-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathindex.html
95 lines (86 loc) · 5.82 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>DNS Profile Creator</title>
<link rel="stylesheet" href="css/w3.css">
<link rel="stylesheet" href="css/dark-mode.css">
<link rel="apple-touch-icon" sizes="180x180" href="/icons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/icons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/icons/favicon-16x16.png">
<link rel="manifest" href="/icons/site.webmanifest">
<link rel="mask-icon" href="/icons/safari-pinned-tab.svg" color="#8bc4ff">
<link rel="shortcut icon" href="/icons/favicon.ico">
<meta name="msapplication-TileColor" content="#2b5797">
<meta name="msapplication-config" content="/icons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">
</head>
<body class="w3-container">
<div class="w3-container bar-color">
<p>This website uses technical cookies. By continuing you agree to the use of these cookies. No personal data is
stored or shared. <a href="legal.html">Learn more</a></p>
</div>
<h1>Secure DNS profile creator</h1>
<h2>For iOS 14 or later and macOS Big Sur or later</h2>
<div class="w3-bar w3-border bar-color">
<a href="index.html" class="w3-bar-item w3-button w3-green w3-mobile">About</a>
<a href="tool.html" class="w3-bar-item w3-button w3-mobile">Tool</a>
<a href="finalize.html" class="w3-bar-item w3-button w3-mobile">Finalize</a>
<a href="https://github.com/fyr77/dns-mobileconfig"
class="w3-bar-item w3-button w3-right w3-black w3-mobile">GitHub</a>
<a href="legal.html" class="w3-bar-item w3-button w3-right w3-black w3-mobile">Legal</a>
<a href="https://encrypted-dns.party/" target="_blank"
class="w3-bar-item w3-button w3-right w3-blue-grey w3-mobile">Encrypted
DNS Party</a>
</div>
<br>
<p><b>If the tool does not work, please clear your cache and/or reload the webpages!</b> I am continuously updating
this tool, but the changes might not load in your browser unless you clear your cache.</p>
<h3>What is this?</h3>
<p>This website allows you to create configuration profiles for your Apple device to use the new built-in encrypted
DNS options.</p>
<h3>Details</h3>
<p>Apple has included built-in support for DNS-over-HTTPS and DNS-over-TLS in their iOS 14 and macOS Big Sur
updates. But there is no possibility to use this new feature without a third-party app or configuration
profiles. I personally preferred not to install some app to manage this for me. <br>
This websites generates a configuration profile which is installable on your system and activates encrypted DNS.
</p>
<h4>Why not use an app?</h4>
<p>I prefer to use tools which I can make sure do exactly what they claim to do. Configuration profiles are rather
transparent, they can be opened with any text editor and viewed. This website is completely open-source. <br>
An app off the App Store might do what it should, sure. But it also might capture data inbetween and negate the
privacy advantage that DoH and DoT bring.</p>
<h3>How do I use this?</h3>
<p>Visit this website using your Apple device and navigate to the tool. Then, upload a pre-made configuration or
enter your own settings and click/tap "Add to profile". When you're done adding configurations, open the
"Finalize" page to download the finished file. Then, open the downloaded file using the "Files" app.
<br>
Your device will ask you a few times, be sure to accept the warnings.<br>
<b>The generated profiles are not signed. This is normal.</b></p>
<h3>Why should I care about encrypted DNS?</h3>
<p>DNS is basically the phone book of the internet. If you visit a website, your computer first contacts the DNS
server to look up where its even supposed to connect to.<br>
While the traffic itself is often encrypted nowadays, the lookup itself still is not without DoH/DoT. So anyone
in the same network will still know exactly which websites you visited.<br>
If you want to know more about this, give <a href="https://paulmillr.com/posts/encrypted-dns/">this blog post by
Paul Miller</a> a read, he explains the subject very nicely.</p>
<h3>DNS-over-HTTPS or DNS-over-TLS?</h3>
<p>There isn't a huge difference between the two protocols.<br>
DoH is harder to spot in regular network traffic and is also less likely to be blocked in a corporate
environment, since it uses the same port as any secured website.<br>
DoT is possibly faster, since it uses one layer of transport less. But it uses it's own port and is therefore
obvious to any other people monitoring the network - and might be blocked behind very strict firewalls.</p>
<p>In the end, it's more personal preference than anything else. If your system supports both - as Apple systems do
- you can choose whatever you want.</p>
<h3>Which provider should I choose?</h3>
<p>This comes down to a few factors. First, location. Living in countries which block certain websites narrows your
choice down considerably. Furthermore, different providers have different priorities. I suggest you do some
research into the providers yourself. For example, you could take a look at <a
href="https://privacyguides.org/providers/dns/">this table</a> which lists a few providers and compares
them.</p>
<h3>Support</h3>
<p>This website does not use any ads or tracking. If you enjoy it and want to show some support, <a
href="https://ko-fi.com/notjakob" target="_blank">buy me a coffee</a>. It's greatly appreciated!</p>
</body>
</html>