diff --git a/README.md b/README.md index 84d6065..956fdf2 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,38 @@ # encrypted-dns-configs -Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). +Configuration profiles for [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) and [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). Check out the article for more info: [paulmillr.com/posts/encrypted-dns/](https://paulmillr.com/posts/encrypted-dns/) +## Providers + +| Name | Country | Censorship | Notes | Install button | +|---------------------------|---------|------------|-----------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| AdGuard | πŸ‡·πŸ‡Ί | 🟒 | [Operated](https://adguard.com/en/adguard-dns/overview.html) by AdGuard in Russia | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/adguard-https.mobileconfig) | +| AdGuard Family | πŸ‡·πŸ‡Ί | πŸ”΄ | [Filters](https://adguard.com/en/blog/adguard-dns-family-protection.html) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/adguard-family-https.mobileconfig) | +| Alekberg | πŸ‡³πŸ‡± | 🟒 | [Independent](https://alekberg.net) hoster in Netherlands | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/alekberg-https.mobileconfig) | +| Canadian Shield Private | πŸ‡¨πŸ‡¦ | 🟒 | [Operated](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) by the Canadian Internet Registration Authority (CIRA) | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/canadianshield-private-https.mobileconfig) , [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/canadianshield-private-tls.mobileconfig) | +| Canadian Shield Protected | πŸ‡¨πŸ‡¦ | πŸ”΄ | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/canadianshield-protected-https.mobileconfig) , [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/canadianshield-protected-tls.mobileconfig) | +| Canadian Shield Family | πŸ‡¨πŸ‡¦ | πŸ”΄ | [Filters](https://www.cira.ca/cybersecurity-services/canadian-shield/configure) malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/canadianshield-family-https.mobileconfig) , [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/canadianshield-family-tls.mobileconfig) | +| Cloudflare | πŸ‡ΊπŸ‡Έ | 🟒 | [Operated](https://developers.cloudflare.com/1.1.1.1/dns-over-https) by Cloudflare 1.1.1.1 | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/cloudflare-https.mobileconfig) , [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/cloudflare-tls.mobileconfig) | +| Cloudflare Malware | πŸ‡ΊπŸ‡Έ | πŸ”΄ | Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/cloudflare-malware-https.mobileconfig) | +| Cloudflare Family | πŸ‡ΊπŸ‡Έ | πŸ”΄ | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/cloudflare-family-https.mobileconfig) | +| DNSPod | πŸ‡¨πŸ‡³ | πŸ”΄ | [Operated](https://docs.dnspod.cn/public-dns/5fb5db1462110a2b153a77dd/) in mainland China | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/dnspod-https.mobileconfig) | +| Google | πŸ‡ΊπŸ‡Έ | 🟒 | [Operated](https://developers.google.com/speed/public-dns/docs/secure-transports) by Google | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/google-https.mobileconfig) , [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/google-tls.mobileconfig) | +| OpenDNS | πŸ‡ΊπŸ‡Έ | 🟒 | [Operated](https://support.opendns.com/hc/en-us/articles/360038086532) by OpenDNS | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/opendns-https.mobileconfig) | +| OpenDNS Family | πŸ‡ΊπŸ‡Έ | πŸ”΄ | Filters malware & adult content | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/opendns-family-https.mobileconfig) | +| Quad9 | πŸ‡ΊπŸ‡Έ | πŸ”΄ | [Operated](https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/) by CleanerDNS, Inc. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/quad9-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/quad9-tls.mobileconfig) | +| Tiar.app | πŸ‡ΈπŸ‡¬πŸ‡ΊπŸ‡Έ | πŸ”΄ | ["Privacy-first DNS provider"](https://doh.tiar.app) from SG, hosted on Digital Ocean. Filters malware | [HTTPS](https://github.com/paulmillr/encrypted-dns/raw/master/tiarapp-https.mobileconfig), [TLS](https://github.com/paulmillr/encrypted-dns/raw/master/tiarapp-tls.mobileconfig) | + ## Installation To make settings work across all apps in **iOS 14** & **MacOS Big Sur**, you’ll need to install configuration profile. This profile would tell operating system to use DOH / DOT. Note: it’s not enough to simply set server IPs in System Preferences β€” you need to install a profile. -To install, simply open the file in GitHib, and then click/tap on "Raw". The profile should download. On macOS, doubble click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the β€œInstall” button. +To install, simply open the file in GitHib, and then click/tap on install button. The profile should download. On macOS, double click on the downloaded file to open it in settings, and approve instalation. On iOS, go to **System Settings => General => Profile**, select downloaded profile and tap the β€œInstall” button. ## Signed Profiles -In the signed folder, we have signed versions of the profiles in this repository. These profiles have been signed by @Candygoblen123 so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little. +In the signed folder, we have signed versions of the profiles in this repository. These profiles have been signed by [@Candygoblen123](https://github.com/Candygoblen123) so that when you install the profiles, they will have a verified check box on the installation screen. It also ensures that these profiles have not been tampered with. However, since they were signed by a third party, they may lag behind their unsigned counterparts a little. -[comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.) +[comment]: <> (We recommend that you install a signed profile instead of an unsigned profile because it ensures that it was not modified while it was downloading.) -## Providers - -- [πŸ‡·πŸ‡Ί AdGuard](https://adguard.com/en/adguard-dns/overview.html#instruction) -- [πŸ‡³πŸ‡± Alekberg](https://alekberg.net) -- [πŸ‡¨πŸ‡³ Alibaba](https://www.alidns.com/) -- [πŸ‡¨πŸ‡¦ Canadian Shield](https://www.cira.ca/cybersecurity-services/canadian-shield) - Operated by the Canadian Internet Registration Authority (CIRA) -- [πŸ‡ΊπŸ‡Έ Cloudflare](https://developers.cloudflare.com/1.1.1.1/dns-over-https) -- πŸ‡¨πŸ‡³ DNSPod -- [πŸ‡ΊπŸ‡Έ Google](https://developers.google.com/speed/public-dns/docs/secure-transports) -- [πŸ‡ΊπŸ‡Έ OpenDNS](https://support.opendns.com/hc/en-us/articles/360038086532) -- [πŸ‡ΊπŸ‡Έ Quad9](https://www.quad9.net/doh-quad9-dns-servers/) β€” Filters malicious domains. Operated by CleanerDNS, Inc. -- [πŸ‡ΈπŸ‡¬πŸ‡ΊπŸ‡Έ Tiar.app](https://doh.tiar.app) β€” "Privacy-first DNS provider". Filters some domains. Server is located in SG, hosted on Digital Ocean - -To verify resolver IPs and hostnames, compare mobileconfig files to their documentation URLs. Internal workings of the profiles are described on [developer.apple.com](https://developer.apple.com/documentation/devicemanagement/dnssettings). In order to verify signed mobileconfigs, you will need to download them to your computer and open them in a text editor, because signing profiles makes GitHub think that they are binary files. +To verify resolver IPs and hostnames, compare mobileconfig files to their documentation URLs. Internal workings of the profiles are described on [developer.apple.com](https://developer.apple.com/documentation/devicemanagement/dnssettings). In order to verify signed mobileconfigs, you will need to download them to your computer and open them in a text editor, because signing profiles makes GitHub think that they are binary files. diff --git a/opendns-familyshield.mobileconfig b/opendns-family-https.mobileconfig similarity index 100% rename from opendns-familyshield.mobileconfig rename to opendns-family-https.mobileconfig