> Apple says developers can create apps to apply DoH/DoT settings for the entire operating system (via network extension apps or MDM profiles), to individual apps, or to an app's selected network requests.<p>This sounds like a direct support and expansion of what was already possible system wide via "VPN" apps like the free DNS Cloak app which allows you to choose any resolver (with or without DoH/DoT).<p>> "There are two ways in which encrypted DNS can be enabled," Tommy Pauly, Internet Technologies Engineer at Apple, said in a talk on Wednesday.<p>> ...<p>> "The second way to enable encrypted DNS is to opt-in directly from an app. If you want your app to use encrypted DNS, even if the rest of the system isn't yet, you can select a specific server to use for some or all of your app's connections," Pauly added.<p><i>> Furthermore, Apple's DoH and DoT implementations will also be context-aware. For example, if a user has a VPN app installed, or is part of a captive (corporate) network, the DoH/DoT server won't override the DNS settings provided by the aforementioned.</i><p>Thank goodness for this. While reading this article, for a moment I thought apps could use a different DNS server even if the user had chosen something else system wide via a VPN app (Google's direct usage of 8.8.8.8 in its applications on some platforms, bypassing the system resolver, comes to mind).