"Starting this year, Apple platforms natively support encrypted DNS," said Tommy Pauly, internet technologies engineer, in a video presentation for Apple's 2020 Worldwide Developer Conference, virtualised this year by necessity.
More specifically, macOS 11, iOS 14, and Mac Catalyst framework 14 (for Mac version of iPad apps) will support DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). These Apple operating system updates are scheduled for release later this year, likely in September or October.
When you visit a website with a browser, or connect to a service via an app, the software will, typically, in the background send domain-name system (DNS) queries to DNS servers, such as ones provided by your ISP, to translate domain names, like itsecuritycentre.co.uk, into network IP addresses the programs can use. These queries are typically sent unencrypted, meaning eavesdroppers on the network path can snoop on the names of sites and services you're using, and modify the query results to redirect you to malicious websites.
Encrypted DNS, as its name suggests, encrypts those queries to shield them from snoops and meddlers.
Apple's encrypted DNS support shown off at WWDC this year
Apple's updated code will allow those offering DNS services, and enterprise organisations administering corporate software via Mobile Device Management, to create apps for configuring DNS settings so they use an encrypted transport.
For example, a service provider like Cloudflare could create a network extension app using the
NEDNSSettings class to switch a device to use DoT/DoH systemwide using Cloudflare's resolvers. Organisations using MDM will be able to do so by applying a Profile to managed devices.
Developers will also be able to create individual apps that allow users to choose to make app-specific connections over encrypted DNS using the
NWParameters.PrivacyContext object and standard networking APIs.
As demonstrated in the video, an iOS app implementing encrypted DNS can be activated via Settings -> General -> VPN & Network (a menu called simply "VPN" on current iOS 13 systems).
Do you find this article useful? Comment below...