Connecting an iPhone to your Content Policy with DNS is a solid alternative or backup to the filtered VPN. In the case where the VPN is not available or is disabled, DNS Settings will take priority and keep your iPhone connected to the Content Policy.
To connect your iPhone using DNS Settings, you will use the Device Config Generator to customize and install a Config File. In order for this Config File to work properly, your iPhone needs to be supervised.
- Open or create a new Device Config on the dashboard by going to Config Generator > iOS Config.
- Under the Network tab, ensure Enforce DNS Settings is enabled.
- Select your DNS preferences.
- Save changes to your Config File by clicking or tapping on Save Changes.
- Install the Config File on your iPhone. See Installing a Device Config on iPhone for more details.
DNS Setting Limitations
You might consider connecting with DNS instead of (or in addition to) the filtered VPN for a few different reasons:
- DNS Settings tend to be more compatible with older devices (especially on older versions of iOS).
- DNS Settings can work with a VPN, in addition to other blocking layers like the built-in content filter, URL filtering, and connecting your home router.
DNS Settings are a powerful way to ensure filtering is enabled on your device, but there are some important drawbacks you must consider.
1) Your iPhone will prefer VPN settings over DNS settings
If you have a VPN installed on your device and active, your iPhone will use that VPN's network settings. If this VPN is disabled or turned off, your iPhone will then default to DNS Settings controlled by any Config Files.
We recommend protecting your iPhone from new VPN connections. See Enforcing the Cloudflare One VPN for more information.
2) DNS Settings only use rules that don't have an audience selected
If a device is connected manually through DNS without using the filtered VPN, only rules that do not have any audience selected will work on that device. Any rule that is associated with a login email will no longer work; the filtered VPN will need to be used instead of DNS.
If you are the only member of your account, then chances are you won't notice this issue.
If you need to use audience-specific rules or want DNS to function as a backup to the filtered VPN, use our recommended techniques for incentivizing iPhone users to enable the VPN.