
Apple adds support for encrypted DNS (DoH and DoT) - afrcnc
https://www.zdnet.com/article/apple-adds-support-for-encrypted-dns-doh-and-dot/
======
AnonC
> Apple says developers can create apps to apply DoH/DoT settings for the
> entire operating system (via network extension apps or MDM profiles), to
> individual apps, or to an app's selected network requests.

This sounds like a direct support and expansion of what was already possible
system wide via "VPN" apps like the free DNS Cloak app which allows you to
choose any resolver (with or without DoH/DoT).

> "There are two ways in which encrypted DNS can be enabled," Tommy Pauly,
> Internet Technologies Engineer at Apple, said in a talk on Wednesday.

> ...

> "The second way to enable encrypted DNS is to opt-in directly from an app.
> If you want your app to use encrypted DNS, even if the rest of the system
> isn't yet, you can select a specific server to use for some or all of your
> app's connections," Pauly added.

 _> Furthermore, Apple's DoH and DoT implementations will also be context-
aware. For example, if a user has a VPN app installed, or is part of a captive
(corporate) network, the DoH/DoT server won't override the DNS settings
provided by the aforementioned._

Thank goodness for this. While reading this article, for a moment I thought
apps could use a different DNS server even if the user had chosen something
else system wide via a VPN app (Google's direct usage of 8.8.8.8 in its
applications on some platforms, bypassing the system resolver, comes to mind).

