Is it possible to use DNS-over-HTTPS on tvOS?

[UREntranceExitNodes4Mine]

If it possible to directly use DNS-over-HTTPS on tvOS (Apple TV 4K 2021) ? I know it can be routed through personal local DNS server that can use DNS-over-HTTPS, but what about using it directly? I'd prefer for my Apple TV only establish initial connection to my WiFi DHCP DNS server, but then use a public DoH independently. Is there a way to do that?

 

[elvisimprsntr]

I think you would need to jailbreak the ATV to change how it handles DNS queries directly.

The other option is to use enterprise class firewall software from https://pfsense.org, and enable DNSSEC and DNS over SSL/TLS

pfSense® software Configuration Recipes — Configuring DNS over TLS | pfSense Documentation

docs.netgate.com

Then add a FW rule to redirect all non SSL/TLS DNS queries to your local DNS server

Of course your upstream DNS servers will also need to support DNS over SSL/TLS.

Example: QUAD9

 

[archi penko]

Yes it is, for tvOS14 this is possible without a jailbreak.

Just follow these steps:

Starting with tvOS 14, you can take advantage of its compatibility with the DNS over HTTPS (also known as DoH) protocol to access our SmartDNS Servers through an encrypted SSL Tunnel. This way, your Internet Provider will not be able to capture or filter your DNS communications.

To configure your Apple TV with our Secure DNS follow these steps:

1. From the Apple TV Main menu, click on Settings.
2. Go to General > Privacy
3. Hover over Share Apple TV Analytics without pressing
4. Press Play on the remote
5. Select Add Profile
6. Enter the DNS url (https://some url.com/somethingelse) then select Done
7. On the Install Profile screen, select Install
8. On the Warning message, select Install
9. On the Install Profile message, select Install
10. Select Done
11. Go back to Settings.
12. Click on System.
13. Click on Restart.

Worked for you?

 

[OpenSource Ghost]

What do you mean by "Our SmartDNS Servers". Who's services would those be? Apple's? Typing DoH address in "Profile" section doesn't work. You have to link it to an actual profile, not just DNS server address. I think NextDNS supports such a profile system, but its a paid-for service. I use public AdGuard DNS address - https://dns.adguard.com/dns-query - on devices that support DoH. How can I make my Apple TV 4K use that address for DNS resolution?

 

[Rigby]

What do you mean by "Our SmartDNS Servers". Who's services would those be? Apple's? Typing DoH address in "Profile" section doesn't work. You have to link it to an actual profile, not just DNS server address. I think NextDNS supports such a profile system, but its a paid-for service. I use public AdGuard DNS address - https://dns.adguard.com/dns-query - on devices that support DoH. How can I make my Apple TV 4K use that address for DNS resolution?

If you want to use this method, you need the URL of a configuration profile (a file that usually ends on .mobileconfig) that is available online. You can find profiles for various free services e.g. here:

GitHub - paulmillr/encrypted-dns: DNS over HTTPS config profiles for iOS & macOS

DNS over HTTPS config profiles for iOS & macOS. Contribute to paulmillr/encrypted-dns development by creating an account on GitHub.

github.com

E.g. for Adguard you could use this profile (you can open the file with a text editor to inspect the parameters it uses).

Another way is to use the Apple Configurator app on a Mac to add configuration profiles to an Apple TV.

Just a warning: some content delivery networks (which are used by video streaming services to optimize performance) rely on DNS-based methods to select a nearby caching node. Using a 3rd party DNS service rather than your ISP's may result in sub-optimal node selection.