Encrypted DNSoverHttps deployment

Comes here often

Encrypted DNSoverHttps deployment

We are migrating to Cloudflare's ZeroTrust service that includes DNS level filtering via DNS-over-Https

For our Windows endpoints we are deploying the WARP client to act as the dns proxy for those. But for iOS/macOS devices, we wanted to use the OS level DNS-over-Https option.

We have a test mobileconfig file that works fine, but when we deploy it via system manager the dns settings work only on wifi networks we onboarded. It seems to ignore the cellular networks and ad-hoc joined wifi networks.

This isn't a problem when we have users import the mobileconfig on their own. Only when we try to deploy it via the MDM.

Is this some bug that is in System Manager? or does any other suggestions for deploying/managing the setting?

1 Reply 1
Meraki Employee
Meraki Employee



Firstly, is there any reason that you're not using the Encrypted DNS profile capability in SM?


Screenshot 2023-01-20 at 2.48.16 PM.png

You can, if it fits your use case, ignore the Connect If Needed functionality: An array of rules defining the DNS settings. If on-demand rules are not present, the system always applies the default DNS settings

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.