When using iCloud Private Relay on a Mac or iOS, is using a profile (like paulmillr’s (
https://github.com/paulmillr/encrypted-dns) or aheckler’s (
https://github.com/aheckler/doh-profiles-for-apple-devices) the best way to avoid using my ISP’s DNS server?
Cloudflare recommends a manual network setup change (
https://developers.cloudflare.com/184.108.40.206/setup/macos/), but that seems less preferable than a profile since it is has to be done for each network connection.
I’m also wondering, since iCloud Private Relay uses ODoH and Cloudflare would not, what is more private and/or preferable?
- ODoH connection via iCloud Private Relay to my ISP’s DNS
- non-ODoH connection via custom profile to Cloudflare’s DNS
Cloudflare’s iCloud Private Relay: information for Cloudflare customers (
https://blog.cloudflare.com/icloud-private-relay/) does not discuss DNS configuration.
Apple’s iCloud Private Relay Overview Dec2021.PDF (
If a user has configured custom-encrypted DNS settings using a profile or an app, the DNS server specified will be used instead of ODoH. Safari connections and all unencrypted HTTP connections will also resolve names using the specified DNS server prior to routing through Private Relay.
An unencrypted DNS server provided by a local network or manually edited in Settings (iOS) or System Preferences (macOS) will not be used for iCloud Private Relay traffic.