iOS DNS Configuration

Quick Configuration Endpoints

DNS over HTTPS

https://xyz01-srv.unrulycitizen.com/dns-query

DNS over TLS

xyz01-srv.unrulycitizen.com

iOS DNS Configuration Methods

Method 1: DNS Configuration Profile (iOS 14+)

1

Download Configuration Profile

Scan this QR code or visit the download link on your iOS device:

https://unrulycitizen.com/profiles/ios-dns.mobileconfig

2

Install Profile

Tap "Allow" when prompted to download, then go to Settings → Profile Downloaded

3

Install Configuration

Tap "Install" in top-right corner, enter passcode if prompted

4

Trust Profile

Tap "Install" on warning screen, then "Install" again to confirm

5

Enable DNS

Go to Settings → General → VPN & Network → DNS → Select "Unruly Citizen"

6

Verify Connection

Visit a website to test. Check Settings to confirm DNS is active.

Method 2: Manual Configuration Profile

Create and install a custom DNS configuration profile:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadType</key>
            <string>com.apple.dnsSettings.managed</string>
            <key>PayloadUUID</key>
            <string>UNIQUE-UUID-HERE</string>
            <key>PayloadIdentifier</key>
            <string>com.unrulycitizen.dns</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>PayloadDisplayName</key>
            <string>Unruly Citizen DNS</string>
            <key>PayloadDescription</key>
            <string>Encrypted DNS configuration</string>
            <key>DNSSettings</key>
            <dict>
                <key>DNSProtocol</key>
                <string>HTTPS</string>
                <key>ServerAddresses</key>
                <array>
                    <string>https://xyz01-srv.unrulycitizen.com/dns-query</string>
                </array>
                <key>ServerURL</key>
                <string>https://xyz01-srv.unrulycitizen.com/dns-query</string>
            </dict>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Unruly Citizen DNS</string>
    <key>PayloadIdentifier</key>
    <string>com.unrulycitizen.dns.profile</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>PROFILE-UUID-HERE</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>
            

Save as .mobileconfig and install via email, website, or MDM

Method 3: DNS over HTTPS Apps

Use third-party apps from the App Store for encrypted DNS:

1.1.1.1: Faster Internet (Cloudflare)

# Installation:
1. Download "1.1.1.1: Faster Internet" from App Store
2. Open the app and tap "Get Started"
3. Choose between:
   • 1.1.1.1 (DNS only)
   • 1.1.1.1 with WARP (VPN)
4. Follow setup instructions
5. Grant VPN configuration permission

# For custom DNS:
- This app doesn't support custom endpoints directly
- Use configuration profile method for custom DoH
            

DNSCloak (Supports Custom DoH/DoT)

# Installation & Configuration:
1. Download "DNSCloak" from App Store (free)
2. Open app and tap "+" to add new server
3. Select protocol: "DNS over HTTPS" or "DNS over TLS"
4. Configure server:

For DoH:
Name: Unruly Citizen
URL: https://xyz01-srv.unrulycitizen.com/dns-query
Address: 140.82.41.243

For DoT:
Name: Unruly Citizen
Hostname: xyz01-srv.unrulycitizen.com
Port: 853

5. Save and activate the configuration
6. Grant VPN permission when prompted
            

AdGuard Pro

# Configuration:
Download "AdGuard Pro" from App Store
Go to Settings → DNS protection
Enable "DNS filtering"
Select "DNS server" → "Add custom server"
For DoH: https://xyz01-srv.unrulycitizen.com/dns-query
For DoT: tls://xyz01-srv.unrulycitizen.com
Set as active server
            

Method 4: Mobile Device Management (MDM)

Enterprise deployment using MDM solutions:

Apple Business Manager

# Configuration Profile for MDM:
<dict>
    <key>DNSSettings</key>
    <dict>
        <key>DNSProtocol</key>
        <string>HTTPS</string>
        <key>ServerAddresses</key>
        <array>
            <string>https://xyz01-srv.unrulycitizen.com/dns-query</string>
        </array>
        <key>ServerURL</key>
        <string>https://xyz01-srv.unrulycitizen.com/dns-query</string>
    </dict>
</dict>

# Jamf Pro Configuration:
1. Computers → Configuration Profiles → New
2. General: Configure DNS Settings
3. Protocol: HTTPS
4. Server URL: https://xyz01-srv.unrulycitizen.com/dns-query
5. Scope to appropriate devices
            

Microsoft Intune

# Intune Configuration:
1. Devices → iOS/iPadOS → Configuration profiles → Create profile
2. Profile type: Templates → DNS
3. Basic settings:
   - DNS Settings: Enabled
   - DNS Protocol: Https
   - DNS Servers: https://xyz01-srv.unrulycitizen.com/dns-query
4. Assign to groups and deploy
            

Method 5: WiFi Network-Specific DNS

Configure DNS per WiFi network (iOS 14+):

1

Connect to WiFi

Connect to the WiFi network you want to configure

2

Access WiFi Settings

Go to Settings → Wi-Fi → Tap (i) next to connected network

3

Configure DNS

Tap "Configure DNS" → "Manual"

4

Add DNS Server

Remove existing servers, tap "Add Server" and enter:

https://xyz01-srv.unrulycitizen.com/dns-query

5

Save Settings

Tap "Save" in top-right corner

Note: This only affects the specific WiFi network. For cellular/mobile data, use other methods.

iOS Version Compatibility

iOS 14+

Native encrypted DNS support. Configuration profiles and per-app DNS.

iOS 13

Limited support. VPN-based solutions required.

iOS 12 & Below

No native encrypted DNS. VPN apps only.

iPadOS

Same features as iOS. Enhanced for larger screens.

Verification

To verify encrypted DNS is working on your iOS device:

Check DNS Configuration

# Method 1: iOS Settings Verification
Go to Settings → General → VPN & Device Management
Check if DNS configuration profile is installed
Go to Settings → General → VPN & Network → DNS
Verify "Unruly Citizen" or custom DNS is selected

# Method 2: DNS Leak Test
Open Safari
Visit: https://dnsleaktest.com
Run extended test
Should show xyz01-srv.unrulycitizen.com as DNS server

# Method 3: Network Analysis
Download "Network Analyzer" from App Store
Run DNS lookup tests
Check that queries resolve through your DNS server

# Method 4: Configuration Profile Check
Settings → General → VPN & Device Management
Tap on "Unruly Citizen DNS" profile
Verify it's active and properly configured

# Method 5: VPN Indicator
Check status bar for VPN icon (if using VPN-based DNS)
Indicates DNS filtering is active
            

Test DNS Performance

# Using Safari Developer Tools (if enabled):
Enable Develop menu: Settings → Safari → Advanced → Web Inspector
Connect to Mac and use Safari Developer Tools
Check Network tab for DNS resolution times

# Third-party testing apps:
"Speedtest by Ookla" - Check general performance
"Network Speed Test" - Measure latency
"DNS Lookup" - Test specific domain resolution

# Online DNS testing:
https://www.dnsperf.com/#!dns-resolvers
https://www.grc.com/dns/benchmark.htm
https://www.whatsmydnsserver.com/

# Monitor battery impact:
Settings → Battery
Check if DNS/VPN apps show significant usage
Normal: <5% battery usage for DNS services
            

Troubleshooting

DNS not working?

Ensure iOS 14.0 or later for native encrypted DNS
Check if configuration profile is properly installed and trusted
Verify internet connection is active
Try switching between WiFi and cellular data
Restart your iOS device after configuration
Check for VPN conflicts (disable other VPNs temporarily)

Common iOS Issues

Profile installation failed: Check if profile is from trusted source
DNS not applying: Ensure it's selected in Settings → General → VPN & Network → DNS
Battery drain: Some VPN-based DNS apps may impact battery
Captive portals: Public WiFi may require disabling DNS temporarily
Enterprise restrictions: MDM policies may block custom DNS
Certificate issues: Ensure device date/time is correct

Advanced Configuration

Custom Configuration Profiles

Advanced DNS configuration options for specific use cases:

<dict>
    <key>DNSSettings</key>
    <dict>
        <key>DNSProtocol</key>
        <string>HTTPS</string>
        <key>ServerAddresses</key>
        <array>
            <string>https://xyz01-srv.unrulycitizen.com/dns-query</string>
            <string>https://fallback.unrulycitizen.com/dns-query</string>
        </array>
        <key>ServerURL</key>
        <string>https://xyz01-srv.unrulycitizen.com/dns-query</string>
        <key>SupplementalMatchDomains</key>
        <array>
            <string>unrulycitizen.com</string>
            <string>*.unrulycitizen.com</string>
        </array>
    </dict>
</dict>
            

Enhanced iOS Security

Recommended Privacy-Focused Security Settings

Combine encrypted DNS with these privacy-respecting iOS security settings:

# iOS Privacy & Security Recommendations:

1. Use Strong Alphanumeric Passcode
   Settings → Face ID & Passcode → Change Passcode → Custom Alphanumeric Code
   - Avoid Face ID/Touch ID (biometrics)
   - Use 12+ character mixed passcode
   - Disable "Allow Access When Locked" features

2. Disable Location Services
   Settings → Privacy & Security → Location Services → Disable
   - Turn off completely when not needed
   - For essential apps: Settings → [App] → Location → While Using
   - Disable Significant Locations: Settings → Privacy → Location Services → System Services

3. Limit Ad Tracking & Analytics
   Settings → Privacy & Security → Tracking → Disable "Allow Apps to Request to Track"
   Settings → Privacy & Security → Analytics & Improvements → Disable all options
   Settings → Privacy & Security → Apple Advertising → Disable Personalized Ads

4. App Privacy Report
   Settings → Privacy & Security → App Privacy Report → Turn On
   - Monitor which apps access your data
   - Review network activity and sensor access
   - Revoke permissions for suspicious activity

5. Safari Privacy Protections
   Settings → Safari → Privacy & Security
   - Enable "Prevent Cross-Site Tracking"
   - Enable "Block All Cookies" or "Allow from Current Website Only"
   - Enable "Privacy Preserving Ad Measurement" (Off)
   - Enable "Check for Security Issues"

6. Disable Unnecessary Services
   Settings → [Your Name] → iCloud → Disable unnecessary services
   Settings → Notifications → Disable for non-essential apps
   Settings → Siri & Search → Disable "Listen for 'Hey Siri'"

7. Network Security
   Settings → Wi-Fi → [Network] → Limit IP Address Tracking → Enable
   Settings → Cellular → Cellular Data Options → Limit IP Address Tracking → Enable
   - Use encrypted DNS for all connections
   - Avoid automatic connection to hotspots

8. Regular Updates
   Settings → General → Software Update
   - Keep iOS updated for security patches
   - Review release notes for privacy features

9. Communication Safety
   Settings → Screen Time → Communication Safety → Enable
   - Filter sensitive content in Messages
   - Consider disabling for maximum privacy

10. Reset Privacy Periodically
    Settings → General → Transfer or Reset iPhone → Reset → Reset Location & Privacy
    - Clears app permission history
    - Forces apps to re-request access
    - Use periodically to audit app behavior
    

UNRULY CITIZEN