The upcoming versions of iOS and macOS will receive support for dns-over-https and dns-over-tls. App developers can add the protocols to their applications, or create new apps that allow DoH and DoT for the entire operating system.
Apple said at its developer conference WWDC this week that it plans to feature the upcoming versions of the mobile and desktop operating system. MacOS 11 and iOS 14 will be released in the fall. So they support dns-over-https and dns-over-tls as options domain name systemencrypt traffic, ZDnet writes.
The option for DoH and DoT is not standard in the operating systems, but developers can build software that allows this via mobile device managementprofiles or network extensions. For example, DNS providers such as Cloudflare can do this. Developers can also set up dns-over-https or -tls for their own apps. The latter should be opt-in, according to Apple.
According to Apple, the operating system can also automatically recognize when DoH or DoT are not desired. DNS-over-https is impractical, especially within organizations. Companies often use their own DNS resolvers. Apple’s operating systems will soon be able to recognize when a user is on a company’s VPN, for example, and then automatically disable DNS-over-https.
Developers can also create their own rules for when DoH and DoT are used, for example when users are only on WiFi or 4G or for a certain type of apps.
Apple follows the decision with other major tech companies that support dns-over-https and -tls such as Google, Microsoft and Mozilla in their browsers and operating systems. DNS-over-https is controversial. It encrypts DNS traffic, but does so by redirecting it to often commercial parties such as Google or Cloudflare. Tweakers wrote last year an extensive background article over dns-over-https.