Many Apple devices support using an encrypted transport protocol to communicate with a Domain Name System (DNS). JumpCloud supports using DNS over HTTPS and DNS over Transport Layer Security (TLS) services. DNS encrypts traffic and hides DNS queries from view.<\/p>\n\n\n\n
JumpCloud provides four policies to control encrypted DNS settings for macOS and iOS devices. You\u2019ll configure DNS servers to control the queries that can use DNS on the device by supplying Supplemental Match Domains, Server Addresses, and Server URLs or names.<\/p>\n\n\n\n
These four policies let you use DNS to encrypt DNS traffic:<\/p>\n\n\n\n
https:\/\/dns.example.net\/dns-query{?dns}<\/code>.<\/li>\n\n\n\n
For Supplemental Match Domains<\/strong>, click Add Supplemental Match Domains<\/strong>.<\/li>\n\n\n\n
Enter a list of domain strings used to determine which DNS queries can use the DNS server. For example, dns.example.net<\/code>. If you don\u2019t provide this, all domains will use the DNS server. A single wildcard * <\/strong>prefix is supported, but not required. <\/li>\n<\/ol>\n\n\n\n
<\/figure>\n\n\n\n\n- (Optional) <\/strong>Select the Device Groups<\/strong> tab. Select one or more device groups where you’ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n
- (Optional) Select the Devices tab. Select one or more devices where you’ll apply this policy.<\/li>\n\n\n\n
- Click Save<\/strong>. If prompted, click Save<\/strong> again. <\/li>\n<\/ol>\n\n\n\n
Create a macOS or iOS Encrypted DNS over TLS policy\u00a0<\/h2>\n\n\n\n\n- Log in to the Admin Portal: https:\/\/console.jumpcloud.com\/login<\/a> .<\/li>\n\n\n\n
- Go to DEVICE MANAGEMENT<\/strong> > Policy Management<\/strong>.<\/li>\n\n\n\n
- In the All<\/strong> tab, click (+<\/strong>).<\/li>\n\n\n\n
- On the New Policy<\/strong> panel, select the Mac<\/strong> or iOS<\/strong> tab.<\/li>\n\n\n\n
- From the list, select Encrypted DNS over TLS<\/strong> from the list, then click configure<\/strong>.<\/li>\n\n\n\n
- For Server Addresses<\/strong>, click Add Server Addresses<\/strong>.<\/li>\n\n\n\n
- If your DNS servers have an IPv4 or IPv6 address, enter all the addresses here. To add additional addresses, click Add Server Addresses<\/strong>. For example, 45.90.28.193. <\/li>\n\n\n\n
- For Server Name<\/strong>, enter the server\u2019s hostname of a DNS over TLS server. If there are multiple existing server names, click in the field to see those names. The hostname is used to validate the server certificate. <\/li>\n\n\n\n
- For Supplemental Match Domains<\/strong>, click Add Supplemental Match Domains<\/strong>.<\/li>\n\n\n\n
- Enter a list of domain strings used to determine which DNS queries can use the DNS server. For example,
dns.example.net<\/code>. If you don\u2019t provide this, all domains will use the DNS server. A single wildcard * <\/strong>prefix is supported, but not required.<\/li>\n\n\n\n
(Optional) Select the Device Groups<\/strong> tab. Select one or more device groups where you’ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n
(Optional) Select the Devices<\/strong> tab. Select one or more devices where you’ll apply this policy.<\/li>\n\n\n\n
Click Save<\/strong>. If prompted, click Save<\/strong> again.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"Many Apple devices support using an encrypted transport protocol to communicate with a Domain Name System (DNS). JumpCloud supports using […]<\/p>\n","protected":false},"author":202,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,2862,3082],"support_tag":[],"coauthors":[2836],"acf":[],"yoast_head":"\n
Create a Mac or iOS Encrypted DNS Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Mac or iOS Encrypted DNS Policy\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-05T17:11:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"denasteward\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\",\"name\":\"Create a Mac or iOS Encrypted DNS Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\",\"datePublished\":\"2023-05-17T15:59:45+00:00\",\"dateModified\":\"2023-06-05T17:11:03+00:00\",\"description\":\"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a Mac or iOS Encrypted DNS Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a Mac or iOS Encrypted DNS Policy - JumpCloud","description":"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","og_locale":"en_US","og_type":"article","og_title":"Create a Mac or iOS Encrypted DNS Policy","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","og_site_name":"JumpCloud","article_modified_time":"2023-06-05T17:11:03+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"denasteward"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","url":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy","name":"Create a Mac or iOS Encrypted DNS Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png","datePublished":"2023-05-17T15:59:45+00:00","dateModified":"2023-06-05T17:11:03+00:00","description":"Learn to create a Mac or iOS Encrypted DNS Policy to encrypt traffic and hide DNS queries from view.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/supplemental-match-domains-1024x650.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-or-ios-encrypted-dns-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a Mac or iOS Encrypted DNS Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75962"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/202"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75962\/revisions"}],"predecessor-version":[{"id":85787,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75962\/revisions\/85787"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75962"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75962"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75962"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}