 index 04e1b02..0000000 --- a/src/30-tiarapp.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "id": "tiarap", - "profile": "tiarap-profile", - "website": "https://doh.tiar.app", - "name": "tiarapp", - "region": [ - "SG", - "US" - ], - "censorship": true, - "names": { - "en": "Tiarap" - }, - "notes": { - "en": "Operated by Tiarap Inc. Blocks ads, tracking, phising & malware", - "cmn-CN": "由 Tiarap 公司运营,拦截广告、跟踪器、钓鱼和恶意软件", - "cmn-TW": "由 Tiarap 公司營運,阻擋廣告、追蹤器、釣魚和惡意軟體" - }, - "https": { - "PayloadDisplayName": "Tiarap DNS over HTTPS", - "PayloadDescription": "Configures device to use Tiarap Encrypted DNS over HTTPS", - "ServerURLOrName": "https://doh.tiar.app/dns-query", - "signature": "3044022065da27b3576b68f7e744b3a2e1f0186525c11202d144aa3bd1a881a0914baae202205f9aa3c07a4106be7458be38140ce7e219707cc546b9440d9f4f36df2582a2e4" - }, - "tls": { - "PayloadDisplayName": "Tiarap DNS over TLS", - "PayloadDescription": "Configures device to use Tiarap Encrypted DNS over TLS", - "ServerURLOrName": "dot.tiar.app", - "signature": "3046022100b2b7abd52d7b6a515ee716bcd8174ca28a241f8adc536a44d3253d7a46ae6be5022100eff5351a1b6a0a63225a5e869dbd9ace6e76f2f70acc184558b96a0738ca62fa" - } -} diff --git a/src/31-dns4eu.json b/src/31-dns4eu.json deleted file mode 100644 index df06337..0000000 --- a/src/31-dns4eu.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "id": "dns4eu", - "profile": "dns4eu-profile", - "website": "https://www.joindns4.eu/for-public", - "region": "CZ", - "censorship": false, - "names": { - "en": "DNS4EU" - }, - "notes": { - "en": "Operated by a consortium lead by Whalebone.", - "cmn-CN": "", - "cmn-TW": "" - }, - "fullName": "DNS4EU DNS", - "ServerAddresses": [ - "2a13:1001::86:54:11:100", - "2a13:1001::86:54:11:200", - "86.54.11.100", - "86.54.11.200" - ], - "https": { - "topName": "DNS4EU Encrypted DNS over HTTPS", - "ServerURLOrName": "https://unfiltered.joindns4.eu/dns-query", - "PayloadDescription": "Configures device to use DNS4EU Encrypted DNS over HTTPS", - "signature": "304502201ed6130d132aaafd59169a4d13ab7c09005860ee854a6da45c607791631f9bac022100f568b6e5e1995ebc85525cbbd2df94b0e0d2c93365bf57032388cee7ff7a03eb" - }, - "tls": { - "topName": "DNS4EU Encrypted DNS over TLS", - "ServerURLOrName": "unfiltered.joindns4.eu", - "PayloadDescription": "Configures device to use DNS4EU Encrypted DNS over HTTPS", - "signature": "304602210090224ed109c2dea3bb58a84eda2f99a552d3db0c0762fbe85217aaac2b19c4c002210094be4a9c3586b48186d66068baccddaafa3bfaf0da3e48a42989381c9e55eed5" - } -} diff --git a/src/32-dns4eu-malware.json b/src/32-dns4eu-malware.json deleted file mode 100644 index 5271b90..0000000 --- a/src/32-dns4eu-malware.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "id": "dns4eu-malware", - "profile": "dns4eu-profile-malware", - "website": "https://www.joindns4.eu/for-public", - "region": "CZ", - "censorship": true, - "names": { - "en": "DNS4EU Protective", - "cmn-CN": "", - "cmn-TW": "" - }, - "notes": { - "en": "Operated by a consortium lead by Whalebone. Blocks Malware.", - "cmn-CN": "", - "cmn-TW": "" - }, - "fullName": "DNS4EU Protective DNS", - "ServerAddresses": [ - "2a13:1001::86:54:11:1", - "2a13:1001::86:54:11:201", - "86.54.11.1", - "86.54.11.201" - ], - "https": { - "topName": "DNS4EU Protective Encrypted DNS over HTTPS", - "ServerURLOrName": "https://protective.joindns4.eu/dns-query", - "PayloadDescription": "Configures device to use DNS4EU Protective Encrypted DNS over HTTPS", - "signature": "304402205ef316c9aae8890cae8a5cdc9a24bd1597700b34a4ca970b454221b86007e9610220570ad7ac074c952db2c45729781b3847a564d8cf1e42f8014d067e91aa4163f7" - }, - "tls": { - "topName": "DNS4EU Protective Encrypted DNS over TLS", - "ServerURLOrName": "protective.joindns4.eu", - "PayloadDescription": "Configures device to use DNS4EU Protective Encrypted DNS over HTTPS", - "signature": "30450220268649de115c6fef7490f68ccb59e6f4fab3aa0beee4002435d5d8315c93b9ef02210090dfa69ec21b2e150812aee68b3d9783e378c45e532ba96aa96670bfe202a63c" - } -} diff --git a/src/33-dns4eu-protective-ads.json b/src/33-dns4eu-protective-ads.json deleted file mode 100644 index 7f3a3b7..0000000 --- a/src/33-dns4eu-protective-ads.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "id": "dns4eu-protective-ads", - "profile": "dns4eu-profile-protective-ads", - "website": "https://www.joindns4.eu/for-public", - "region": "CZ", - "censorship": true, - "names": { - "en": "DNS4EU Protective ad-blocking", - "cmn-CN": "", - "cmn-TW": "" - }, - "notes": { - "en": "Operated by a consortium lead by Whalebone. Blocks Malware and Ads", - "cmn-CN": "", - "cmn-TW": "" - }, - "fullName": "DNS4EU Protective ad-blocking DNS", - "ServerAddresses": [ - "2a13:1001::86:54:11:13", - "2a13:1001::86:54:11:213", - "86.54.11.13", - "86.54.11.213" - ], - "https": { - "topName": "DNS4EU Protective ad-blocking Encrypted DNS over HTTPS", - "ServerURLOrName": "https://noads.joindns4.eu/dns-query", - "PayloadDescription": "Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS", - "signature": "3046022100aa97ca22a94c98972fd66a19d8a4c7cbc52a0498d57684e1ec39f1cab1b3f084022100fc2f065b3a66260bd0d124df2cd357733c00b9993f16761523d5a28b1dd48808" - }, - "tls": { - "topName": "DNS4EU Protective ad-blocking Encrypted DNS over TLS", - "ServerURLOrName": "noads.joindns4.eu", - "PayloadDescription": "Configures device to use DNS4EU Protective ad-blocking Encrypted DNS over HTTPS", - "signature": "3046022100c2ee880f90a82996aa02b2ca1b4595e758349caf45dccb1c78ccdaab228a6c6b022100ec8b1d84801c0e8c049028578ff9ea3b2f69292e0f168ef56a71acb6b7edae80" - } -} diff --git a/src/34-dns4eu-protective-child.json b/src/34-dns4eu-protective-child.json deleted file mode 100644 index 445bd1c..0000000 --- a/src/34-dns4eu-protective-child.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "id": "dns4eu-protective-child", - "profile": "dns4eu-profile-protective-child", - "website": "https://www.joindns4.eu/for-public", - "region": "CZ", - "censorship": true, - "names": { - "en": "DNS4EU Protective with child protection", - "cmn-CN": "", - "cmn-TW": "" - }, - "notes": { - "en": "Operated by a consortium lead by Whalebone. Blocks malware and explicit content.", - "cmn-CN": "", - "cmn-TW": "" - }, - "fullName": "DNS4EU Protective with child protection DNS", - "ServerAddresses": [ - "2a13:1001::86:54:11:12", - "2a13:1001::86:54:11:212", - "86.54.11.12", - "86.54.11.212" - ], - "https": { - "topName": "DNS4EU Protective with child protection Encrypted DNS over HTTPS", - "ServerURLOrName": "https://child.joindns4.eu/dns-query", - "PayloadDescription": "Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS", - "signature": "3045022100d637cc4d384e0602f73b0f2eefb38083db074e76b64b36093d1afcffdfa3be6f0220317d9fc318cbc793951f91380014776f908f885a42ab2724ce5b1f3ede6d9050" - }, - "tls": { - "topName": "DNS4EU Protective with child protection Encrypted DNS over TLS", - "ServerURLOrName": "child.joindns4.eu", - "PayloadDescription": "Configures device to use DNS4EU Protective with child protection Encrypted DNS over HTTPS", - "signature": "3045022008529e9404b95800a6f265378a7e533d5d1741e0a4d16ab05c32a9ffd251d4a3022100cd43521f5f591997f486d363e3b7dbdd0f121c2c15fa06e74327cda5af162829" - } -} diff --git a/src/35-dns4eu-protective-child-ads.json b/src/35-dns4eu-protective-child-ads.json deleted file mode 100644 index da06414..0000000 --- a/src/35-dns4eu-protective-child-ads.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "id": "dns4eu-protective-child-ads", - "profile": "dns4eu-profile-protective-child-ads", - "website": "https://www.joindns4.eu/for-public", - "region": "CZ", - "censorship": true, - "names": { - "en": "DNS4EU Protective with child protection & ad-blocking", - "cmn-CN": "", - "cmn-TW": "" - }, - "notes": { - "en": "Operated by a consortium lead by Whalebone. Blocks Malware, Ads and explicit content", - "cmn-CN": "", - "cmn-TW": "" - }, - "fullName": "DNS4EU Protective with child protection & ad-blocking DNS", - "ServerAddresses": [ - "2a13:1001::86:54:11:11", - "2a13:1001::86:54:11:211", - "86.54.11.11", - "86.54.11.211" - ], - "https": { - "topName": "DNS4EU Protective with child protection & ad-blocking Encrypted DNS over HTTPS", - "ServerURLOrName": "https://child-noads.joindns4.eu/dns-query", - "signature": "3044022022249ca7d49793e66f84f1c514dc6403cb3ec7f795341ef08ecebef10d23471602201bd96e0f3c139568e5e59620f87dc1043ce9883a85f21165d6e791a866f1accf" - }, - "tls": { - "topName": "DNS4EU Protective with child protection & ad-blocking Encrypted DNS over TLS", - "ServerURLOrName": "child-noads.joindns4.eu", - "signature": "3045022100e75287cb476364dde6a6b4cd5cc336171fd5f1b0d44533f5f81097997b7de3f2022026f611f590ba2b382a39187252b2dd63f05a03d2ea9158af936e215fff5c998f" - } -} diff --git a/src/36-ffmuc-dns.json b/src/36-ffmuc-dns.json deleted file mode 100644 index f1227e3..0000000 --- a/src/36-ffmuc-dns.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "id": "ffmucdns", - "profile": "ffmuc-profile", - "website": "https://ffmuc.net/wiki/knb:dohdot_en", - "region": "DE", - "censorship": false, - "names": { - "en": "FFMUC-DNS" - }, - "notes": { - "en": "FFMUC free DNS servers provided by Freifunk München.", - "cmn-CN": "", - "cmn-TW": "" - }, - "fullName": "FFMUC DNS", - "ServerAddresses": [ - "2001:678:e68:f000::", - "2001:678:ed0:f000::", - "5.1.66.255", - "185.150.99.255" - ], - "https": { - "topName": "FFMUC Encrypted DNS over HTTPS", - "ServerURLOrName": "https://doh.ffmuc.net/dns-query", - "PayloadDescription": "Configures device to use FFMUC-DNS Encrypted DNS over HTTPS", - "signature": "30450220550d5ca4a7155bc0d1f538901632301205cc93c8e3f751edbb79bf41fc003baa02210090ddd8103db3bc20cede5896367176c16cb726bfb2e9016ab8240fd4d17a8a9b" - }, - "tls": { - "topName": "FFMUC Encrypted DNS over TLS", - "ServerURLOrName": "dot.ffmuc.net", - "PayloadDescription": "Configures device to use FFMUC-DNS Encrypted DNS over TLS", - "signature": "304502204f299167019fc2163a348fb73cb998993f94e9e23a4cde345d3249d819e2dfaf022100a0e425676f080529887dfdef3e33c56ed167b071d73fa729030689dd28f1ab32" - } -} diff --git a/src/99-template-on-demand.json b/src/99-template-on-demand.json index 99dbbf2..d010a00 100644 --- a/src/99-template-on-demand.json +++ b/src/99-template-on-demand.json @@ -1,33 +1,36 @@ { - "id": "template-on-demand", - "profile": "template-on-demand", - "name": "template-on-demand", - "file": "template-on-demand.mobileconfig", + "names": { + "en": "Example Encrypted DNS" + }, "hidden": true, - "ServerAddresses": [ - "2001:db8::1", - "2001:db8::2", - "192.0.0.1", - "192.0.0.2" - ], - "https": { - "ServerURLOrName": "https://dns.example/dns-query", - "PayloadDisplayName": "Example DNS over HTTPS", - "PayloadDescription": "Configures device to use Example Encrypted DNS over HTTPS", - "onDemandRules": [ - { - "Action": "Disconnect", - "SSIDMatch": [ - "TRUSTED_NETWORK_1", - "TRUSTED_NETWORK_2", - "TRUSTED_NETWORK_3" - ] + "variants": { + "default": { + "notes": { + "en": "Adds the Example Encrypted DNS over HTTPS to Big Sur and iOS 14 based systems" }, - { - "Action": "Connect" + "ServerAddresses": [ + "2001:db8::1", + "2001:db8::2", + "192.0.0.1", + "192.0.0.2" + ], + "onDemandRules": [ + { + "Action": "Disconnect", + "SSIDMatch": [ + "TRUSTED_NETWORK_1", + "TRUSTED_NETWORK_2", + "TRUSTED_NETWORK_3" + ] + }, + { + "Action": "Connect" + } + ], + "https": { + "ServerURLOrName": "https://dns.example/dns-query", + "signature": "3046022100df99d84fc1178fecf5bb818f43b85a964ab4c208d232db6e76a5cdb204905201022100cf3cde149fe64a47dddf09dde9c812bfbcbc4d10ccd31ea4c879d859e4b711db" } - ], - "topName": "Example Encrypted DNS over HTTPS", - "signature": "30450220757106da272dbf93c121df2f4a40214bd00f6348b08de3515f5acf158de44263022100892a901a757b8d136a31babeeee3025caae7e0a111de7e42fba8b5d7b2ec3236" + } } } diff --git a/src-languages/01-en.json b/src/languages/01-en.json similarity index 100% rename from src-languages/01-en.json rename to src/languages/01-en.json diff --git a/src-languages/01-en.md b/src/languages/01-en.md similarity index 88% rename from src-languages/01-en.md rename to src/languages/01-en.md index c87033a..f64a6bf 100644 --- a/src-languages/01-en.md +++ b/src/languages/01-en.md @@ -64,12 +64,11 @@ Censorship (also known as "filtering") means the profile will not send true info - `npm run new` - interactively creates new profile from CLI options. Can also be ran with flags. - `scripts/new.test.ts` includes CLI snapshot tests and a PTY interactive flow test. - PTY test runs by default; set `NEW_TEST_PTY=0` to opt out. -- `node scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig -- `node scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL. +- `src/scripts/sign-single.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` - sings single mobileconfig +- `src/scripts/sign-single-openssl.ts --ca cert.pem --priv_key key.pem [--chain chain.pem] path.mobileconfig` Sign one `.mobileconfig` using OpenSSL. - Uses `-nosmimecap` to match local CMS signing policy. -- `node scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout. -- `node test/sign-single.test.ts` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`. - - Runs under `npm run test`. +- `src/scripts/detach.ts signed.mobileconfig` - detach CMS signature from signed profile and print PEM to stdout. +- `npm run test` - Parity check for `sign-single.ts` vs `sign-single-openssl.sh`. - Generates temporary test root/signer certificates and keys via OpenSSL. - Signs the same profile with `scripts/sign.ts` and `scripts/sign_openssl.sh`. - Verifies detached content and embedded certificate set parity. diff --git a/src-languages/02-cmn-CN.json b/src/languages/02-cmn-CN.json similarity index 100% rename from src-languages/02-cmn-CN.json rename to src/languages/02-cmn-CN.json diff --git a/src-languages/02-cmn-CN.md b/src/languages/02-cmn-CN.md similarity index 100% rename from src-languages/02-cmn-CN.md rename to src/languages/02-cmn-CN.md diff --git a/src-languages/03-cmn-TW.json b/src/languages/03-cmn-TW.json similarity index 100% rename from src-languages/03-cmn-TW.json rename to src/languages/03-cmn-TW.json diff --git a/src-languages/03-cmn-TW.md b/src/languages/03-cmn-TW.md similarity index 100% rename from src-languages/03-cmn-TW.md rename to src/languages/03-cmn-TW.md diff --git a/src/scripts/build.ts b/src/scripts/build.ts new file mode 100644 index 0000000..f863488 --- /dev/null +++ b/src/scripts/build.ts @@ -0,0 +1,557 @@ +#!/usr/bin/env node +import { sha1 } from '@noble/hashes/legacy.js'; +import { bytesToHex, concatBytes, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js'; +import { CMS } from 'micro-key-producer/x509.js'; +import fs from 'node:fs'; +import net from 'node:net'; +import path from 'node:path'; +import { fileURLToPath } from 'node:url'; + +type LangData = { + code: string; + name: string; + table_columns: { + name: string; + region: string; + censorship: string; + notes: string; + install_signed: string; + install_unsigned: string; + }; + yes: string; + no: string; +}; +type Lang = { code: string; name: string; mdFile: string; data: LangData }; +// Per-protocol endpoint configuration used to generate Apple DNSSettings payload. +type Endpoint = { + ServerURLOrName: string; + ServerAddresses?: string[]; + signature?: string; + onDemandRules?: Array>; +}; + +// Variant extends provider defaults (names/notes/censorship/region/website) for one profile family slice. +type Variant = { + names?: Record; + notes?: Record; + consent?: string; + onDemandRules?: Array>; + censorship?: boolean; + website?: string; + region?: string | string[]; + ServerAddresses?: string[]; + https?: Endpoint; + tls?: Endpoint; +}; + +// Provider-level metadata and a set of variants used for table rows and profile generation. +type Provider = { + names: Record; + notes?: Record; + consent?: string; + onDemandRules?: Array>; + hidden?: boolean; + website?: string; + region?: string | string[]; + censorship?: boolean; + variants: Record; +}; + +// Flattened generated profile entry (provider + variant + protocol) used for plist/sign output. +type Profile = { + name: string; + description: string; + consent?: string; + onDemanRules?: Array>; + protocol: 'https' | 'tls'; + ServerURLOrName: string; + ServerAddresses?: string[]; + signature?: string; +}; +type DnsInput = { protocol: string; server: string; addresses: string[] }; + +const __filename = fileURLToPath(import.meta.url); +const __dirname = path.dirname(__filename); +const ROOT = path.join(__dirname, '..', '..'); +const SRC = path.join(ROOT, 'src'); +const PROFILES = path.join(ROOT, 'profiles'); +const SIGNED = path.join(ROOT, 'signed'); +const CERT = path.join(SRC, 'certificates', 'cert.pem'); +const CHAIN = path.join(SRC, 'certificates', 'chain.pem'); +const LANGUAGES_DIR = path.join(SRC, 'languages'); +const DEFAULT_LANG = 'en'; +const OUTPUT_DIR = ROOT; +const REPO_RAW = 'https://github.com/paulmillr/encrypted-dns/raw/master'; +const SIGN_OPTS = { extraEntropy: false } as const; +const ROOT_IDENTIFIER = 'com.paulmillr.apple-dns'; +const SENTENCE_SEPARATOR: Record = { + en: '. ', + 'cmn-CN': ',', + 'cmn-TW': ',', +}; +const REGIONS: Record = { + US: '🇺🇸', + CN: '🇨🇳', + RU: '🇷🇺', + NL: '🇳🇱', + DE: '🇩🇪', + CH: '🇨🇭', + FR: '🇫🇷', + CA: '🇨🇦', + SE: '🇸🇪', + CZ: '🇨🇿', + EU: '🇪🇺', + SG: '🇸🇬', + TW: '🇹🇼', +}; + +const validateIdent = (v: string, where = 'ident') => { + if (!/^[A-Za-z0-9-]+$/.test(v)) throw new Error(`${where}: expected [A-Za-z0-9-], got ${v}`); + return v; +}; +const validId = (s: string) => /^[A-Za-z0-9.-]+$/.test(s); +const validHost = (s: string) => + /^(?=.{1,253}$)(?!-)(?:[A-Za-z0-9-]{1,63}\.)*[A-Za-z0-9-]{1,63}$/.test(s) && !s.includes('..'); +const splitCsv = (s: string) => + s + .split(',') + .map((x) => x.trim()) + .filter(Boolean); +const validateDnsInput = (x: DnsInput, where: string) => { + const protocol = x.protocol.toUpperCase(); + if (protocol !== 'HTTPS' && protocol !== 'TLS') + throw new Error(`${where}: expected protocol HTTPS|TLS, got ${x.protocol}`); + if (!x.server.trim()) throw new Error(`${where}: server is required`); + if (protocol === 'HTTPS') { + let url: URL; + try { + url = new URL(x.server); + } catch { + throw new Error(`${where}: https server must be a valid URL, got: ${x.server}`); + } + if (url.protocol !== 'https:') + throw new Error(`${where}: https server URL must use https://, got: ${x.server}`); + } else if (!validHost(x.server)) + throw new Error(`${where}: tls server must be a hostname, got: ${x.server}`); + for (const ip of x.addresses) + if (!net.isIP(ip)) throw new Error(`${where}: invalid IP address: ${ip}`); + if (protocol === 'TLS' && x.addresses.length === 0) + throw new Error(`${where}: tls requires at least one IP in addresses`); +}; +const validateLangMap = ( + m: Record | undefined, + where: string, + requireEn: boolean +) => { + if (!m) { + if (requireEn) throw new Error(`${where}: missing map`); + return; + } + if (typeof m !== 'object') throw new Error(`${where}: expected object`); + if (requireEn) { + if (typeof m.en !== 'string' || !m.en.trim()) throw new Error(`${where}: missing non-empty en`); + } + for (const k in m) { + if (k === 'en') continue; + if (typeof m[k] !== 'string' || !m[k].trim()) + throw new Error(`${where}.${k}: expected non-empty string`); + } +}; +const mergeText = (base: string | undefined, extra: string | undefined, joiner: string) => { + const a = base ? base.trim() : ''; + const b = extra ? extra.trim() : ''; + if (a && b) { + if ((joiner === '. ' || joiner === '。') && /[.!?。!?]$/.test(a)) return `${a} ${b}`; + if (joiner === ',' && /[,。!?]$/.test(a)) return `${a}${b}`; + return `${a}${joiner}${b}`; + } + return a || b || ''; +}; +const mergeMap = ( + base: Record | undefined, + extra: Record | undefined, + joiner: string | Record +) => { + const out: Record = {}; + const keys = new Set(); + keys.add(DEFAULT_LANG); + if (base) for (const k in base) keys.add(k); + if (extra) for (const k in extra) keys.add(k); + for (const k of keys) { + const b = base ? base[k] || base[DEFAULT_LANG] : undefined; + const e = extra ? extra[k] || extra[DEFAULT_LANG] : undefined; + const j = typeof joiner === 'string' ? joiner : joiner[k] || joiner[DEFAULT_LANG] || '. '; + const merged = mergeText(b, e, j); + if (merged) out[k] = merged; + } + return Object.keys(out).length ? out : undefined; +}; +const regionList = (region: string | string[] | undefined): string[] => + Array.isArray(region) ? region : region ? [region] : []; +const formatFlags = (region: string | string[] | undefined): string => + regionList(region) + .map((x) => REGIONS[x] || x) + .filter(Boolean) + .join(' '); +const getVariants = (name: string, provider: Provider): Record => { + validateIdent(name, `provider (${name})`); + const out: Record = {}; + for (const variantName in provider.variants) { + validateIdent(variantName, `${name}.variants.${variantName}`); + const variant = provider.variants[variantName]; + out[variantName] = { + names: mergeMap(provider.names, variant.names, ' '), + notes: mergeMap(provider.notes, variant.notes, SENTENCE_SEPARATOR), + consent: variant.consent !== undefined ? variant.consent : provider.consent, + onDemandRules: + variant.onDemandRules !== undefined ? variant.onDemandRules : provider.onDemandRules, + censorship: variant.censorship !== undefined ? variant.censorship : provider.censorship, + website: variant.website || provider.website, + region: variant.region !== undefined ? variant.region : provider.region, + ServerAddresses: variant.ServerAddresses, + https: variant.https, + tls: variant.tls, + }; + } + return out; +}; +const getProfiles = (name: string, variant: Variant): Record => { + validateIdent(name, `profile prefix (${name})`); + const out: Record = {}; + const add = (protocol: 'https' | 'tls', endpoint: Endpoint | undefined) => { + if (!endpoint) return; + const key = `${name}-${protocol}`; + validateIdent(key, `profiles.${key}`); + const profileName = (variant.names && variant.names.en) || name; + const note = (variant.notes && variant.notes.en) || ''; + const noteLine = note ? (/[.!?]$/.test(note.trim()) ? note.trim() : `${note.trim()}.`) : ''; + const flags = formatFlags(variant.region); + const profileDescription = `Configures device to use ${profileName} over ${protocol.toUpperCase()} +${noteLine} +Server location: ${flags}. +Filtering: ${variant.censorship ? 'yes' : 'no'}`; + out[key] = { + name: profileName, + description: profileDescription, + consent: variant.consent, + onDemanRules: + endpoint.onDemandRules !== undefined ? endpoint.onDemandRules : variant.onDemandRules, + protocol, + ServerURLOrName: endpoint.ServerURLOrName, + ServerAddresses: endpoint.ServerAddresses || variant.ServerAddresses, + signature: endpoint.signature, + }; + }; + add('https', variant.https); + add('tls', variant.tls); + return out; +}; +const uuidV5 = (seed: string) => { + // UUID v5 is defined as SHA-1(namespace || name) with v5/variant bits set + // (RFC 4122 / RFC 9562). This is used here for stable deterministic IDs, + // not as a cryptographic integrity primitive. + const ns = new Uint8Array([ + 0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8, + ]); + const out = sha1(concatBytes(ns, utf8ToBytes(seed))).subarray(0, 16); + out[6] = (out[6] & 0x0f) | 0x50; // byte 6 high nibble = 0101 (version 5), low nibble keeps hash entropy + out[8] = (out[8] & 0x3f) | 0x80; // byte 8 high bits = 10 (RFC 4122/9562 variant), low 6 bits keep hash entropy + const s = bytesToHex(out); + return `${s.slice(0, 8)}-${s.slice(8, 12)}-${s.slice(12, 16)}-${s.slice(16, 20)}-${s.slice(20, 32)}`.toUpperCase(); +}; +const escapeXML = (s: string) => + s + .replaceAll('&', '&') + .replaceAll('<', '<') + .replaceAll('>', '>') + .replaceAll('"', '"') + .replaceAll("'", '''); +type PlistNode = string | number | boolean | PlistNode[] | Record; +const plistNode = (x: PlistNode, level: number): string => { + const pad = '\t'.repeat(level); + if (typeof x === 'string') return `${pad}${escapeXML(x)}\n`; + if (typeof x === 'number') return `${pad}${x}\n`; + if (typeof x === 'boolean') return `${pad}<${x ? 'true' : 'false'}/>\n`; + if (Array.isArray(x)) { + let out = `${pad}\n`; + for (const i of x) out += plistNode(i, level + 1); + return `${out}${pad}\n`; + } + let out = `${pad}\n`; + for (const [k, v] of Object.entries(x)) { + if (v === undefined) continue; + out += `${pad}\t${k}\n`; + out += plistNode(v, level + 1); + } + return `${out}${pad}\n`; +}; +const genProfile = (name: string, profile: Profile): string => { + const key = name; + const p = profile; + const title = p.name; + const proto = p.protocol.toUpperCase(); + const display = `${title} Encrypted DNS over ${proto}`; + const rel = `${key}.mobileconfig`; + const payloadUUID = uuidV5(`${ROOT_IDENTIFIER}::payload::0::${rel}`); + const payloadId = `com.apple.dnsSettings.managed.${payloadUUID.toLowerCase()}`; + const topUUID = uuidV5(`${ROOT_IDENTIFIER}::root::${rel}`); + const topId = ROOT_IDENTIFIER; + const serverKey = p.ServerURLOrName.startsWith('https://') ? 'ServerURL' : 'ServerName'; + const dns: Record = { DNSProtocol: proto }; + if (p.ServerAddresses && p.ServerAddresses.length) dns.ServerAddresses = p.ServerAddresses; + dns[serverKey] = p.ServerURLOrName; + const payload: Record = { + DNSSettings: dns, + ...(p.onDemanRules ? { OnDemandRules: p.onDemanRules as PlistNode } : {}), + PayloadDescription: `Configures device to use ${display}`, + PayloadDisplayName: display, + PayloadIdentifier: payloadId, + PayloadType: 'com.apple.dnsSettings.managed', + PayloadUUID: payloadUUID, + PayloadVersion: 1, + ProhibitDisablement: false, + }; + const root: Record = { + PayloadContent: [payload], + PayloadDescription: p.description, + ...(p.consent ? { ConsentText: { default: p.consent } } : {}), + PayloadDisplayName: display, + PayloadIdentifier: topId, + PayloadRemovalDisallowed: false, + PayloadScope: 'System', + PayloadType: 'Configuration', + PayloadUUID: topUUID, + PayloadVersion: 1, + }; + return ` + + +${plistNode(root, 0)} +`; +}; +const fromSig = (s: string) => { + const txt = s.trim(); + if (!/^[0-9a-f]+$/i.test(txt) || txt.length % 2) throw new Error(`bad signature hex`); + return hexToBytes(txt); +}; +const FULLWIDTH = + /[\u1100-\u115F\u2329\u232A\u2E80-\u303E\u3040-\uA4CF\uAC00-\uD7A3\uF900-\uFAFF\uFE10-\uFE19\uFE30-\uFE6F\uFF00-\uFF60\uFFE0-\uFFE6]/u; +const chrWidth = (str: string) => { + let width = 0; + for (const c of str) width += FULLWIDTH.test(c) || REGIONS[c] ? 2 : 1; + return width; +}; +const padEnd = (s: string, len: number, chr: string) => + `${s}${chr.repeat(Math.max(0, len - chrWidth(s)))}`; +const genTable = (rows: string[][]) => { + const widths = rows[0].map(() => 0); + for (const r of rows) + for (let i = 0; i < r.length; i++) widths[i] = Math.max(widths[i], chrWidth(r[i])); + let table = ''; + rows.forEach((r, i) => { + const cells = r.map((c, j) => padEnd(c, widths[j], ' ')).join(' | '); + table += `| ${cells} |\n`; + if (i === 0) table += `| ${r.map((_, j) => padEnd('', widths[j], '-')).join(' | ')} |\n`; + }); + return table; +}; +const languages: Lang[] = fs + .readdirSync(LANGUAGES_DIR) + .filter((name) => name.endsWith('.json')) + .sort() + .map((name) => { + const data = JSON.parse(fs.readFileSync(path.join(LANGUAGES_DIR, name), 'utf8')) as LangData; + return { + code: data.code, + name: data.name, + mdFile: path.join(LANGUAGES_DIR, name.replace('.json', '.md')), + data, + }; + }); + +const PROVIDERS: Record = Object.fromEntries( + fs + .readdirSync(SRC) + .filter((f) => f.endsWith('.json')) + .map((file) => { + const m = /^(\d+)-(.+)\.json$/.exec(file); + if (!m) throw new Error(`bad provider file name: ${file} (expected NN-slug.json)`); + const ord = Number(m[1]); + if (!Number.isSafeInteger(ord)) throw new Error(`bad numeric prefix in ${file}`); + const slug = validateIdent(m[2], `file slug (${file})`); + return { file, ord, slug }; + }) + .sort((a, b) => a.ord - b.ord || a.slug.localeCompare(b.slug)) + .map(({ file, slug }) => { + const src = path.join(SRC, file); + const provider = JSON.parse(fs.readFileSync(src, 'utf8')) as Provider; + if (!provider || typeof provider !== 'object') throw new Error(`${file}: expected object`); + if (!provider.names || typeof provider.names !== 'object') + throw new Error(`${file}: missing names`); + if (provider.notes !== undefined && typeof provider.notes !== 'object') + throw new Error(`${file}: notes must be object`); + if (provider.consent !== undefined && typeof provider.consent !== 'string') + throw new Error(`${file}: consent must be string`); + validateLangMap(provider.names, `${file}.names`, true); + validateLangMap(provider.notes, `${file}.notes`, false); + if (!provider.variants || typeof provider.variants !== 'object') + throw new Error(`${file}: missing variants`); + for (const k in provider.variants) { + validateIdent(k, `${file}.variants.${k}`); + const v = provider.variants[k]; + if (!v || typeof v !== 'object') throw new Error(`${file}.variants.${k}: expected object`); + if (v.consent !== undefined && typeof v.consent !== 'string') + throw new Error(`${file}.variants.${k}.consent: expected string`); + validateLangMap(v.names, `${file}.variants.${k}.names`, k !== 'default'); + validateLangMap(v.notes, `${file}.variants.${k}.notes`, false); + } + return [slug, provider] as const; + }) +); +type TableRow = { + id: string; + profileBase: string; + hidden: boolean; + website?: string; + names: Record; + notes: Record; + region: string[]; + censorship: boolean; + unsigned: { https: boolean; tls: boolean }; + signed: { https: boolean; tls: boolean }; +}; +let tableRows: TableRow[] = []; +const tags: Record string> = { + LANGUAGES: (lang) => + languages + .map((x) => { + if (x.code === lang.code) return x.name; + return `[${x.name}](https://github.com/paulmillr/encrypted-dns/${x.code === DEFAULT_LANG ? '' : `blob/master/README.${x.code}.md`})`; + }) + .join(' | '), + PROVIDERS_TABLE: (lang) => { + const mat: string[][] = [ + [ + lang.data.table_columns.name, + lang.data.table_columns.region, + lang.data.table_columns.censorship, + lang.data.table_columns.notes, + lang.data.table_columns.install_signed, + lang.data.table_columns.install_unsigned, + ], + ]; + for (const r of tableRows.filter((x) => !x.hidden)) { + const name = r.names[lang.code] || r.names[DEFAULT_LANG] || r.id; + const note = r.notes[lang.code] || r.notes[DEFAULT_LANG] || ''; + const region = r.region + .map((x) => REGIONS[x] || '') + .join(' ') + .trim(); + const c = r.censorship ? lang.data.yes : lang.data.no; + const s: string[] = []; + if (r.signed.https) s.push(`[HTTPS][${r.profileBase}-https-signed]`); + if (r.signed.tls) s.push(`[TLS][${r.profileBase}-tls-signed]`); + const u: string[] = []; + if (r.unsigned.https) u.push(`[HTTPS][${r.profileBase}-https]`); + if (r.unsigned.tls) u.push(`[TLS][${r.profileBase}-tls]`); + mat.push([`[${name}][${r.id}]`, region, c, note, s.join(', '), u.join(', ')]); + } + return genTable(mat).trim(); + }, + PROVIDERS_LINKS: () => { + let out = ''; + for (const r of tableRows.filter((x) => !x.hidden)) { + if (r.website) out += `[${r.id}]: ${r.website}\n`; + if (r.unsigned.https) + out += `[${r.profileBase}-https]: ${REPO_RAW}/profiles/${r.profileBase}-https.mobileconfig\n`; + if (r.unsigned.tls) + out += `[${r.profileBase}-tls]: ${REPO_RAW}/profiles/${r.profileBase}-tls.mobileconfig\n`; + } + for (const r of tableRows.filter((x) => !x.hidden)) { + if (r.signed.https) + out += `[${r.profileBase}-https-signed]: ${REPO_RAW}/signed/${r.profileBase}-https.mobileconfig\n`; + if (r.signed.tls) + out += `[${r.profileBase}-tls-signed]: ${REPO_RAW}/signed/${r.profileBase}-tls.mobileconfig\n`; + } + return out; + }, +}; +const main = () => { + tableRows = []; + const enc = new TextEncoder(); + const signerMaterial = + fs.existsSync(CERT) && fs.existsSync(CHAIN) + ? { cert: fs.readFileSync(CERT, 'utf8'), chain: fs.readFileSync(CHAIN, 'utf8') } + : undefined; + if (!fs.existsSync(PROFILES)) fs.mkdirSync(PROFILES); + if (!fs.existsSync(SIGNED)) fs.mkdirSync(SIGNED); + for (const [providerName, provider] of Object.entries(PROVIDERS)) { + const variants = getVariants(providerName, provider); + for (const [variantName, variant] of Object.entries(variants)) { + const base = `${providerName}-${variantName}`; + const all = getProfiles(base, variant); + const row: TableRow = { + id: base, + profileBase: base, + hidden: !!provider.hidden, + website: variant.website, + names: variant.names || { en: base }, + notes: variant.notes || { en: '' }, + region: regionList(variant.region), + censorship: !!variant.censorship, + unsigned: { https: false, tls: false }, + signed: { https: false, tls: false }, + }; + for (const [profileName, profile] of Object.entries(all)) { + const xml = genProfile(profileName, profile); + const profilePath = path.join(PROFILES, `${profileName}.mobileconfig`); + fs.writeFileSync(profilePath, xml); + console.log(`Generated profiles/${profileName}.mobileconfig`); + let hasSigned = false; + if (profile.signature) { + const compact = fromSig(profile.signature); + if (!signerMaterial) { + console.log( + `WARN missing cert/chain; skipping signed/${profileName}.mobileconfig (need certificates/cert.pem + certificates/chain.pem)` + ); + row.unsigned[profile.protocol] = true; + row.signed[profile.protocol] = false; + continue; + } + const der = CMS.compact.build( + enc.encode(xml), + compact, + signerMaterial.cert, + signerMaterial.chain, + SIGN_OPTS + ); + CMS.verify(der, { allowBER: true, checkSignatures: true, time: Date.now() }); + fs.writeFileSync(path.join(SIGNED, `${profileName}.mobileconfig`), der); + console.log(`Generated signed/${profileName}.mobileconfig`); + hasSigned = true; + } + row.unsigned[profile.protocol] = true; + row.signed[profile.protocol] = hasSigned; + } + tableRows.push(row); + } + } + for (const lang of languages) { + const tpl = fs.readFileSync(lang.mdFile, 'utf8'); + let out = tpl; + for (const [k, fn] of Object.entries(tags)) + out = out.replace(new RegExp(`<%${k}%>`, 'g'), fn(lang)); + const file = lang.code === DEFAULT_LANG ? 'README.md' : `README.${lang.code}.md`; + fs.writeFileSync(path.join(OUTPUT_DIR, file), out, 'utf8'); + console.log(`Generated ${file}`); + } + console.log(`providers: ${Object.keys(PROVIDERS).length}`); + console.log(`rows: ${tableRows.length}`); +}; + +if (process.argv[1] && path.resolve(process.argv[1]) === __filename) { + main(); +} + +export { genProfile, getProfiles, getVariants, SIGN_OPTS, splitCsv, validateDnsInput, validId }; +export type { Profile, Provider, Variant }; diff --git a/src/scripts/check-fields.ts b/src/scripts/check-fields.ts new file mode 100755 index 0000000..71eb62e --- /dev/null +++ b/src/scripts/check-fields.ts @@ -0,0 +1,112 @@ +#!/usr/bin/env node +import fs from 'node:fs'; +import path from 'node:path'; + +type Seen = { count: number; where: string[] }; + +const ROOT = path.join(path.dirname(new URL(import.meta.url).pathname), '..', '..'); +const DIR = path.join(ROOT, 'src'); +const files = fs + .readdirSync(DIR) + .filter((f) => f.endsWith('.json')) + .sort(); +const showWhere = process.argv.includes('--where'); + +const add = (map: Map, key: string, where: string) => { + const cur = map.get(key); + if (cur) { + cur.count++; + cur.where.push(where); + return; + } + map.set(key, { count: 1, where: [where] }); +}; + +const walk = (v: unknown, prefix: string, where: string, map: Map) => { + if (!v || typeof v !== 'object' || Array.isArray(v)) return; + for (const [k, val] of Object.entries(v)) { + const p = prefix ? `${prefix}.${k}` : k; + add(map, p, where); + if (!val || typeof val !== 'object' || Array.isArray(val)) continue; + walk(val, p, where, map); + } +}; + +const providerFields = new Map(); +const variantFields = new Map(); +const endpointFields = new Map(); +let totalVariants = 0; +let totalEndpoints = 0; + +for (const f of files) { + const full = path.join(DIR, f); + const p = JSON.parse(fs.readFileSync(full, 'utf8')) as Record; + for (const [k, val] of Object.entries(p)) { + if (k === 'variants') continue; + add(providerFields, k, f); + if (!val || typeof val !== 'object' || Array.isArray(val)) continue; + walk(val, k, f, providerFields); + } + const variants = p.variants; + if (!variants || typeof variants !== 'object' || Array.isArray(variants)) continue; + for (const variant of Object.values(variants as Record)) { + if (!variant || typeof variant !== 'object' || Array.isArray(variant)) continue; + const variantObj = variant as Record; + totalVariants++; + for (const [k, val] of Object.entries(variantObj)) { + if (k === 'https' || k === 'tls') continue; + add(variantFields, k, f); + if (!val || typeof val !== 'object' || Array.isArray(val)) continue; + walk(val, k, f, variantFields); + } + for (const proto of ['https', 'tls'] as const) { + const cfg = variantObj[proto]; + if (!cfg || typeof cfg !== 'object' || Array.isArray(cfg)) continue; + totalEndpoints++; + // Intentionally ignore variant name in field path: aggregate by endpoint shape only. + walk(cfg, '', `${f}:${proto}`, endpointFields); + } + } +} + +const print = (title: string, map: Map, total: number, showWhereArg: boolean) => { + console.log(`\n${title}`); + const rows = Array.from(map.entries()); + const groups = new Map>(); + for (const row of rows) { + const root = row[0].split('.')[0]; + const cur = groups.get(root); + if (cur) { + cur.push(row); + continue; + } + groups.set(root, [row]); + } + const order = Array.from(groups.keys()).sort((a, b) => { + const ca = map.get(a)?.count || 0; + const cb = map.get(b)?.count || 0; + if (cb !== ca) return cb - ca; + return a.localeCompare(b); + }); + for (const root of order) { + const list = groups.get(root) || []; + list.sort((a, b) => { + if (a[0] === root && b[0] !== root) return -1; + if (b[0] === root && a[0] !== root) return 1; + if (b[1].count !== a[1].count) return b[1].count - a[1].count; + return a[0].localeCompare(b[0]); + }); + for (const [field, info] of list) { + const indent = field === root ? '' : ' '; + const label = field === root ? field : field.slice(root.length + 1); + const pct = total ? Math.round((info.count / total) * 100) : 0; + console.log(`${indent}${label} -> ${info.count}/${total} (${pct}%)`); + if (showWhereArg) for (const w of info.where) console.log(` ${w}`); + } + } +}; + +console.log(`providers: ${files.length}`); +print('provider-fields', providerFields, files.length, showWhere); +print('variant-fields', variantFields, totalVariants, showWhere); +print('endpoint-fields(https/tls)', endpointFields, totalEndpoints, showWhere); diff --git a/src/scripts/new.test.ts b/src/scripts/new.test.ts new file mode 100644 index 0000000..8bf91af --- /dev/null +++ b/src/scripts/new.test.ts @@ -0,0 +1,323 @@ +import { deepStrictEqual } from 'node:assert'; +import { spawn, spawnSync } from 'node:child_process'; +import fs from 'node:fs'; +import os from 'node:os'; +import path from 'node:path'; +import { describe, it } from 'node:test'; + +const ROOT = path.join(path.dirname(new URL(import.meta.url).pathname), '..', '..'); +const NEW = path.join(ROOT, 'src', 'scripts', 'new.ts'); + +const run = (args: string[], input = '', cwd?: string) => { + const res = spawnSync('node', [NEW, ...args], { + cwd: cwd || ROOT, + input, + encoding: 'utf8', + }); + if (res.status !== 0) + throw new Error(`new.ts failed (${res.status}):\n${res.stdout}\n${res.stderr}`); + return res; +}; +const runRaw = (args: string[], input = '', cwd?: string) => + spawnSync('node', [NEW, ...args], { + cwd: cwd || ROOT, + input, + encoding: 'utf8', + }); + +type PtyRes = { + code: number | null; + signal: NodeJS.Signals | null; + sent: number; + outTail: string; + errTail: string; +}; +const runPtyFlow = async ( + argv: string[], + cwd: string, + answers: string[], + opts: { timeoutMs?: number } = {} +): Promise => { + const timeoutMs = opts.timeoutMs || 15000; + const cmd = argv.map((a) => JSON.stringify(a)).join(' '); + const p = spawn('bash', ['-lc', cmd], { + cwd, + stdio: ['pipe', 'pipe', 'pipe'], + }); + let sent = 0; + let out = ''; + let err = ''; + const send = () => { + if (sent >= answers.length) return; + if (!p.stdin.writable) return; + p.stdin.write(`${answers[sent++]}\n`); + if (sent === answers.length) p.stdin.end(); + }; + p.stdout.on('data', (d) => { + out += d.toString(); + if (/(?:\]: |: )$/.test(out)) send(); + }); + p.stderr.on('data', (d) => { + err += d.toString(); + }); + return await new Promise((resolve, reject) => { + const timer = setTimeout(() => { + p.kill('SIGKILL'); + reject( + new Error( + `PTY interactive flow timed out\nstdout:\n${out.slice(-800)}\nstderr:\n${err.slice(-800)}` + ) + ); + }, timeoutMs); + p.on('error', (e) => { + clearTimeout(timer); + reject(e); + }); + p.on('exit', (code, signal) => { + clearTimeout(timer); + resolve({ code, signal, sent, outTail: out.slice(-800), errTail: err.slice(-800) }); + }); + }); +}; + +const EXPECT_ARGS = ` + + + +\tPayloadContent +\t +\t\t +\t\t\tDNSSettings +\t\t\t +\t\t\t\tDNSProtocol +\t\t\t\tHTTPS +\t\t\t\tServerAddresses +\t\t\t\t +\t\t\t\t\t1.1.1.1 +\t\t\t\t\t1.0.0.1 +\t\t\t\t +\t\t\t\tServerURL +\t\t\t\thttps://dns.example.test/dns-query +\t\t\t +\t\t\tPayloadDescription +\t\t\tConfigures device to use Args DNS Encrypted DNS over HTTPS +\t\t\tPayloadDisplayName +\t\t\tArgs DNS Encrypted DNS over HTTPS +\t\t\tPayloadIdentifier +\t\t\tcom.apple.dnsSettings.managed.a25bcc3b-655b-58d4-b883-dce8ca57b701 +\t\t\tPayloadType +\t\t\tcom.apple.dnsSettings.managed +\t\t\tPayloadUUID +\t\t\tA25BCC3B-655B-58D4-B883-DCE8CA57B701 +\t\t\tPayloadVersion +\t\t\t1 +\t\t\tProhibitDisablement +\t\t\t +\t\t +\t +\tPayloadDescription +\tArgs top description +\tPayloadDisplayName +\tArgs DNS Encrypted DNS over HTTPS +\tPayloadIdentifier +\tcom.paulmillr.apple-dns +\tPayloadRemovalDisallowed +\t +\tPayloadScope +\tSystem +\tPayloadType +\tConfiguration +\tPayloadUUID +\tA41DCCF5-F126-5CF4-83A3-76151FDA864F +\tPayloadVersion +\t1 + + +`; +const EXPECT_INTERACTIVE = ` + + + +\tPayloadContent +\t +\t\t +\t\t\tDNSSettings +\t\t\t +\t\t\t\tDNSProtocol +\t\t\t\tHTTPS +\t\t\t\tServerAddresses +\t\t\t\t +\t\t\t\t\t1.1.1.1 +\t\t\t\t\t1.0.0.1 +\t\t\t\t +\t\t\t\tServerURL +\t\t\t\thttps://dns.interactive.test/dns-query +\t\t\t +\t\t\tPayloadDescription +\t\t\tConfigures device to use Interactive DNS Encrypted DNS over HTTPS +\t\t\tPayloadDisplayName +\t\t\tInteractive DNS Encrypted DNS over HTTPS +\t\t\tPayloadIdentifier +\t\t\tcom.apple.dnsSettings.managed.da5947a2-98fc-5296-a77b-ad12511af53e +\t\t\tPayloadType +\t\t\tcom.apple.dnsSettings.managed +\t\t\tPayloadUUID +\t\t\tDA5947A2-98FC-5296-A77B-AD12511AF53E +\t\t\tPayloadVersion +\t\t\t1 +\t\t\tProhibitDisablement +\t\t\t +\t\t +\t +\tPayloadDescription +\tAdds the Interactive DNS to Big Sur and iOS 14 based systems +\tPayloadDisplayName +\tInteractive DNS Encrypted DNS over HTTPS +\tPayloadIdentifier +\tcom.paulmillr.apple-dns +\tPayloadRemovalDisallowed +\t +\tPayloadScope +\tSystem +\tPayloadType +\tConfiguration +\tPayloadUUID +\t24F6FD9B-B466-5565-9896-6F398ADD8741 +\tPayloadVersion +\t1 + + +`; + +describe('new.ts', () => { + it('args flow generates expected profile shape', () => { + const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-args-')); + try { + const out = path.join(dir, 'args.mobileconfig'); + run( + [ + '--name', + 'Args DNS', + '--protocol', + 'https', + '--server', + 'https://dns.example.test/dns-query', + '--addresses', + '1.1.1.1,1.0.0.1', + '--description', + 'Args top description', + '--out', + out, + ], + '', + dir + ); + const got = fs.readFileSync(out, 'utf8'); + deepStrictEqual(got, EXPECT_ARGS); + } finally { + fs.rmSync(dir, { recursive: true, force: true }); + } + }); + + it('uses deterministic UUIDs for same output filename', () => { + const aDir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-det-a-')); + const bDir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-det-b-')); + try { + const outA = path.join(aDir, 'same.mobileconfig'); + const outB = path.join(bDir, 'same.mobileconfig'); + const args = [ + '--name', + 'Det DNS', + '--protocol', + 'https', + '--server', + 'https://dns.det.test/dns-query', + '--addresses', + '1.1.1.1', + ]; + run([...args, '--out', outA], '', aDir); + run([...args, '--out', outB], '', bDir); + deepStrictEqual(fs.readFileSync(outA, 'utf8'), fs.readFileSync(outB, 'utf8')); + } finally { + fs.rmSync(aDir, { recursive: true, force: true }); + fs.rmSync(bDir, { recursive: true, force: true }); + } + }); + + it('fails on invalid https server URL', () => { + const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-retry-')); + try { + const res = runRaw( + [ + '--name', + 'Retry DNS', + '--protocol', + 'https', + '--server', + 'bad-url', + '--addresses', + '1.1.1.1', + ], + '', + dir + ); + deepStrictEqual(res.status, 1); + deepStrictEqual(fs.readdirSync(dir).filter((x) => x.endsWith('.mobileconfig')).length, 0); + } finally { + fs.rmSync(dir, { recursive: true, force: true }); + } + }); + + it('appends .mobileconfig when output has no extension', () => { + const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-ext-')); + try { + const outNoExt = path.join(dir, 'noext'); + const res = run( + [ + '--name', + 'NoExt DNS', + '--protocol', + 'https', + '--server', + 'https://dns.noext.test/dns-query', + '--addresses', + '1.1.1.1', + '--out', + outNoExt, + ], + '', + dir + ); + deepStrictEqual(res.status, 0); + deepStrictEqual(fs.existsSync(`${outNoExt}.mobileconfig`), true); + } finally { + fs.rmSync(dir, { recursive: true, force: true }); + } + }); + + it('full interactive flow', async () => { + if (process.env.NEW_TEST_PTY === '0') return; + const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-new-pty-')); + try { + const out = path.join(dir, 'interactive.mobileconfig'); + const answers = [ + 'Interactive DNS', + 'https', + 'https://dns.interactive.test/dns-query', + '1.1.1.1,1.0.0.1', + 'no', + 'Adds the Interactive DNS to Big Sur and iOS 14 based systems', + out, + ]; + const res = await runPtyFlow(['node', NEW], dir, answers); + deepStrictEqual(res.code, 0); + deepStrictEqual(res.signal, null); + deepStrictEqual(res.sent, answers.length); + deepStrictEqual(fs.existsSync(out), true); + const xml = fs.readFileSync(out, 'utf8'); + deepStrictEqual(xml, EXPECT_INTERACTIVE); + } finally { + fs.rmSync(dir, { recursive: true, force: true }); + } + }); +}); diff --git a/scripts/new.ts b/src/scripts/new.ts similarity index 63% rename from scripts/new.ts rename to src/scripts/new.ts index ce7affd..9b33e04 100755 --- a/scripts/new.ts +++ b/src/scripts/new.ts @@ -3,31 +3,18 @@ import fs from 'node:fs'; import path from 'node:path'; import { stdin as input, stdout as output } from 'node:process'; import { createInterface } from 'node:readline/promises'; -import { - deterministicUuid, - generateSingle, - splitCsv, - validId, - validateDnsInput, - type ProfileCfg, -} from './build.ts'; +import { genProfile, splitCsv, validateDnsInput } from './build.ts'; import { signFile } from './sign-single.ts'; type Proto = 'https' | 'tls'; type Input = { name: string; - organizationName: string; - profileIdentifier: string; protocol: Proto; server: string; - addresses: string[]; - certs: string[]; + addresses?: string[]; out: string; description: string; - topDescription: string; - prohibitDisablement: boolean; - scope: string; ca?: string; priv_key?: string; chain?: string; @@ -36,24 +23,17 @@ type PartialInput = Partial; const usage = () => { console.error(`usage: - node scripts/new.ts --name --protocol --server --addresses [--organization ] [--profile-identifier ] [--certs ] [--out ] [--description ] [--top-description ] [--prohibit-disablement ] [--scope ] [--ca --priv_key [--chain ]] + new.ts --name --protocol --server --addresses [--out ] [--description ] [--ca --priv_key [--chain ]] notes: - if no args are passed, interactive mode starts - --addresses may be empty only for https - - --prohibit-disablement: true prevents users from disabling encrypted DNS - - --scope: System applies to all users, User applies to current user - - PayloadRemovalDisallowed is fixed to false (same as dns-profile-generator UI flow)`); + - profile identifier is derived from output file name (same key scheme as build.ts)`); }; const die = (msg: string): never => { throw new Error(msg); }; -const parseBool = (v: string, name: string) => { - if (v === 'true') return true; - if (v === 'false') return false; - return die(`${name}: expected true|false, got ${v}`); -}; const parseYesNo = (v: string, name: string) => { const x = v.toLowerCase(); if (x === 'yes' || x === 'y') return true; @@ -67,14 +47,11 @@ const slug = (s: string) => .replace(/(^-|-$)/g, '') || 'dns-profile'; const validate = (x: Input): Input => { if (!x.name.trim()) die('name is required'); - if (!x.profileIdentifier.trim()) die('profile-identifier is required'); - if (!validId(x.profileIdentifier)) - die(`profile-identifier must match [A-Za-z0-9.-], got: ${x.profileIdentifier}`); if (!x.out.trim()) die('out is required'); - if (x.scope !== 'System' && x.scope !== 'User') - die(`scope: expected System|User, got ${x.scope}`); - validateDnsInput({ protocol: x.protocol, server: x.server, addresses: x.addresses }, 'cli input'); - for (const f of x.certs) if (!fs.existsSync(f)) die(`missing file: ${f}`); + validateDnsInput( + { protocol: x.protocol, server: x.server, addresses: x.addresses || [] }, + 'cli input' + ); if ((x.ca && !x.priv_key) || (!x.ca && x.priv_key)) die('signing requires both --ca and --priv_key'); if (x.chain && (!x.ca || !x.priv_key)) die('--chain requires both --ca and --priv_key'); @@ -91,71 +68,25 @@ const withDefaults = (x: PartialInput): Input => { name, protocol, server: x.server || '', - addresses: x.addresses || [], - certs: x.certs || [], - organizationName: x.organizationName || '', + addresses: x.addresses, out: x.out || `${slug(name)}-${protocol}.mobileconfig`, - profileIdentifier: x.profileIdentifier || 'com.example.dns', - description: x.description || `Configures device to use ${name}`, - topDescription: x.topDescription || `Adds ${name} to Big Sur and iOS 14 based systems`, - prohibitDisablement: x.prohibitDisablement !== undefined ? x.prohibitDisablement : false, - scope: x.scope || 'System', + description: x.description || `Adds the ${name} to Big Sur and iOS 14 based systems`, ca: x.ca, priv_key: x.priv_key, chain: x.chain, }; }; -const asProfile = (x: Input): ProfileCfg => ({ - dns: { - protocol: x.protocol.toUpperCase(), - server: x.server, - addresses: x.addresses, - }, - PayloadDisplayName: x.name, - PayloadDescription: x.description, - PayloadIdentifier: `${x.profileIdentifier}.dns`, - PayloadUUID: deterministicUuid(x.profileIdentifier, 'payload', 'cli', 0), - ProhibitDisablement: x.prohibitDisablement, - top: { - displayName: x.name, - description: x.topDescription, - identifier: x.profileIdentifier, - uuid: deterministicUuid(x.profileIdentifier, 'root', 'cli'), - removalDisallowed: false, - scope: x.scope, - organization: x.organizationName || undefined, - }, - certificates: x.certs.map((f, i) => { - const data = fs.readFileSync(f, 'utf8'); - const name = path.basename(f).replace(/\.(pem|cer|crt)$/i, ''); - return { - fileName: path.basename(f), - data, - displayName: name || `Certificate ${i + 1}`, - identifier: `${x.profileIdentifier}.cert.${i}`, - uuid: deterministicUuid(x.profileIdentifier, 'payload', 'cert', i + 1), - }; - }), - escapeXML: true, -}); - const parseArgs = (argv: string[]): PartialInput => { if (!argv.length) return {}; const out: Record = {}; const allowed = new Set([ 'name', - 'organization', - 'profile-identifier', 'protocol', 'server', 'addresses', - 'certs', 'out', 'description', - 'top-description', - 'prohibit-disablement', - 'scope', 'ca', 'priv_key', 'chain', @@ -171,22 +102,13 @@ const parseArgs = (argv: string[]): PartialInput => { i++; } const protocol = out.protocol as Proto | undefined; - const name = out.name; return { - name, - organizationName: out.organization, - profileIdentifier: out['profile-identifier'], + name: out.name, protocol, server: out.server, addresses: out.addresses !== undefined ? splitCsv(out.addresses) : undefined, - certs: out.certs !== undefined ? splitCsv(out.certs) : undefined, description: out.description, - topDescription: out['top-description'], out: out.out, - prohibitDisablement: out['prohibit-disablement'] - ? parseBool(out['prohibit-disablement'], 'prohibit-disablement') - : undefined, - scope: out.scope, ca: out.ca, priv_key: out.priv_key, chain: out.chain, @@ -213,7 +135,7 @@ const askRequired = async (seed: PartialInput = {}): Promise => { try { const name = seed.name || - (await retry('Display name', '', (v) => { + (await retry('Provider name', '', (v) => { if (!v) throw new Error('name is required'); return v; })); @@ -276,7 +198,7 @@ const askFull = async (): Promise => { } }; try { - const name = await retry('Display name', '', (v) => { + const name = await retry('Provider name', '', (v) => { if (!v) throw new Error('name is required'); return v; }); @@ -304,22 +226,11 @@ const askFull = async (): Promise => { } ); const sign = await retry('Sign profile? (yes/no)', 'no', (v) => parseYesNo(v, 'sign')); - const organizationName = await q('Organization name (optional)'); - const profileIdentifier = await retry('Profile identifier', 'com.example.dns', (v) => { - if (!validId(v)) throw new Error(`profile-identifier must match [A-Za-z0-9.-], got: ${v}`); - return v; - }); - const out = await q('Output file', `${slug(name)}-${protocol}.mobileconfig`); - const prohibitDisablement = await retry( - 'Prohibit disabling encrypted DNS? (true|false)', - 'false', - (v) => parseBool(v.toLowerCase(), 'ProhibitDisablement') + const description = await q( + 'Profile description', + `Adds the ${name} to Big Sur and iOS 14 based systems` ); - const scope = await retry('Payload scope (System|User)', 'System', (v) => { - const x = v[0]?.toUpperCase() + v.slice(1).toLowerCase(); - if (x !== 'System' && x !== 'User') throw new Error(`scope: expected System|User, got ${v}`); - return x; - }); + const out = await q('Output file', `${slug(name)}-${protocol}.mobileconfig`); let ca = ''; let priv_key = ''; let chain = ''; @@ -345,11 +256,8 @@ const askFull = async (): Promise => { protocol, server, addresses, - organizationName, - profileIdentifier, + description, out, - prohibitDisablement, - scope, ca: ca || undefined, priv_key: priv_key || undefined, chain: chain || undefined, @@ -367,8 +275,20 @@ const main = async () => { } const parsed = parseArgs(argv); const cfg = validate(withDefaults(argv.length ? await askRequired(parsed) : await askFull())); - const xml = generateSingle(asProfile(cfg)); const out = path.resolve(cfg.out); + const outFile = path.basename(out); + const key = outFile.endsWith('.mobileconfig') + ? outFile.slice(0, -'.mobileconfig'.length) + : outFile; + if (!/^[A-Za-z0-9-]+$/.test(key)) + throw new Error(`output file stem must match [A-Za-z0-9-], got: ${key}`); + const xml = genProfile(key, { + name: cfg.name, + description: cfg.description, + protocol: cfg.protocol, + ServerURLOrName: cfg.server, + ServerAddresses: cfg.addresses, + }); fs.mkdirSync(path.dirname(out), { recursive: true }); fs.writeFileSync(out, xml); console.log(out); diff --git a/src/scripts/sign-single-openssl.sh b/src/scripts/sign-single-openssl.sh new file mode 100755 index 0000000..08476af --- /dev/null +++ b/src/scripts/sign-single-openssl.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +set -euo pipefail + +if [ "$#" -lt 5 ]; then + echo "usage: scripts/sign-single-openssl.sh --ca --priv_key [--chain ] " >&2 + exit 1 +fi + +ca="" +priv_key="" +chain="" +input="" + +while [ "$#" -gt 0 ]; do + case "$1" in + --ca) + ca="$2" + shift 2 + ;; + --priv_key) + priv_key="$2" + shift 2 + ;; + --chain) + chain="$2" + shift 2 + ;; + *) + input="$1" + shift + ;; + esac +done + +if [ -z "$ca" ] || [ -z "$priv_key" ] || [ -z "$input" ]; then + echo "usage: scripts/sign-single-openssl.sh --ca --priv_key [--chain ] " >&2 + exit 1 +fi + +for f in "$ca" "$priv_key" "$input"; do + if [ ! -f "$f" ]; then + echo "missing file: $f" >&2 + exit 1 + fi +done +if [ -n "$chain" ] && [ ! -f "$chain" ]; then + echo "missing file: $chain" >&2 + exit 1 +fi + +if [[ "$input" == *.mobileconfig ]]; then + out="${input%.mobileconfig}.signed.mobileconfig" +else + out="$input.signed.mobileconfig" +fi + +cmd=(openssl cms -sign -binary -nodetach -nosmimecap -in "$input" -signer "$ca" -inkey "$priv_key" -outform DER -out "$out") +if [ -n "$chain" ]; then + cmd+=( -certfile "$chain" ) +fi +"${cmd[@]}" +echo "$out" diff --git a/src/scripts/sign-single.test.ts b/src/scripts/sign-single.test.ts new file mode 100644 index 0000000..ddc0f6b --- /dev/null +++ b/src/scripts/sign-single.test.ts @@ -0,0 +1,162 @@ +import { CMS } from 'micro-key-producer/x509.js'; +import { deepStrictEqual } from 'node:assert'; +import { execFileSync } from 'node:child_process'; +import fs from 'node:fs'; +import os from 'node:os'; +import path from 'node:path'; +import { describe, it } from 'node:test'; + +const root = path.join(path.dirname(new URL(import.meta.url).pathname), '..'); +const scriptSign = path.join(root, 'scripts', 'sign-single.ts'); +const scriptOpenSSL = path.join(root, 'scripts', 'sign-single-openssl.sh'); + +const opensslUsable = () => { + try { + execFileSync('openssl', ['version'], { stdio: 'pipe', encoding: 'utf8' }); + } catch (e) { + const err = e as NodeJS.ErrnoException; + if (err.code === 'EPERM' || err.code === 'ENOENT') + throw new Error(`OpenSSL is required for sign.test.ts (${err.code})`); + throw e; + } +}; +const openssl = (args: string[], cwd: string) => + execFileSync('openssl', args, { cwd, stdio: 'pipe', encoding: 'utf8' }); +const genCerts = (dir: string) => { + const rootKeyEc = path.join(dir, 'root.key.ec.pem'); + const rootKey = path.join(dir, 'root.key.pem'); + const rootPem = path.join(dir, 'root.pem'); + const signerKeyEc = path.join(dir, 'signer.key.ec.pem'); + const signerKey = path.join(dir, 'signer.key.pem'); + const signerCsr = path.join(dir, 'signer.csr.pem'); + const signerPem = path.join(dir, 'signer.pem'); + const chainPem = path.join(dir, 'chain.pem'); + const ext = path.join(dir, 'signer.ext'); + openssl(['ecparam', '-name', 'prime256v1', '-genkey', '-noout', '-out', rootKeyEc], dir); + openssl(['pkcs8', '-topk8', '-nocrypt', '-in', rootKeyEc, '-out', rootKey], dir); + openssl( + [ + 'req', + '-x509', + '-new', + '-key', + rootKeyEc, + '-sha256', + '-days', + '3650', + '-subj', + '/CN=Test Root', + '-out', + rootPem, + ], + dir + ); + openssl(['ecparam', '-name', 'prime256v1', '-genkey', '-noout', '-out', signerKeyEc], dir); + openssl(['pkcs8', '-topk8', '-nocrypt', '-in', signerKeyEc, '-out', signerKey], dir); + openssl(['req', '-new', '-key', signerKey, '-subj', '/CN=Test Signer', '-out', signerCsr], dir); + fs.writeFileSync(ext, 'basicConstraints=critical,CA:FALSE\nkeyUsage=critical,digitalSignature\n'); + openssl( + [ + 'x509', + '-req', + '-in', + signerCsr, + '-CA', + rootPem, + '-CAkey', + rootKey, + '-CAcreateserial', + '-out', + signerPem, + '-days', + '365', + '-sha256', + '-extfile', + ext, + ], + dir + ); + fs.copyFileSync(rootPem, chainPem); + return { signerPem, signerKey, chainPem, rootPem }; +}; +const firstProfile = () => { + const dir = path.join(root, '..', 'profiles'); + const list = fs + .readdirSync(dir) + .filter((x) => x.endsWith('.mobileconfig')) + .sort(); + if (!list.length) throw new Error(`no profiles found in ${dir}`); + return path.join(dir, list[0]); +}; +const verifyOpenSSL = (signed: string, ca: string, out: string, cwd: string) => + openssl( + [ + 'cms', + '-verify', + '-binary', + '-inform', + 'DER', + '-in', + signed, + '-CAfile', + ca, + '-purpose', + 'any', + '-out', + out, + ], + cwd + ); + +describe('sign.ts parity', () => { + it('matches OpenSSL detached content/certs and verifies in both implementations', () => { + opensslUsable(); + const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'encrypted-dns-sign-parity-')); + try { + const { signerPem, signerKey, chainPem, rootPem } = genCerts(dir); + const profile = firstProfile(); + const tsInput = path.join(dir, 'in.ts.mobileconfig'); + const osInput = path.join(dir, 'in.ossl.mobileconfig'); + fs.copyFileSync(profile, tsInput); + fs.copyFileSync(profile, osInput); + execFileSync( + 'node', + [scriptSign, '--ca', signerPem, '--priv_key', signerKey, '--chain', chainPem, tsInput], + { + stdio: 'pipe', + cwd: dir, + } + ); + execFileSync( + scriptOpenSSL, + ['--ca', signerPem, '--priv_key', signerKey, '--chain', chainPem, osInput], + { + stdio: 'pipe', + cwd: dir, + } + ); + const tsSigned = tsInput.replace(/\.mobileconfig$/, '.signed.mobileconfig'); + const osSigned = osInput.replace(/\.mobileconfig$/, '.signed.mobileconfig'); + const tsDer = fs.readFileSync(tsSigned); + const osDer = fs.readFileSync(osSigned); + const tsDetached = CMS.detach(new Uint8Array(tsDer), { allowBER: true }); + const osDetached = CMS.detach(new Uint8Array(osDer), { allowBER: true }); + deepStrictEqual( + Buffer.from(tsDetached.content).toString('hex'), + Buffer.from(osDetached.content).toString('hex') + ); + deepStrictEqual(tsDetached.certs, osDetached.certs); + const now = Date.now(); + CMS.verify(new Uint8Array(tsDer), { allowBER: true, checkSignatures: true, time: now }); + CMS.verify(new Uint8Array(osDer), { allowBER: true, checkSignatures: true, time: now }); + const outTs = path.join(dir, 'verify.ts.out.mobileconfig'); + const outOs = path.join(dir, 'verify.ossl.out.mobileconfig'); + verifyOpenSSL(tsSigned, rootPem, outTs, dir); + verifyOpenSSL(osSigned, rootPem, outOs, dir); + deepStrictEqual(fs.readFileSync(outTs), fs.readFileSync(profile)); + deepStrictEqual(fs.readFileSync(outOs), fs.readFileSync(profile)); + } finally { + fs.rmSync(dir, { recursive: true, force: true }); + } + }); +}); diff --git a/src/scripts/sign-single.ts b/src/scripts/sign-single.ts new file mode 100644 index 0000000..514dd38 --- /dev/null +++ b/src/scripts/sign-single.ts @@ -0,0 +1,59 @@ +#!/usr/bin/env node +import { CMS } from 'micro-key-producer/x509.js'; +import fs from 'node:fs'; +import path from 'node:path'; +import { fileURLToPath } from 'node:url'; +import { SIGN_OPTS } from './build.ts'; + +export type SignArgs = { ca: string; priv_key: string; chain?: string; input: string }; + +const usage = () => { + console.error( + 'usage: node sign-single.ts --ca --priv_key [--chain ] ' + ); + process.exit(1); +}; + +const parse = (argv: string[]): SignArgs => { + const args: Record = {}; + const rest: string[] = []; + for (let i = 0; i < argv.length; i++) { + const a = argv[i]; + if (!a.startsWith('--')) { + rest.push(a); + continue; + } + const k = a.slice(2); + const v = argv[++i]; + if (!v || v.startsWith('--')) usage(); + args[k] = v; + } + if (!args.ca || !args.priv_key || rest.length !== 1) usage(); + return { ca: args.ca, priv_key: args.priv_key, chain: args.chain, input: rest[0] }; +}; + +export const outPath = (file: string) => + file.endsWith('.mobileconfig') + ? file.slice(0, -'.mobileconfig'.length) + '.signed.mobileconfig' + : `${file}.signed.mobileconfig`; + +export const signFile = (a: SignArgs): string => { + for (const f of [a.ca, a.priv_key, a.input]) + if (!fs.existsSync(f)) throw new Error(`missing file: ${f}`); + if (a.chain && !fs.existsSync(a.chain)) throw new Error(`missing file: ${a.chain}`); + const content = new Uint8Array(fs.readFileSync(a.input)); + const cert = fs.readFileSync(a.ca, 'utf8'); + const key = fs.readFileSync(a.priv_key, 'utf8'); + const chain = a.chain ? fs.readFileSync(a.chain, 'utf8') : ''; + const compact = CMS.compact.sign(content, cert, key, SIGN_OPTS); + const signed = CMS.compact.build(content, compact, cert, chain, SIGN_OPTS); + const out = outPath(a.input); + fs.writeFileSync(out, signed); + return out; +}; + +const __filename = fileURLToPath(import.meta.url); +if (process.argv[1] && path.resolve(process.argv[1]) === __filename) { + const out = signFile(parse(process.argv.slice(2))); + console.log(out); +} diff --git a/src/scripts/sign.ts b/src/scripts/sign.ts new file mode 100644 index 0000000..271b619 --- /dev/null +++ b/src/scripts/sign.ts @@ -0,0 +1,75 @@ +#!/usr/bin/env node +import { bytesToHex } from '@noble/hashes/utils.js'; +import { CMS } from 'micro-key-producer/x509.js'; +import fs from 'node:fs'; +import path from 'node:path'; +import { fileURLToPath } from 'node:url'; +import { SIGN_OPTS, genProfile, getProfiles, getVariants, type Provider } from './build.ts'; + +const __filename = fileURLToPath(import.meta.url); +const __dirname = path.dirname(__filename); +const ROOT = path.join(__dirname, '..', '..'); +const SRC = path.join(ROOT, 'src'); +const CERT_PEM = path.join(SRC, 'certificates', 'cert.pem'); +const CHAIN_PEM = path.join(SRC, 'certificates', 'chain.pem'); +const DEFAULT_PRIVKEY_PEM = path.join(SRC, 'certificates', 'privkey.pem'); +const USAGE = `sign.ts [path/to/privkey.pem] +expects: +- certificates/cert.pem +- certificates/chain.pem +- certificates/privkey.pem (default; OR specify path in first arg)`; + +const loadFiles = () => + fs + .readdirSync(SRC) + .filter((f) => f.endsWith('.json')) + .sort() + .map((file) => { + const m = /^(\d+)-(.+)\.json$/.exec(file); + if (!m) throw new Error(`bad provider file name: ${file} (expected NN-slug.json)`); + const ord = Number(m[1]); + if (!Number.isSafeInteger(ord)) throw new Error(`bad numeric prefix in ${file}`); + return { file, ord, slug: m[2] }; + }) + .sort((a, b) => a.ord - b.ord || a.slug.localeCompare(b.slug)); + +const main = () => { + const privkeyPem = process.argv[2] || DEFAULT_PRIVKEY_PEM; + for (const fp of [privkeyPem, CERT_PEM, CHAIN_PEM]) + if (!fs.existsSync(fp)) throw new Error(USAGE); + const key = fs.readFileSync(privkeyPem, 'utf8'); + const cert = fs.readFileSync(CERT_PEM, 'utf8'); + const chain = fs.readFileSync(CHAIN_PEM, 'utf8'); + const enc = new TextEncoder(); + let updated = 0; + for (const { file, slug } of loadFiles()) { + const full = path.join(SRC, file); + const provider = JSON.parse(fs.readFileSync(full, 'utf8')) as Provider; + const variants = getVariants(slug, provider); + let changed = false; + for (const [variantName, variant] of Object.entries(variants)) { + const base = `${slug}-${variantName}`; + const profiles = getProfiles(base, variant); + for (const [profileName, profile] of Object.entries(profiles)) { + const xml = genProfile(profileName, profile); + const compact = CMS.compact.sign(enc.encode(xml), cert, key, SIGN_OPTS); + const signed = CMS.compact.build(enc.encode(xml), compact, cert, chain, SIGN_OPTS); + CMS.verify(signed, { allowBER: true, checkSignatures: true, time: Date.now() }); + const sigHex = bytesToHex(compact); + const protocol = profile.protocol; + if (!provider.variants[variantName][protocol]) continue; + if (provider.variants[variantName][protocol]!.signature !== sigHex) { + provider.variants[variantName][protocol]!.signature = sigHex; + changed = true; + } + } + } + if (!changed) continue; + fs.writeFileSync(full, `${JSON.stringify(provider, undefined, 4)}\n`); + updated++; + console.log(`Updated ${file}`); + } + console.log(`Updated providers: ${updated}`); +}; + +main();