[rabboRubble]

That setting change only changes DNS while on Wifi. IOS offers no direct method of changing DNS while on cellular. Without something like Terminal on an iPhone, pretty difficult to tell which DNS is being used by the iPhone unless the phone is jailbroke. I use an app called Net Analyzer to check various networking configs. I'm not sure even the Cloudflare app is actually changing DNS. Need to do a bit more poking about to figure out what exactly is going on.

Edit: After playing around a bit, with the CloudFlare app alongside Net Analyzer, DNS on cellular appears to modified from my cell provider to what I think is the CloudFlare VPN profile on the device with IP addresses 192.0.2.2, 192.0.2.3, 192.0.2.4.

[zackbloom]

It installs a VPN policy to do it, that's the only viable method on non-managed devices. There is another big difference as well, the app enables DNS-over-HTTPS which encrypts your DNS traffic.

[rabboRubble]

Thanks! Good info. Yeah, was able to confirm that the Cloudflare app defaulted to DNS over https. That's an improvement over my previous attempts to excise cellular DNS traffic away from my carrier.

Is Cloudflare also servicing internet requests or are requests still being serviced by the cellular providers after DNS is resolved?

[Operyl]

Cloudflare is using the NetworkExtension API purely to intercept DNS requests and nothing else. Everything happens on device and not in some remote VPN service.

[toomuchtodo]

Is there a performance hit vs using native carrier DNS?

[zackbloom]

Your carrier's DNS may or may not be fast depending on how it is set up and who you use. In general 1.1.1.1 is faster than any of the other public DNS resolvers, and does a lot of preemptive caching that it's likely your ISP does not. Of course, it also doesn't sell your data which is a bonus.