DNS Over TLS & Over HTTPS is now on iOS / Android and for all networks at once [Thanks to Cloudflare]
DNS Over TLS & Over HTTPS (Further DOT & DOH) - perhaps those technologies that dramatically increase privacy and security on the Internet. There is also Encrypted SNI, but DOH and DOT are needed to use it.
I draw your attention, the application itself is very UserFriendly, even without a deep knowledge of technology, it is strongly recommended that you familiarize yourself with it.
Quick Reference: DNS is an IP address retrieval system, a fundamental part of the Internet, which is used every time for web browsing. By opening this or that resource, you tell your service provider where you came, even if you change DNS to another (220.127.116.11 from Google for example) - this does not help you, due to the lack of encryption in the protocol, which allows you to replace and traffic redirection is not a target server (actually an MITM attack)
Most recently, the main security problem on the network was HTTP, but thanks to Google & LetsEncrypt - it is almost solved - now what exactly are you looking at on the site - now unknown to the provider, only two problems remain:
- DNS Leak: This is the problem that can be solved using DOH & DOT
- Domain SNI Leak - the problem of SNI disclosure occurs when an HTTPS connection is established with the site, however, before starting an encrypted transmission - the browser openly transfers the domain name of the site for the connection to the server;
Some time ago, the following articles were published on Habr: (I recommend reading it) :
- Google Public DNS silently turned on support for DNS over TLS
- We meet the service from Cloudflare at addresses 18.104.22.168 and 22.214.171.124, or “the public DNS regiment has arrived!”
And it would seem that happiness is near, two large companies have decided to implement new protocols and is about to get support to end users. (Especially in the case of Chrome)
But for some strange reason, DOT & DOH support is now only available in Firefox’s “nightly” builds, not to mention the Android & iOS system level.
However, thanks to CloudFlare, who decided to take advantage of the slowness of Google, and released an application for iOS & Android. The
application is very simple, in the case of iOS, work is done through the installation of the VPN profile.
Do not confuse with this VPN!After the profile is installed, the VPN will actually be set to itself (at 127.0.0.1) and DNS requests will be sent to CloudFlare via DOT & DOH, while the traffic will follow the usual route.
What is nice, the application has the ability to configure DNS Over TLS or DNS Over HTTPS. the default is used by default.
I note once again, the appearance of VPN icon does not speak about the use of «VPN» in the usual sense of the word, make sure you can go to any IP qualifier like 2ip.ru
And yet, in the case of DNS change the network settings - in the transition from WiFi to WiFi you need to change the settings each time, not to mention the DNS for the carrier network, it is sometimes impossible to edit this parameter.
In the case of the application, DOH / DOT from CloudFlare will be automatically used for any connections.