iOS 14 (Apple) DNS bits

• Previous message (by thread): iOS 14 (Apple) DNS bits
• Next message (by thread): Apple moved from CDN, and ARIN whois
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

vom513> Observation: iOS 14 now seems to send 3 queries (up from 2) for
vom513> every socket connection to a name.  Whereas we've had A
vom513> + AAAA for quite some time in many OSes - on iOS 14 we now
vom513> have A + AAAA + HTTPS (type 65).
[...]
vom513> Question: iOS 14 now flags networks that it believes are
vom513> blocking encrypted DNS.  It puts a warning in Settings for the
vom513> wifi.

Apple has made a number of unilateral decisions about how their phones
should work (in search of some definition of privacy) that are likely to
cause headaches for enterprise and others using something other than
apple blessed tech to secure their users. The mac addr randomization is
going to be another headache for IT.

From an apple developer on another list, official docs from apple and
some other things to read.

Developer documentation:

<https://developer.apple.com/documentation/networkextension/nednssettingsmanager>

<https://developer.apple.com/documentation/network/nwparameters/privacycontext/3548851-requireencryptednameresolution>

<https://developer.apple.com/documentation/devicemanagement/dnssettings/dnssettings>

WWDC video/transcript:

<https://developer.apple.com/videos/play/wwdc2020/10047/>

"Encrypted resolvers designated by domain owners"  based on;

<https://tools.ietf.org/html/draft-pauly-add-resolver-discovery-01>

• Previous message (by thread): iOS 14 (Apple) DNS bits
• Next message (by thread): Apple moved from CDN, and ARIN whois
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]