Many of us managing devices via MDM have to assume the devices are on networks that are insecure, malicious, or in the best case scenario, not malicious but definitely not private.

The standard way of doing DNS in those environments is unsafe, as the DHCP server can provide any resolver, and the traffic to those servers is made in the clear.

DNS over HTTPS (DoH) and DNS over TLS (DoT) are two options we have to make computing in such environments safer, by ensuring queries are encrypted as they leave the device.

Big Sur and iOS 14 both support this, howver, SimpleMDM does not have a UI for this, making us use custom profiles, which means only more advanced users are able to take advantage of this.

It would be great if a UI existed to allow us to specify what DNS server(s) to use over HTTPS, and to provide the right ServerURL string.

Attached file is an example taken from Paul Miller's repo at https://github.com/paulmillr/encrypted-dns - which has many other options for DoH and DNS over TLS.

Ideally, the feature would work with both DoH and DoT, adapting what fields are requested based on which feature is selected.