Private DNS in iOS? (DNS over TLS/HTTPS, DoT, DoH)

Did anyone ever hear anything about Apple following Google and adding Private DNS natively in iOS?

For now I use the NextDNS iOS App, but this creates a fake VPN to set the DNS servers, which bothers me, because I then even see the text VPN if the real VPN is not started…

I haven’t seen it. Completely against Google doing this. They’re acting as if they’re trying to protect their users. I disagree, and think they’re doing it in an effort to obfuscate ads being served to users of the Chrome browser and make it easier to track movement across the web. Just look at how they’ve limited Adblock extensions within Chrome. Makes it harder for the layman to implement things like Pi-hole to block ads and ad networks. Starting to see startups leverage Pi-hole and similar software packages to into their offerings. Will be interesting how this plays out, but I’m slowly migrating away from all Google services…

Although I agree with you that Google’s jumping on this bandwagon so quickly was less than altruistic, it is nonetheless true that protecting DNS transactions is becoming increasingly important. Unprotected DNS transactions are problematic in my opinion:

(1) They can be intercepted by bad players and responses can be generated that send you to the wrong place.

(2) They provide information to everybody (especially your ISP) about what sites you are visiting. This is not just a matter of hiding your porn viewing, it means that ads can be targeted, that anybody in the middle can know what banks you use, what credit cards you use, etc. etc.

Solutions like DOH address these issues and just add one more level to security in the Internet.

1 Like

I also think it enhances security/privacy.

Since Apple is focusing on that I hope they will add it soon.

1 Like

Very interesting!
What concerns me is that NextDNS is a free service. What is their revenue model?

I am running pi-hole on my home network and it’s one of the few things I did that gave me an instant gratification and I am still happy with after a couple of months :blush:

Still for mobile use something like private dns or a vpn is a possible option. Thing is, we have to trust the intermediary…

1 Like

I would absolutely expect Apple to implement support for DNS over TLS pretty soon. The protocol is quite new, but it fits perfectly with Apple’s message about iOS being a privacy focused operating system. ISPs will kick and scream, but only because they will loose insight into the DNS queries. Of course, the ISPs can easily set up their own secure DNS server and just make it the default for subscribers.

This is a thorny issue for me:

As a network user, I can see some value in keeping my DNS queries hidden from the local network provider, but I wonder if aggregating them with a central provider isn’t making things worse in terms of privacy.

As a manager of IT security, I see this as taking away one of the best tools that I have against phishing and malware, the tracking and blocking of known-bad DNS queries.


Mostly agreed; but who would you rather have aggregating your DNS queries? Ad targeting is exactly what google will do. Not sure if chrome will default to using Google DNS, but am assuming it will…

1 Like


Completely free during the beta, then free up until about 300,000 DNS queries/month — $1.99/month for unlimited queries.

Ah I did not see that :grinning:

I would never use Google as my DNS server in any case. There are and will be alternatives. And if I am connecting to Google as a search engine, well then DNS is irrelevant. And if Chrome insists on using Google as the DoH server then I am quite happy that I stopped using Chrome several months ago.

1 Like

Have you considered using full VPN all the time? I’ve subscribed for a “lifetime” plan (99 years) from VPN Unlimited from three years ago which I found in Stack Social for ~$40.

On a totally separate note, recently I’ve noticed my younger brother’s iPhone and his wife’s having the “VPN” sign on the status bar almost all the time.

1 Like

I do already use a full VPN (whenever my devices are not connected to my own LAN), but I have noticed that at some locations that VPN is blocked.

The VPN icon (because of the DNS-only NextDNS VPN) would then give me the false impression that it’s safe to use the internet (for banking, etc.).

The full VPN alone is not enough (for me); NextDNS is an extra layer of privacy/security (blocking ads, tracking, malware, etc.).

I have watching NextDNS for a while but have not downloaded it. I really like the concept and I hope Apple incorporates it into a future IOS.

Curious I have Nord VPN. Does this ever cause conflicts. Loading to your router? Just boat a new Netgear router which has a lot of built in software and would like to load it to my router but I subscribe to the old adage - it it ain’t broke don’t fix it. Router worked perfectly. I would hate to create a mess

I tinker a bit more with my ASUS router.

The NextDNS CLI client works fine on that device.

Thanks. Messing with my routers is just about to exceed my comfort level.

I’m not that techincal. Is and NextDNS providing the same service ? They both seem to do something with DNS.

Any simple explain action would be greatly appreciated. I note that is free, although they have a paid service as well. is one of the addresses for Cloudflare’s DNS. (I use it, it’s great.) If you want to learn more there’s plenty to google, like this:

Thank you @Bowline.

Perhaps I ought to have been more clear. I’m interested in obtaining an understanding as to what NExtDNS does that is preferred over what is doing?

I have been using for more than a year now and have had not issues.

NextDNS is new and I’m keep to know what am I missing out on or what NextDNS is doing that is not.

I trust as its from Cloudflare. I do not know enough about NextDNS to make a judgment on this.

1 Like