Private DNS in iOS? (DNS over TLS/HTTPS, DoT, DoH)

Cloudflare DNS and is a standard DNS service (I use it also). Their primary claim is that they don’t maintain logs of DNS queries (beyond a period needed for debugging issues). When you look up an address such as or the messages are visible to every router that they go through and the DNS server (which is often your ISP) can see what DNS Names you are looking up and even log these queries along with your IP address (I don’t know if this is just paranoia, but even paranoids have real enemies). Even though the data session is likely encrypted so nobody can see what information you are sending or receiving to the site, the DNS information is visible.

NextDNS (and the solutions discussed in this thread) address this issue (NextDNS does several other things like Ad Blocking, etc. but that is a different set of issues). If the DNS Session between you and the DNS Server is encrypted (like the data session between you and the server) using DNS over HTTPS/TLS, etc., then nobody in the middle can see what domain names you are looking up. Obviously you still need to trust the DNS Service, but you don’t have to worry about anybody in the middle, like your ISP.

I haven’t been following this space over the last couple of months, but I assume that Cloudflare will announce a DNS over TLS/SSL at some point, if they haven’t already done so.


Thank you.

This really cleans things up for me. I’m hoping Cloudflare releases this as I would prefer to go with a provider I’m familiar with rather than a new company.

In saying that, its good NextDNS is doing this as it helps push the envelop further.