Encrypted DNS on iPhone & iPad

Why Enable Encrypted DNS on iPhone & iPad?

By default, DNS queries are sent in plain text over UDP port 53. This means your ISP, network administrator, or anyone on your local network can see every domain you visit. Encrypted DNS solves this by wrapping your DNS queries in TLS or HTTPS encryption.

• DNS-over-HTTPS (DoH) sends DNS queries inside HTTPS on port 443 — the same port used for web traffic. This makes it very difficult to block or detect.
• DNS-over-TLS (DoT) sends DNS queries encrypted via TLS on port 853. It is a dedicated protocol that is easier for network admins to manage but may be blocked on some networks.

This guide shows you how to configure DoH & DoT on iPhone & iPad.

Step-by-Step Setup Instructions

Follow these steps to enable encrypted DNS on iPhone & iPad:

1. Download a DNS profile
   iOS and iPadOS use configuration profiles for encrypted DNS. Download a .mobileconfig file from your preferred provider: visit one.one.one.one/family for Cloudflare profiles, or search your provider's website for their iOS DNS profile.
2. Install the profile
   Open the downloaded file in Safari. iOS will show a prompt saying "This website is trying to download a configuration profile." Tap Allow, then go to Settings > General > VPN & Device Management.
3. Activate the profile
   Under Downloaded Profile, tap the DNS profile. Review the details to verify it shows the correct DNS server and encryption type. Tap Install, enter your device passcode, then tap Install again to confirm.
4. Verify DNS is active
   Go to Settings > General > VPN & Device Management. The DNS profile should appear under Configuration Profiles as active. You can also check Settings > Wi-Fi > your network > Configure DNS to see the encrypted DNS status.
5. Test your configuration
   Open Safari and visit a DNS leak test site. The results should show your chosen DNS provider instead of your ISP. Use our DNS Privacy Check tool for a comprehensive verification including DoH/DoT detection.

After configuring encrypted DNS, it is recommended to clear your DNS cache and test the configuration using a DNS leak test site.

Recommended Encrypted DNS Providers

These providers support encrypted DNS and are compatible with iPhone & iPad:

Verify Your Encrypted DNS Setup

After configuring encrypted DNS on iPhone & iPad, run our DNS Privacy Check to verify your queries are encrypted and your ISP cannot see your DNS traffic.

Encrypted DNS Guides for Other Platforms

Set up encrypted DNS on all your devices for comprehensive protection:

• Windows 11 (DoH)
• macOS (DoH & DoT)
• Android (DoT)
• Firefox (DoH)
• Chrome (DoH)
• Microsoft Edge (DoH)
• Linux (systemd-resolved) (DoT)
• Unbound (DoT)
• Router (DoH & DoT)

Related Resources

• DoH vs DoT: Which encrypted DNS protocol should you use?
• DNS Privacy & Security Check tool
• Best private DNS servers
• All DNS guides
• Browse DNS servers by country

Frequently Asked Questions

Does iOS support encrypted DNS natively?

Yes. iOS 14 and iPadOS 14 introduced native support for both DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) via configuration profiles. This works system-wide across all apps without requiring a VPN app.

Can I use encrypted DNS without a profile on iPhone?

Starting with iOS 15, some apps (like the 1.1.1.1 app or NextDNS app) can register as system DNS providers. However, configuration profiles remain the most reliable and persistent method for system-wide encrypted DNS.

Does encrypted DNS work on cellular data on iPhone?

Yes. Once installed, a DNS configuration profile applies to both Wi-Fi and cellular connections. This is a significant advantage over manual DNS settings, which only apply per Wi-Fi network on iOS.

How do I remove encrypted DNS from my iPhone?

Go to Settings > General > VPN & Device Management > Configuration Profiles. Tap the DNS profile and select Remove Profile. Enter your passcode to confirm. Your device will revert to your network default DNS settings.