Both iOS 14, iPadOS 14 or macOS Big Sur have received many innovations designed for security, one more will be the arrival of DNS support over HTTPS or over TLS. Thanks to this support, developers will be able to create apps that use this type of connection and thus keep our browsing history more secure.

DoT and DoH, privacy comes to DNS queries

Before continuing with the article, let’s see very briefly what a DNS is. A Domain Name Server is a kind of “agenda” where we can check IP addresses of the different domains. In other words, if we want to visit applesfera.com we must know that the address of the machine where it is located is 13.224.13.13, this is the address that we ask the DNS server for.

This consultation, in general, is done in an unencrypted way, so the telephone operators or anyone in our network can intercept traffic and know which direction we ask. From here knowing which pages we have visited is really simple.

In view of the situation, a system was developed to perform DNS queries within the TLS (DoT) layer or over HTTPS (DoH), in short, in encrypted form. The benefit is that nobody except the DNS server will know the content of the query question / answer. And this benefit is the one that reaches all Apple platforms with the new versions of the operating system.

Apple has incorporating the system for DoH and DoT into frameworks that developers can then use to create your applications. Thanks to this novelty, applications will be able to update their apps or create new ones using these new options. As Tommy Pauly, Internet Technology Engineer at Apple, has explained, there are two ways to implement DNS encryption:

The first way is to use a single encrypted DNS server for all applications on the system. If you provide a public DNS server [cifrado]Now you can create a network extension application that configures the system to use your server. Or, if you use MDM to configure company settings on devices, you can configure a profile to configure encrypted DNS settings for your networks. The second way to enable encrypted DNS is directly from an application. If you want your application to use encrypted DNS, even if the rest of the system is not yet encrypted, you can select a specific server to use for some or all of the connections in your application.

Clearly, Apple has invested a lot of time and dedication in making its operating systems even more secure. These are changes that can probably go unnoticed, but, although this is the case, they are still there, improving our privacy and security.

Share On iOS 14 and macOS Big Sur Apple will add support for encrypted DNS connections