This website uses technical cookies. By continuing you agree to the use of these cookies. No personal data is stored or shared. Learn more

Secure DNS profile creator version 1.7.0

For iOS 14 or later and macOS 11 (Big Sur) or later

About Tool Finalize Source Code Legal Encrypted DNS Party

If the tool does not work, please clear your cache and/or reload the webpages! I am continuously updating this tool, but the changes might not load in your browser unless you clear your cache.

What is this?

This website allows you to create configuration profiles for your Apple device to use the new built-in encrypted DNS options.

Details

Apple has included built-in support for DNS-over-HTTPS and DNS-over-TLS in their iOS 14 and macOS Big Sur updates. But there is no possibility to use this new feature without a third-party app or configuration profiles. I personally preferred not to install some app to manage this for me.
This websites generates a configuration profile which is installable on your system and activates encrypted DNS.

Why not use an app?

I prefer to use tools which I can make sure do exactly what they claim to do. Configuration profiles are rather transparent, they can be opened with any text editor and viewed. This website is completely open-source.
An app off the App Store might do what it should, sure. But it also might capture data inbetween and negate the privacy advantage that DoH and DoT bring.

How do I use this?

Visit this website using your Apple device and navigate to the tool. Then, upload a pre-made configuration or enter your own settings and click/tap "Add to profile". When you're done adding configurations, open the "Finalize" page to download the finished file. Then, open the downloaded file using the "Files" app.
Your device will ask you a few times, be sure to accept the warnings.
The generated profiles are not signed. This is normal.

Why should I care about encrypted DNS?

DNS is basically the phone book of the internet. If you visit a website, your computer first contacts the DNS server to look up where its even supposed to connect to.
While the traffic itself is often encrypted nowadays, the lookup itself still is not without DoH/DoT. So anyone in the same network will still know exactly which websites you visited.
If you want to know more about this, give this blog post by Paul Miller a read, he explains the subject very nicely.

DNS-over-HTTPS or DNS-over-TLS?

There isn't a huge difference between the two protocols.
DoH is harder to spot in regular network traffic and is also less likely to be blocked in a corporate environment, since it uses the same port as any secured website.
DoT is possibly faster, since it uses one layer of transport less. But it uses it's own port and is therefore obvious to any other people monitoring the network - and might be blocked behind very strict firewalls.

In the end, it's more personal preference than anything else. If your system supports both - as Apple systems do - you can choose whatever you want.

Which provider should I choose?

This comes down to a few factors. First, location. Living in countries which block certain websites narrows your choice down considerably. Furthermore, different providers have different priorities. I suggest you do some research into the providers yourself. For example, you could take a look at this table which lists a few providers and compares them.