Known issues with iOS/macOS system Encrypted DNS (DoH) support
A number of known bugs have been found in the new iOS 14 and macOS 11 Encrypted DNS support. This page summarizes those bugs with current status of resolution and workaround when available.
macOS & iOS: VPN Conflict
When a VPN is connected, the Encrypted DNS profile is ignored in favor of the DNS server advertised by the VPN with no option to change this behavior. The DNS profile is still shown as active in the OS settings, which is confusing for the user.
We believe that Encrypted DNS should be part of the traffic going through the VPN as it is the case on other platforms. If you agree, please submit your feedback to Apple using Feedback Assistant.
Status: reported, probably won't fix
macOS: Chrome ignores Encrypted DNS in some cases
In some (still unidentified) cases, Chrome & Chromium ignore the system configured Encrypted DNS profile and use the system's legacy UDP DNS instead. We can't reproduce this issue consistently, we are seeking for more data to qualify the issue.
Status: investigating, please report if you reproduce
iOS: Safari UX bug with blocked domains
Since iOS 14, when a URL with a blocked domain is clicked or entered into the location bar, Safari does not show an error, the action is just ignored. This only happens when the domain is blocked with a 0.0.0.0 IP (NextDNS default).
Chrome on iOS shows an error properly.
Workaround: enable the Block Page feature
macOS: Content Filter extension conflict
When an application using the content filter extension like Little Snitch is active, the system Encrypted DNS profile is ignored.
Status: not reported