From f240cc7723cbc41e584a01e6293b358a6112a3d5 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 21 Oct 2020 13:55:32 +0300 Subject: [PATCH 1/7] dns: begin another take at Apple's native encrypted DNS --- _includes/sections/dns.html | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index f2985792..1b793cb9 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -625,6 +625,16 @@ We also log how many times this or that tracker has been blocked. We need this i github="https://github.com/s-s/dnscloak" %} +

+ + + iOS 14+ and macOS CHECKME+ native support for encrypted DNS +

+ +

+ Starting from iOS 14 and macOS ?? encryted DNS is supported natively through mobileconfig files. +

+

-- 2.49.0 From 84f471e91d93bef4a6fa36bcfafb8fb409ea3b00 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 21 Oct 2020 14:20:47 +0300 Subject: [PATCH 2/7] dns.html: mention mobileconfigs, versions and where to find them --- _includes/sections/dns.html | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 1b793cb9..b77ccca0 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -632,9 +632,15 @@ We also log how many times this or that tracker has been blocked. We need this i

- Starting from iOS 14 and macOS ?? encryted DNS is supported natively through mobileconfig files. + Starting from iOS/iPadOS/tvOS 14 and macOS 11 DoT and DoH are supported natively by installing profiles (through mobileconfig files in Safari). + After they are installed, the encrypted DNS server can be selected in Settings -> General -> VPN and Network -> DNS.

+ +

-- 2.49.0 From fc9a7b7539aede35dd8c9ca508a1750cfc0c1f58 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 21 Oct 2020 14:24:24 +0300 Subject: [PATCH 3/7] dns.html: fix clumsy heading --- _includes/sections/dns.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index b77ccca0..48b9d934 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -628,7 +628,7 @@ We also log how many times this or that tracker has been blocked. We need this i

- iOS 14+ and macOS CHECKME+ native support for encrypted DNS + Apple's native support

-- 2.49.0 From 9357d66f9b1eef7302f2b06789af8163011b054a Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 21 Oct 2020 14:26:24 +0300 Subject: [PATCH 4/7] dns: remove excess > --- _includes/sections/dns.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 48b9d934..178fbf7e 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -638,7 +638,7 @@ We also log how many times this or that tracker has been blocked. We need this i

-- 2.49.0 From a91f5e45f4297982d49145c75e41a4b330940ad8 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 21 Oct 2020 14:27:44 +0300 Subject: [PATCH 5/7] dns: small clarification open in Safari, others won't work --- _includes/sections/dns.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 178fbf7e..411e5351 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -632,7 +632,7 @@ We also log how many times this or that tracker has been blocked. We need this i

- Starting from iOS/iPadOS/tvOS 14 and macOS 11 DoT and DoH are supported natively by installing profiles (through mobileconfig files in Safari). + Starting from iOS/iPadOS/tvOS 14 and macOS 11 DoT and DoH are supported natively by installing profiles (through mobileconfig files opened in Safari). After they are installed, the encrypted DNS server can be selected in Settings -> General -> VPN and Network -> DNS.

-- 2.49.0 From c843ddfb364d5291149415dcdc4d7470ff1fb3a5 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Wed, 21 Oct 2020 23:47:54 +0000 Subject: [PATCH 6/7] Use two spaces, slightly reword. --- _includes/sections/dns.html | 138 ++++++++++++++++++------------------ 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 411e5351..0996e22d 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -538,102 +538,102 @@ We also log how many times this or that tracker has been blocked. We need this i {% - include cardv2.html - title="Unbound" - image="/assets/img/svg/3rd-party/unbound.svg" - description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' - website="https://nlnetlabs.nl/projects/unbound/about/" - forum="https://forum.privacytools.io/t/discussion-unbound/3563" - github="https://github.com/NLnetLabs/unbound" + include cardv2.html + title="Unbound" + image="/assets/img/svg/3rd-party/unbound.svg" + description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' + website="https://nlnetlabs.nl/projects/unbound/about/" + forum="https://forum.privacytools.io/t/discussion-unbound/3563" + github="https://github.com/NLnetLabs/unbound" %} {% - include cardv2.html - title="dnscrypt-proxy" - image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" - description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' - website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" - forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" - github="https://github.com/DNSCrypt/dnscrypt-proxy" + include cardv2.html + title="dnscrypt-proxy" + image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" + description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' + website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" + forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" + github="https://github.com/DNSCrypt/dnscrypt-proxy" %} {% - include cardv2.html - title="Stubby" - image="/assets/img/png/3rd-party/stubby.png" - description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' - website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" - forum="https://forum.privacytools.io/t/discussion-stubby/3582" - github="https://github.com/getdnsapi/stubby" + include cardv2.html + title="Stubby" + image="/assets/img/png/3rd-party/stubby.png" + description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' + website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" + forum="https://forum.privacytools.io/t/discussion-stubby/3582" + github="https://github.com/getdnsapi/stubby" %} {% - include cardv2.html - title="Firefox's built-in DNS-over-HTTPS resolver" - image="/assets/img/svg/3rd-party/firefox_browser.svg" - description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." - website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" - privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" - forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" + include cardv2.html + title="Firefox's built-in DNS-over-HTTPS resolver" + image="/assets/img/svg/3rd-party/firefox_browser.svg" + description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." + website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" + privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" + forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" %}

- - - Encrypted DNS Client Recommendations for Android + + + Encrypted DNS Client Recommendations for Android

{% - include cardv2.html - title="Android 9's built-in DNS-over-TLS resolver" - image="/assets/img/svg/3rd-party/android.svg" - description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." - website="https://support.google.com/android/answer/9089903#private_dns" - forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" + include cardv2.html + title="Android 9's built-in DNS-over-TLS resolver" + image="/assets/img/svg/3rd-party/android.svg" + description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." + website="https://support.google.com/android/answer/9089903#private_dns" + forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" %} {% - include cardv2.html - title="Nebulo" - image="/assets/img/png/3rd-party/nebulo.png" - description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' - website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" - privacy-policy="https://smokescreen.app/privacypolicy" - forum="https://forum.privacytools.io/t/discussion-nebulo/3565" - fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" - googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" - source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" + include cardv2.html + title="Nebulo" + image="/assets/img/png/3rd-party/nebulo.png" + description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' + website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" + privacy-policy="https://smokescreen.app/privacypolicy" + forum="https://forum.privacytools.io/t/discussion-nebulo/3565" + fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" + googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" + source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" %}

- - - Encrypted DNS Client Recommendations for iOS + + + Encrypted DNS Client Recommendations for iOS

{% - include cardv2.html - title="DNSCloak" - image="/assets/img/png/3rd-party/dnscloak.png" - description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' - website="https://github.com/s-s/dnscloak/blob/master/README.md" - privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" - forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" - ios="https://apps.apple.com/app/id1452162351" - github="https://github.com/s-s/dnscloak" + include cardv2.html + title="DNSCloak" + image="/assets/img/png/3rd-party/dnscloak.png" + description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' + website="https://github.com/s-s/dnscloak/blob/master/README.md" + privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" + forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" + ios="https://apps.apple.com/app/id1452162351" + github="https://github.com/s-s/dnscloak" %}

- - - Apple's native support + + + Apple's native support

- Starting from iOS/iPadOS/tvOS 14 and macOS 11 DoT and DoH are supported natively by installing profiles (through mobileconfig files opened in Safari). - After they are installed, the encrypted DNS server can be selected in Settings -> General -> VPN and Network -> DNS. + In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in Safari). + After installation, the encrypted DNS server can be selected in Settings → General → VPN and Network → DNS.

- - - Definitions + + + Definitions

DNS-over-TLS (DoT)

-- 2.49.0 From 772f14326c14736e0fa326eb15ea69ad3618d2a4 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Wed, 21 Oct 2020 23:57:59 +0000 Subject: [PATCH 7/7] Use nice name --- _includes/sections/dns.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 0996e22d..62a51046 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -633,7 +633,7 @@ We also log how many times this or that tracker has been blocked. We need this i

In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in Safari). - After installation, the encrypted DNS server can be selected in Settings → General → VPN and Network → DNS. + After installation, the encrypted DNS server can be selected in Settings → General → VPN and Network → DNS.

    -- 2.49.0