If the tool does not work, please clear your cache and/or reload the webpages! I am continuously updating this tool, but the changes might not load in your browser unless you clear your cache.
This website allows you to create configuration profiles for your Apple device to use the new built-in encrypted DNS options.
Apple has included built-in support for DNS-over-HTTPS and DNS-over-TLS in their iOS 14 and macOS Big Sur
updates. But there is no possibility to use this new feature without a third-party app or configuration
profiles. I personally preferred not to install some app to manage this for me.
This websites generates a configuration profile which is installable on your system and activates encrypted DNS.
I prefer to use tools which I can make sure do exactly what they claim to do. Configuration profiles are rather
transparent, they can be opened with any text editor and viewed. This website is completely open-source.
An app off the App Store might do what it should, sure. But it also might capture data inbetween and negate the
privacy advantage that DoH and DoT bring.
Visit this website using your Apple device and navigate to the tool. Then, upload a pre-made configuration or
enter your own settings and click/tap "Add to profile". When you're done adding configurations, open the
"Finalize" page to download the finished file. Then, open the downloaded file using the "Files" app.
Your device will ask you a few times, be sure to accept the warnings.
The generated profiles are not signed. This is normal.
DNS is basically the phone book of the internet. If you visit a website, your computer first contacts the DNS
server to look up where its even supposed to connect to.
While the traffic itself is often encrypted nowadays, the lookup itself still is not without DoH/DoT. So anyone
in the same network will still know exactly which websites you visited.
If you want to know more about this, give this blog post by
Paul Miller a read, he explains the subject very nicely.
There isn't a huge difference between the two protocols.
DoH is harder to spot in regular network traffic and is also less likely to be blocked in a corporate
environment, since it uses the same port as any secured website.
DoT is possibly faster, since it uses one layer of transport less. But it uses it's own port and is therefore
obvious to any other people monitoring the network - and might be blocked behind very strict firewalls.
In the end, it's more personal preference than anything else. If your system supports both - as Apple systems do - you can choose whatever you want.
This comes down to a few factors. First, location. Living in countries which block certain websites narrows your choice down considerably. Furthermore, different providers have different priorities. I suggest you do some research into the providers yourself. For example, you could take a look at this table which lists a few providers and compares them.