Trying to force a DNS server on our school iPads using the new DNS settings Payload. Was upset to find it was forcing me to use an ENCRYPTED DNS URL. Anyone know of a way of achieving this without? I understand that encrypted dns is more secure and more private but in this scenario we don't feel it to be necessary and I worry about muddying the waters further with certificates and such. If anyone has some bright ideas or additional info, I'm all ears! (...or eyes I guess, technically). Thanks!
I got around this limitation by setting up our own DNS over TLS server which then forwards the DNS queries to the unsecure DNS server of our choice. Certificate setup was fast, easy and free using Certbot. This guide was very helpful: https://www.nginx.com/blog/using-nginx-as-dot-doh-gateway/ . However, I think there may be some issues with this payload and the recent iOS 14.1 -14.2 updates. I had this setup working well with some test devices running 14.0, but right now the DNS settings do not appear to be consistently enforced under 14.2.