Versions Compared

Old Version 1

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version 2

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configuring MacOS and iOS for DNS over HTTPS (DoH) is a straightforward process that significantly enhances security and privacy on Apple devices. By opening a text editor in plain text mode and pasting the provided code block, which contains configuration details for DoH, users can ensure compatibility by saving the file as "bloxone.mobileconfig." For MacOS, initiating the installation process is as simple as double-clicking the saved mobileconfig file in Finder, while on iOS, utilizing Apple Configurator 2 on Mac or emailing the file to oneself and opening it from Safari are viable options due to the disabled direct opening from Files. Once the file is opened, users can navigate to the Profiles menu in settings (Under General on iOS) to approve the new profile. Despite being unsigned, this profile aligns with standard DIY configuration practices, and upon approval, MacOS and iOS devices are now fortified with BloxOne Threat Defense DoH, ensuring a secure and private browsing experience.

When traffic is sent over DoH, reports in the Cloud Services Portal should show the source as "Unknown."

To configure MacOS and iOS for use with DoH, perform the following:

...

NOTE: To obtain your FQDN go to the General page of the Create New Security Policy wizard in the Cloud Services Portal(Cloud Services Portal > Policies > Security Policies > Create New Security Policy > General). Copy the auto-generated FQDN, or click regenerate to generate a new FQDN. Note that DoH per Policy must be enabled in order to obtain the FQDN. The format should be https://FQDN/dns-query.

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
      <key>PayloadContent</key>
      <array>
        <dict>
          <key>DNSSettings</key>
          <dict>
            <key>DNSProtocol</key>
            <string>HTTPS</string>
            <key>ServerAddresses</key>
            <array>
              <string>52.119.41.200</string>
<string>103.80.6.200</string>

            </array>
            <key>ServerURL</key>
            <string>https://fc7ua07a-0g83-62fb-9feb-7684b14gv764.doh.threatdefense.infoblox.com/dns-query</string>
          </dict>
          <key>PayloadDescription</key>
          <string>Configures device to use B1TD via DoH</string>
          <key>PayloadDisplayName</key>
          <string>B1TD DoH</string>
          <key>PayloadIdentifier</key>
          <string>com.apple.dnsSettings.managed.6u546h8d-76ct-4bf7-541c-098g86c1c23x</string>
          <key>PayloadType</key>
          <string>com.apple.dnsSettings.managed</string>
          <key>PayloadUUID</key>
          <string>24e64dey-7e80-4658-4hce-6a610e5dfegh</string>
          <key>PayloadVersion</key>
          <integer>1</integer>
          <key>ProhibitDisablement</key>
          <false/>
        </dict>
      </array>
      	<key>PayloadDescription</key>
      	<string>Adds B1TD DoH to MacOS and iOS</string>
      	<key>PayloadDisplayName</key>
      	<string>B1TD DoH</string>
      	<key>PayloadIdentifier</key>
      	<string>plus.simpledns.apple-dns</string>
      	<key>PayloadRemovalDisallowed</key>
      	<false/>
      	<key>PayloadType</key>
      	<string>Configuration</string>
	<key>PayloadUUID</key>
      	<string>54ea4de2-a665-8656-7dcd-fp51e9549089</string>
      	<key>PayloadVersion</key>
      	<integer>1</integer>
	<key>PayloadScope</key>
	<string>System</string>
</dict>
</plist>

...