From 779ae1e61a0f0c675ee0326047d8df334beafef2 Mon Sep 17 00:00:00 2001 From: flexagoon Date: Thu, 14 Apr 2022 08:01:19 +0000 Subject: [PATCH] Clarify macOS DNS, use consistent style (#1006) Signed-off-by: Daniel Gray --- docs/dns.en.md | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/docs/dns.en.md b/docs/dns.en.md index a1602e62..457cc0a6 100644 --- a/docs/dns.en.md +++ b/docs/dns.en.md @@ -37,7 +37,7 @@ The criteria for the servers listed above are: ### Android -Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS. The settings can be found in: *Settings* → *Network & Internet* → *Private DNS*. +Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. ### Apple Devices @@ -45,23 +45,31 @@ The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. B After installation of either a configuration profile or an app that utilizes the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. -- **iOS/iPadOS:** *Settings → General → VPN, DNS, & Device Management → DNS* -- **macOS:** *System Preferences → Profiles* & *System Preferences → Network* -- **tvOS:** *Settings → General → Privacy →* hover on "*Share Apple TV Analytics*" → press the play button on the remote +#### Signed Profiles -Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). +Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). -- **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). +#### iOS/iPadOS + +Select **Settings** → **General** → **VPN, DNS, & Device Management** → **DNS** + +#### macOS + +Select **System Preferences → Profiles** or **System Preferences** → **Network** → **Advanced**, (depending on if you have configuration profiles installed). + +#### tvOS + +Select **Settings** → **General** → **Privacy** → **Share Apple TV Analytics** → then press the *Play* button on the remote. ### Windows Windows users can [turn on DoH](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support) by accessing Windows settings in the control panel. -Select *Settings* → *Network & Internet* → *Ethernet* or *WiFi*, → *Edit DNS Settings* → Preferred DNS encryption → *Encrypted only (DNS over HTTPS)*. +Select **Settings** → **Network & Internet** → **Ethernet or WiFi**, → **Edit DNS Settings** → **Preferred DNS encryption** → **Encrypted only (DNS over HTTPS)**. ### Linux -`systemd-resolved` doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639), which many Linux distributions use to do their DNS lookups. If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. +`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. ## Encrypted DNS Proxies