Added Mullvad DNS over HTTPS guide

2025-02-22 16:53:56 +00:00 · 2023-02-22 09:04:25 -05:00 · 2023-02-22 09:04:25 -05:00 · 5ad8ea12fb
commit 5ad8ea12fb
parent 6a934ce3f5
4 changed files with 127 additions and 0 deletions
--- a/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/README.md
+++ b/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/README.md
@ -0,0 +1,76 @@
+<!--
+Title: How to setup system-wide Mullvad DNS over HTTPS on iOS and macOS
+Description: Learn how to setup system-wide Mullvad DNS over HTTPS on iOS and macOS.
+Author: Sun Knudsen <https://github.com/sunknudsen>
+Contributors: Sun Knudsen <https://github.com/sunknudsen>
+Reviewers:
+Publication date: 2023-02-22T11:26:55.652Z
+Listed: true
+-->
+
+# How to setup system-wide [Mullvad DNS over HTTPS](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/) on iOS and macOS
+
+## Requirements
+
+- iPhone running iOS 14 and up
+- Mac running Big Sur and up
+
+## iOS guide
+
+> Heads-up: some apps bypass system-wide Mullvad DNS over HTTPS, see https://github.com/paulmillr/encrypted-dns.
+
+### Step 1 (if applicable): disable [Lockdown Mode](https://support.apple.com/en-us/HT212650)
+
+### Step 2: open “Safari” and download [mullvad-doh.mobileconfig](./mullvad-doh.mobileconfig) configuration profile
+
+### Step 3: install “mullvad-doh.mobileconfig” configuration profile
+
+Open “Settings”, click “Profile Downloaded” and, finally, click “Install”
+
+### Step 4 (if applicable): enable Lockdown Mode
+
+### Step 5: check for DNS leaks
+
+Go to [https://mullvad.net/en/check](https://mullvad.net/en/check).
+
+![Connection check](connection-check-ios.png?width=375)
+
+👍
+
+---
+
+## macOS guide
+
+> Heads-up: some apps bypass system-wide Mullvad DNS over HTTPS, see [https://github.com/paulmillr/encrypted-dns](https://github.com/paulmillr/encrypted-dns).
+
+> Heads-up: when using [Little Snitch](https://www.obdev.at/products/littlesnitch/index.html) or [Lulu](https://objective-see.org/products/lulu.html), system-wide Mullvad DNS over HTTPS is disabled given a single network filter can be enabled at a time (restriction imposed by iOS/macOS).
+
+> Heads-up: given above, one should [configure](../how-to-configure-firefox-for-privacy-and-security) Firefox to use DNS over HTTPS as a failsafe.
+
+> Heads-up: for sensitive use cases, use [Tor](https://www.torproject.org/).
+
+### Step 1 (if applicable): disable [Lockdown Mode](https://support.apple.com/en-us/HT212650)
+
+### Step 2: download [mullvad-doh.mobileconfig](./mullvad-doh.mobileconfig) configuration profile
+
+### Step 3: install “mullvad-doh.mobileconfig” configuration profile
+
+Open “System Settings”, search for “Profiles”, click “Profiles”, click “+”, open “mullvad-doh.mobileconfig”, click “Continue” and, finally, click “Install”.
+
+### Step 4 (if applicable): enable Lockdown Mode
+
+### Step 5: check for DNS leaks
+
+Go to [https://mullvad.net/en/check](https://mullvad.net/en/check).
+
+![Connection check](connection-check-macos.png)
+
+👍
+
+---
+
+## Want things back the way they were before following this guide? No problem!
+
+### Delete configuration profile.
+
+👍
--- a/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/connection-check-ios.png
+++ b/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/connection-check-ios.png
--- a/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/connection-check-macos.png
+++ b/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/connection-check-macos.png
--- a/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/mullvad-doh.mobileconfig
+++ b/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos/mullvad-doh.mobileconfig
@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>DNSSettings</key>
+			<dict>
+				<key>DNSProtocol</key>
+				<string>HTTPS</string>
+				<key>ServerAddresses</key>
+				<array>
+					<string>2a07:e340::2</string>
+					<string>194.242.2.2</string>
+				</array>
+				<key>ServerURL</key>
+				<string>https://doh.mullvad.net/dns-query</string>
+			</dict>
+			<key>PayloadDescription</key>
+			<string>Configures device to use Mullvad DNS over HTTPS</string>
+			<key>PayloadDisplayName</key>
+			<string>Mullvad DNS over HTTPS</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.dnsSettings.managed.C846E5BF-D246-45FB-A9E2-A9B30A153A8B</string>
+			<key>PayloadType</key>
+			<string>com.apple.dnsSettings.managed</string>
+			<key>PayloadUUID</key>
+			<string>C846E5BF-D246-45FB-A9E2-A9B30A153A8B</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>ProhibitDisablement</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>Configures device to use Mullvad DNS over HTTPS</string>
+	<key>PayloadDisplayName</key>
+	<string>Mullvad DNS over HTTPS</string>
+	<key>PayloadIdentifier</key>
+	<string>com.sunknudsen.mullvad-dns-over-https</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>13001589-3D36-4CC9-B16B-622C8E744FF4</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>