DNS Over TLS & Over HTTPS is now on iOS / Android and for all networks at once [Thanks to Cloudflare]

DNS Over TLS & Over HTTPS (Further DOT & DOH) - perhaps those technologies that dramatically increase privacy and security on the Internet. There is also Encrypted SNI, but DOH and DOT are needed to use it.

I draw your attention to the application itself - very UserFriendly, even without a deep knowledge of technology, it is strongly recommended that you read it.

Quick Reference: DNS is an IP address retrieval system, a fundamental part of the Internet, which is used every time for web browsing. By opening this or that resource, you tell your service provider where you came, even if you change DNS to another (8.8.8.8 from Google for example) - this does not help you, due to the lack of encryption in the protocol, which allows you to replace and traffic redirection is not a target server (actually an MITM attack).

Most recently, the main security problem on the network was HTTP, but thanks to Google & LetsEncrypt - it is almost solved - now what exactly are you looking at on the site - now unknown to the provider, only two problems remain:
')

1. DNS Leak: This is the problem that can be solved using DOH & DOT
2. Domain SNI Leak - the problem of SNI disclosure occurs when an HTTPS connection is established with the site, however, before starting an encrypted transmission - the browser openly transfers the domain name of the site for the connection to the server;

Some time ago, the following articles were published on Habr: (I recommend reading it) :

1. Google Public DNS silently turned on support for DNS over TLS
2. We meet the service from Cloudflare at addresses 1.1.1.1 and 1.0.0.1, or “the public DNS regiment has arrived!”

And it would seem that happiness is near, two large companies have decided to implement new protocols and is about to get support to end users. (Especially in the case of Chrome)

But for some unknown reason, DOT & DOH support is now available only in the “night” builds of Firefox, not to mention the Android & iOS system level.

However, thanks to CloudFlare, who decided to take advantage of the slowness of Google, and released an application for iOS & Android

The application is very simple, in the case of iOS, work is done through the installation of the VPN profile
Not to be confused with real VPN! After the profile is installed, the VPN will actually be set to itself (at 127.0.0.1) and DNS requests will be sent to CloudFlare via DOT & DOH, while the traffic will follow the usual route.



What is nice, the application has the ability to configure DNS Over TLS or DNS Over HTTPS. the default is used by default.


I will note once again, the appearance of the VPN icon does not mean the use of “VPN” in the usual sense of the word, you can make sure by logging into any IP identifier, for example, 2ip.ru

And yet, in the case of changing the DNS in the network settings - when switching from WiFi to WiFi, you need to change the settings each time, not to mention the DNS for the carrier network, it is sometimes impossible to edit this parameter.

In the case of the application, DOH / DOT from CloudFlare will be automatically used for any connections.