Yesterday the world has finally seen iOS 14, which has some cool updates but we would love to mention one feature in particular:
DNS traffic can now be encrypted, so DNS entries aren’t seen by others watching network traffic.
Starting this year, Apple natively supports encrypted DNS. There are two supported protocols: DNS over TLS (DoT) and DNS over HTTPS (DoH). They use different methods to encrypt DNS traffic but ultimately provide very similar levels of reliability.
With encrypted DNS traffic, it's very similar to HTTP vs. HTTPS: encryption is better than no encryption. A little glance into how encrypted DNS works:
When your app accesses a website, the system asks a question, a DNS query, to turn that name into a set of addresses. Generally, the question is sent to a DNS server configured by your local network. So where does privacy come into the picture? One concern is that DNS questions and answers are usually sent over an unencrypted transport, UDP. That means that other devices on the network can not only see what names you're looking up, but they can even interfere with the answers. The other privacy concern is that you may not trust the DNS resolver on your local network. If you've joined a public Wi-Fi network, your internet usage could be tracked or blocked.
So how does encrypted DNS improve this situation? Encrypted DNS, simply put, is using encryption to protect your DNS questions and answers.
And if you don't trust the network you're on, it can also involve sending your questions to a DNS server that you do trust.
It includes several steps:
The very first step is to set up an AdGuard DNS profile.
We provide profiles for all configurations of AdGuard DNS. Notice that it is possible to set up all three and switch between them.
Simply open this page in Safari on your iOS device and follow one of the links below:
After you download a profile, go to Settings. You'll see there a Profiles downloaded item:
Tap on it, check if everything's right with profile data, and the install:
You can manage installed DNS profiles via your device's settings. Go to Settings -> General -> VPN & Network -> DNS. There you will find all installed DNS servers and will be able to jump from one to another.
To test if the configuration works correctly, follow this link to the AdGuard test page and check that AdGuard DNS is detected.
AdGuard DNS is running, all is good!
Keep in mind that if you use either AdGuard VPN or AdGuard ad blocker app, the DNS server selected there will get preference.
Compared to AdGuard app, there is a couple of significant drawbacks: you won't be able to see which requests exactly do apps on your device send. It will also be impossible to use DNS filtering and manually manage which servers to block and which to allow access to.
AdGuard for iOS allows you to monitor your phone's DNS activity
But in any case it's a very simple way to switch to start using encrypted DNS protocol. An additional advantage of this method is that it's native to the OS. In the next AdGuard for iOS version we will make sure to add an option to configure DNS servers using this mechanism.