Isn't this basically just putting a UI on top of configuration profiles?

https://github.com/paulmillr/encrypted-dns

Or does an app have some advantages to it that I'm unaware of?

configuration profiles you need to create the configuration files, send to the device, import.

And if you need to make some changes you need to do it all again..

with this tool you have an interface to configure everything, it only make make the process easier..

This app is hardly better than what you describe though: you still need to install it on all your devices and configure it. Seems hardly any easier than just downloading a pre-made profile from the repo I linked above and installing it. shrug To each their own I guess.

If you are managing many devices I agree, but for just a few.

When I said it was easier I meant for a single device or if you need some unusual configuration.

I have my own dns server, but my devices are already set so not sure will use this.

If I was setting things up today I might give it a try..

Or you can download one from NextDNS.io since you do need another end of the connection.

I have my own DNS server using AdGuard Home that i host in a VPS so i can have adblocking anywhere as i have at home.

But i have to maintain my own configuration profile, that is not hard but kind of a pain to make changes, not that i have to do that often.

Doesn't adguard itself produce configuration profiles as built-in feature?

PS: Device setup > DNS privacy

They may do it for their own public DNS server, but i use their hosted version named "AdGuard Home".

I'm talking about Adguard Home which is the selfhosted open source DNS server and adblocker.

Indeed they have.

I never noticed that they had that..

Thanks for the tip.

Related: I've had bad luck with configuration generators for MacOS (OSX) ... somehow the configuration is weirdly tied to a specific network interface and then pukes if you change from wifi to wired ...

... yet at the same time, the "universal" configuration will not work at all ...

I don't understand why, in 2024, we can't have a plain old configuration dialog in OSX that allows the setting of DoH hosts. Why is Apple restricting this to enterprise configurations ?

Once upon a time, I used a background helper to workaround the problem of captive portals by temporarily disabling dnscrypt-proxy dns settings when connecting to Wi-Fi on public networks. If it couldn't reach Apple's www.thinkdifferent.us with the correct content, then it should temporarily disable dnscrypt and show a notification. When it switched back, it would also show a notification. dnscrypt and tor also don't play well with anycast-dependent services like software updates.

I've tried managing wired and wireless interface switching on macOS without luck, and gave up on switching.

At home, I skipped dnscrypt and run unbound on the firewall with DoT upstreams and direct all clients to use it.

It's so sad that DNSCloak hasn't found a new maintainer.

Today I learned acronyms for DNS over TLS and DNS over HTTPS. Neat tool. I’ll try it when I get home.