vom513> Observation: iOS 14 now seems to send 3 queries (up from 2) for vom513> every socket connection to a name. Whereas we've had A vom513> + AAAA for quite some time in many OSes - on iOS 14 we now vom513> have A + AAAA + HTTPS (type 65). [...] vom513> Question: iOS 14 now flags networks that it believes are vom513> blocking encrypted DNS. It puts a warning in Settings for the vom513> wifi. Apple has made a number of unilateral decisions about how their phones should work (in search of some definition of privacy) that are likely to cause headaches for enterprise and others using something other than apple blessed tech to secure their users. The mac addr randomization is going to be another headache for IT. From an apple developer on another list, official docs from apple and some other things to read. Developer documentation: <https://developer.apple.com/documentation/networkextension/nednssettingsmanager> <https://developer.apple.com/documentation/network/nwparameters/privacycontext/3548851-requireencryptednameresolution> <https://developer.apple.com/documentation/devicemanagement/dnssettings/dnssettings> WWDC video/transcript: <https://developer.apple.com/videos/play/wwdc2020/10047/> "Encrypted resolvers designated by domain owners" based on; <https://tools.ietf.org/html/draft-pauly-add-resolver-discovery-01>