A WWDC20 presentation by Tommy Pauly, Internet Technologies Engineer at Apple, shows how Apple is adding support for encrypted DNS to iOS 14 and macOS 11.
Encrypted DNS Support
The new operating systems will support both DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Network communications sent through encrypted DNS means that an attacker won’t be able to snoop on what you’re doing. This support means that developers update their apps to support either of these DNS protocols. Mr. Pauly explains:
There are two ways that encrypted DNS can be enabled. The first way is to choose a single DNS server as the default resolver for all apps on the system. If you provide a public DNS server, you can now write a NetworkExtension app that configures the system to use your server.
Or, if you use mobile device management, MDM, to configure enterprise settings on devices, you can push down a profile to configure encrypted DNS settings for your networks. The second way to enable encrypted DNS is to opt in directly from an app.
Additionally, if a network provider blocks encrypted DNS on its network, users will see a privacy warning.