In this article
DNSFilter account users with admin permissions or higher can install the iOS Roaming Client on managed devices (iPhone; iPad) through the environment's Mobile Device Manager (MDM) provider.
The DNSFilter iOS App protects roaming mobile devices on and off the network. Similar to how the Windows and macOS Roaming Clients function, the app operates a special VPN which forwards DNS queries to DNSFilter, but, by setting up Local Domains and Resolvers, avoids forwarding the rest of your traffic to our servers.
Due to Apple Configurator 2 limitations, manual app installation is not possible on iOS 15 and higher. If you want to perform a manual install and run devices on version 14 and older we still provide legacy instruction.
Install iOS Roaming Client with an MDM
All MDMs have different specifications to manage and install an app. We recommend consulting your provider's documentation for the specific steps necessary to successfully launch the iOS agent.
Disable DNS_over_TLS
DNS_over_TLS (DoT) is enabled by default on iOS devices. Edit the .mobileconfig file to add this key to disable DoT
<key>dns_over_tls_enabled</key> <false/>
- Download the .mobileconfig file
- Copy the Site Secret Key (SSK) for the Site that will host the agent's Filtering Policy
- Edit the file's
KEYHERE
field to include the SSK - Add any organization/MDM-specific information like permissions, groups, or licensing
- In order to add a Client Name from the MDM, edit the .mobileconfig file to include a
host_name
key. In the example below, the Client Name will be Test SERIALNUMBER in the DNSFilter dashboard<key>ProviderConfiguration</key> <dict> <key>site_key</key> <string>YOUR SITE KEY HERE</string> <key>host_name</key> <string>Test {{serial_number}}</string> </dict>
✍️ Some MDM providers require updated settings to support this function. Look for Attribute Support settings to determine if you need to make any updates.
- In order to add a Client Name from the MDM, edit the .mobileconfig file to include a
- Create an MDM profile to upload the files
- Download the DNSFilter Roaming Client from the App Store
- Push the app to devices
Once the app is pushed to devices they will register in the DNSFilter dashboard and the Filtering Policy associated with the SSK Site will apply to the devices.
Our Community hosts more specific guides for some MDM softwares like Jamf Pro and Intune. Join the conversation and post your installation tips and configurations to help other DNSFilter users master their deployment!
Comments
2 comments
Thank you for providing an alternative solution.
I have been waiting for a long time to get this resolved!
So glad this update helps you out, Lok Ken ! The team was definitely excited to get this fix into everyone's hands, so they appreciate the feedback.
Please sign in to leave a comment.