2 months, 3 weeks ago notreParticipant
I see the CleanBrowsing has an app to easily set DNS on iOS device, like my child’s. And there’s a passcode that prevents changing the DNS settings — through the CleanBrowsing app. But, I think it wouldn’t be that hard for a child to Google and find out how to change the DNS settings directly through the iOS network settings. Is there a way to lock that down? Maybe through MDM, if not through restrictions/screentime? I didn’t see anything in screentime nor restrictions.
Notre2 months, 3 weeks ago Daniel CidKeymaster
Even if he changes the DNS directly on the Settings, it would not override the App. We create a VPN and force all DNS requests through the App.
thanks!2 months, 3 weeks ago notreParticipant
Thanks for your reply!
That’s interesting. But if I’m not mistaken, my child can just delete the VPN profile, right? If that is true (which looks to be the case), is there some way I’d know if the VPN profile was deleted, aside from frequently looking at the device?
Notre2 months, 2 weeks ago FrankyParticipant
This is maybe possible to prevent in mobile devices but how can we restrict changing DNS on laptops and computers? That’s quite obvious that this app only changes the DNS setting it’s just a click away to change it back to default. Is there anyway we can prevent this?2 months, 2 weeks ago notreParticipant
I can answer that one, I think. Provided the laptop or computer your user (presumably child) uses, has a separate account that does not have administrative rights, they won’t be able to change the DNS. A second account on your PC has admin rights, and it’s there that you set the DNS to cleanbrowsing.org’s DNS. That’s what I did for my childrens’ devices.2 months, 1 week ago FrankyParticipant
I think you are talking about Windows here. Any idea about Mac OS?2 months ago FrankyParticipant
Thanks Peter. I think that will help me with that.2 weeks, 3 days ago KingHollyParticipant
I am afraid to say this is no small task. Your best option is to use configuration profiles. I suggest setting them up through Apple Configurator 2 on a Mac. Otherwise you would have to tinker around with the XML syntax of the profiles. You will want to set the device as a supervised device to have the most control. That requires wiping the device I believe.
Once you have a supervised device there are some great restriction settings for app and website whitelists: prevention of installing or removing configuration profiles, prevention of Erase All Content and Settings. You can prevent installation of VPNs.
Now to your question, unfortunately, the only current way to force DNS settings on WiFi AND Cell is to implement an IKEV2 VPN on the iPhone and force it through the configuration profile. This is called an Always On VPN. These cannot be uninstalled or toggled off in any way. Don’t get them confused with the auto connect VPNs. What is annoying is that no VPN services I found out there had an IKEV2 profile that I could configure on the iPhone. I ended up creating my own and hosting it on Digital Ocean for about $5 a month. Definitely a pain. Especially for anyone not experienced with tech. Now, what is super annoying is that I had issues with WiFi calling and connection to an Apple Watch.
Long story short, Apple does not provide the kind of customization that is needed to create a properly restricted device. They don’t even allow app developers that customization either. Even pushing Apple’s configuration profiles to the limit, you are still going to run into technical issues and lack of documentation. I am making the switch to Android after battling for a long time to get iOS to where I was satisfied with their native restriction offerings. If you are set on Apple, an IKEV2 VPN forced into an Always On connection through a configuration profile is your only option.
You must be logged in to reply to this topic.