- Apr 24, 2016
Configuration, testing and the difference compared to the AdGuard app are in the full blog post here:Yesterday the world has finally seen iOS 14, which has some cool updates but we would love to mention one feature in particular:
Starting this year, Apple natively supports encrypted DNS. There are two supported protocols: DNS over TLS (DoT) and DNS over HTTPS (DoH). Both of these use TLS to encrypt DNS requests. DoH additionally uses HTTP to improve performance.DNS settings can now be encrypted, so DNS entries aren’t seen by others watching network traffic.
Why is it important?
With encrypted DNS traffic, it's very similar to HTTP vs. HTTPS: encryption is better than no encryption. A little glance into how encrypted DNS works:
-Transcript from WWDC 2020When your app accesses a website, the system asks a question, a DNS query, to turn that name into a set of addresses. Generally, the question is sent to a DNS server configured by your local network. So where does privacy come into the picture? One concern is that DNS questions and answers are usually sent over an unencrypted transport, UDP. That means that other devices on the network can not only see what names you're looking up, but they can even interfere with the answers. The other privacy concern is that you may not trust the DNS resolver on your local network. If you've joined a public Wi-Fi network, your internet usage could be tracked or blocked.
So how does encrypted DNS improve this situation? Encrypted DNS, simply put, is using encryption to protect your DNS questions and answers.
And if you don't trust the network you're on, it can also involve sending your questions to a DNS server that you do trust.