explaingit

paulmillr/encrypted-dns

4,621JavaScriptAudience · generalComplexity · 1/5Setup · easy

TLDR

Ready-to-install configuration profiles that switch your iPhone, iPad, or Mac to encrypted DNS, preventing your internet provider from seeing which websites you look up.

Mindmap

mindmap
  root((repo))
    What It Does
      Encrypts DNS lookups
      Hides sites from ISP
      Apple device profiles
    DNS Standards
      DNS over HTTPS
      DNS over TLS
    Provider Types
      No filtering options
      Ad blocking options
      Regional providers
    Installation
      Open in Safari
      Install via Settings
      No app required
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Enable encrypted DNS on your iPhone in under a minute by downloading a profile and installing it through Safari and Settings.

USE CASE 2

Switch your Mac to a privacy-focused DNS provider without installing any app, just a configuration profile.

USE CASE 3

Choose an ad-blocking DNS provider from the curated list to block ads at the DNS level across all your Apple devices.

Tech stack

JavaScript

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

This repository provides ready-to-install configuration profiles that enable encrypted DNS on iPhones, iPads, and Macs. Normally when your device looks up a website address, that request travels over the network in plain text, which means your internet provider or anyone on the same network can see which sites you are visiting. Encrypted DNS fixes this by sending those lookups over a secure connection so they cannot be read in transit. Apple devices support two encrypted DNS standards: DNS over HTTPS and DNS over TLS. Both achieve the same goal but use slightly different methods. The profiles in this repository configure your device to use one of these standards with a provider of your choosing, without requiring any technical setup beyond downloading and installing a small file. The README contains a large table listing dozens of DNS providers from around the world, including well-known options like Cloudflare, Google, and AdGuard, as well as independent regional providers. For each provider, the table notes whether it applies filtering (blocking ads, malware, or adult content), who operates it, and which region it is based in. Some providers offer signed profiles, which means Apple can verify the file has not been tampered with during download. Installation on an iPhone or iPad requires opening the downloaded file in Safari and following the prompts in Settings. On a Mac, the profile is installed through the Privacy and Security section of System Settings. No app is needed and the change takes effect immediately once the profile is installed. The project is a community-maintained collection, and the README explains how to submit a new provider or update an existing one. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Show me how to create a custom DNS over HTTPS mobileconfig profile for Apple devices using the format from paulmillr/encrypted-dns.
Prompt 2
Which providers in the encrypted-dns list both block ads and are operated in Europe? List them with their filtering policies.
Prompt 3
Help me write a script that generates an Apple mobileconfig DNS profile for my own self-hosted AdGuard Home DoH server.
Prompt 4
Explain the practical difference between DNS over HTTPS and DNS over TLS as implemented in Apple device profiles, which is better and why?
Open on GitHub → Explain another repo

← paulmillr on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.