Configuring MacOS and iOS for DNS over HTTPS (DoH) is a straightforward process that significantly enhances security and privacy on Apple devices. By opening a text editor in plain text mode and pasting the provided code block, which contains configuration details for DoH, users can ensure compatibility by saving the file as "bloxone.mobileconfig." For MacOS, initiating the installation process is as simple as double-clicking the saved mobileconfig file in Finder, while on iOS, utilizing Apple Configurator 2 on Mac or emailing the file to oneself and opening it from Safari are viable options due to the disabled direct opening from Files. Once the file is opened, users can navigate to the Profiles menu in settings (Under General on iOS) to approve the new profile. Despite being unsigned, this profile aligns with standard DIY configuration practices, and upon approval, MacOS and iOS devices are now fortified with BloxOne Threat InfobloxThreat Defense DoH, ensuring a secure and private browsing experience.
When traffic is sent over DoH, reports in the Cloud Services Infoblox Portal should show the source as "Unknown."
...
NOTE: To obtain your FQDN go to the General page of the Create New Security Policy wizard in the Cloud Services Infoblox Portal(Cloud Infoblox Services Portal > Policies Configuration > Security Policies > Create New Security Policy > General). Copy the auto-generated FQDN, or click regenerate to generate a new FQDN. Note that DoH per Policy must be enabled in order to obtain the FQDN. The format should be https://FQDN/dns-query.
...
Double-click the resulting
mobileconfigfile in Finder. You will receive a notification that a profile is installed and waiting for review.Open settings to the Profiles menu (Under
Generalon iOS), and approve the new profile. — It will warn that it is unsigned, but this just means it was not cryptographically signed and distributed, which is standard for DIY configuration profiles.
You should now be using BloxOne Infoblox Threat Defense DoH.
iOS
Note: Google Chrome on iOS does not have a built-in setting to configure DoH directly within the browser.
...
There are various ways to install mobile configs. Currently, opening them directly from
Filesis disabled. However, you can either use Apple Configurator 2 (Mac) to apply the profile to a connected device, or email yourself the file and open it from Safari.
If you created this file directly, on-device, you can use a Shortcut to open the file in Safari directly from Files. Note that due to limitations of shortcuts, larger.mobileconfigfiles may cause it to crash.Open settings to the Profiles menu (Under
Generalon iOS), and approve the new profile. — It will warn that it is unsigned, but this just means it was not cryptographically signed and distributed, which is standard for DIY configuration profiles.
You should now be using BloxOne Infoblox Threat Defense DoH.