We are seeing errors on the IOS 14.2 device when pushing an Encrypted DNS Payload.
Specifically
Enable Demand Rules: and set Network: Evaluate Connection (for both Domain Action: Never Connect & Domain Action: Connect If Needed options)
The error is
<?xml version="1.0" encoding="UTF-8"?> ... <plist version="1.0"> <array> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Installation Failed</string> <key>USEnglishDescription</key> <string>Profile Installation Failed</string> </dict> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Failed to Install</string> <key>USEnglishDescription</key> <string>Profile Failed to Install</string> </dict> <dict> <key>ErrorCode</key> <integer>1009</integer> <key>ErrorDomain</key> <string>MCProfileErrorDomain</string> <key>LocalizedDescription</key> <string>The profile "h1dns" could not be installed.</string> <key>USEnglishDescription</key> <string>The profile "h1dns" could not be installed.</string> </dict> <dict> <key>ErrorCode</key> <integer>57000</integer> <key>ErrorDomain</key> <string>MCDNSSettingsErrorDomain</string> <key>LocalizedDescription</key> <string>The DNS settings service encountered an internal error.</string> <key>USEnglishDescription</key> <string>The DNS settings service encountered an internal error.</string> </dict> </array> </plist>
The plist that we are sending is
<?xml version="1.0" encoding="UTF-8">
<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"...">
<plist version="1.0">
<array>
<dict>
<key>DNSSettings</key>
<dict>
<key>DNSProtocol</key>
<string>HTTPS</string>
<key>ServerAddresses</key>
<array>
<string>1.1.1.1</string>
</array>
<key>ServerURL</key>
<string><Somehost/dns-query</string>
</dict>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<dict>
<key>DomainAction</key>
<string>NeverConnect</string>
<key>Domains</key>
<array>
<string>news.google.com</string>
</array>
</dict>
<key>InterfaceTypeMatch</key>
<string>Ethernet</string>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<dict>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
<key>Domains</key>
<array>
<string>mail.yahoo.com</string>
</array>
</dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
</array>
<key>ProhibitDisablement</key>
<false/>
<key>PayloadDescription</key>
<string>The payload for configuring encrypted DNS settings.</string>
<key>PayloadDisplayName</key>
<string>DNS_ENCRYPTED</string>
<key>PayloadIdentifier</key>
<string>mi.dnssettings.44011.0</string>
<key>PayloadOrganization</key>
<string>com.mobileiron</string>
<key>PayloadType</key>
<string>com.apple.dnsSettings.managed</string>
<key>PayloadUUID</key>
<string>3173360096376915336</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</plist>
Specifically
Enable Demand Rules: and set Network: Evaluate Connection (for both Domain Action: Never Connect & Domain Action: Connect If Needed options)
The error is
<?xml version="1.0" encoding="UTF-8"?> ... <plist version="1.0"> <array> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Installation Failed</string> <key>USEnglishDescription</key> <string>Profile Installation Failed</string> </dict> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Failed to Install</string> <key>USEnglishDescription</key> <string>Profile Failed to Install</string> </dict> <dict> <key>ErrorCode</key> <integer>1009</integer> <key>ErrorDomain</key> <string>MCProfileErrorDomain</string> <key>LocalizedDescription</key> <string>The profile "h1dns" could not be installed.</string> <key>USEnglishDescription</key> <string>The profile "h1dns" could not be installed.</string> </dict> <dict> <key>ErrorCode</key> <integer>57000</integer> <key>ErrorDomain</key> <string>MCDNSSettingsErrorDomain</string> <key>LocalizedDescription</key> <string>The DNS settings service encountered an internal error.</string> <key>USEnglishDescription</key> <string>The DNS settings service encountered an internal error.</string> </dict> </array> </plist>
The plist that we are sending is
<?xml version="1.0" encoding="UTF-8">
<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"...">
<plist version="1.0">
<array>
<dict>
<key>DNSSettings</key>
<dict>
<key>DNSProtocol</key>
<string>HTTPS</string>
<key>ServerAddresses</key>
<array>
<string>1.1.1.1</string>
</array>
<key>ServerURL</key>
<string><Somehost/dns-query</string>
</dict>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<dict>
<key>DomainAction</key>
<string>NeverConnect</string>
<key>Domains</key>
<array>
<string>news.google.com</string>
</array>
</dict>
<key>InterfaceTypeMatch</key>
<string>Ethernet</string>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<dict>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
<key>Domains</key>
<array>
<string>mail.yahoo.com</string>
</array>
</dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
</array>
<key>ProhibitDisablement</key>
<false/>
<key>PayloadDescription</key>
<string>The payload for configuring encrypted DNS settings.</string>
<key>PayloadDisplayName</key>
<string>DNS_ENCRYPTED</string>
<key>PayloadIdentifier</key>
<string>mi.dnssettings.44011.0</string>
<key>PayloadOrganization</key>
<string>com.mobileiron</string>
<key>PayloadType</key>
<string>com.apple.dnsSettings.managed</string>
<key>PayloadUUID</key>
<string>3173360096376915336</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</plist>