iOS 14 (Apple) DNS bits
list-nanog2 at dragon.net
Thu Sep 24 15:43:17 UTC 2020
vom513> Observation: iOS 14 now seems to send 3 queries (up from 2) for
vom513> every socket connection to a name. Whereas we've had A
vom513> + AAAA for quite some time in many OSes - on iOS 14 we now
vom513> have A + AAAA + HTTPS (type 65).
vom513> Question: iOS 14 now flags networks that it believes are
vom513> blocking encrypted DNS. It puts a warning in Settings for the
Apple has made a number of unilateral decisions about how their phones
should work (in search of some definition of privacy) that are likely to
cause headaches for enterprise and others using something other than
apple blessed tech to secure their users. The mac addr randomization is
going to be another headache for IT.
From an apple developer on another list, official docs from apple and
some other things to read.
"Encrypted resolvers designated by domain owners" based on;
More information about the NANOG