encrypted-dns icon indicating copy to clipboard operation
encrypted-dns copied to clipboard

Chrome exempting itself form macOS settings

Open chew-z opened this issue 3 years ago • 7 comments

In blog post Firefox is mentioned but not Chrome.

It might then come as a surprise to some users that Chrome will exempt itself from global settings on macOS (of course) and will use its own DNS-over-https. If someone would like to setup DoH on Chrome this is how to do it:

Go to Settings-> Privacy and Security --> Security and scroll down to Use Secure DNS. Check this option and select predefined server (Google, Cloudflare) or use your own.

Chrome 87 on Big Sur 11.0.1

chew-z avatar Nov 26 '20 18:11 chew-z

@chew-z Not really a bug nor an auto exemption, chrome, like edge, Vivaldi (so all chromium based browser), use the profile settings, and call themselves (with their own dnsrypt client) an encrypted server. They are 3 way to forbid that.

First more complicated, is to use the config file or command (read doc of your browser) to tell the browser he must disable this feature.

Second is to use as a source (For the profile) A server who block all url of DNS server.

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

BirdInFire avatar Aug 29 '21 17:08 BirdInFire

@paulmillr Since it's not a bug in .mobileconfig file I ask this issue be closed. We cannot fix it only apple can so I vote to close it but it's up to you.

BirdInFire avatar Aug 30 '21 13:08 BirdInFire

@BirdInFire

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?

Jikodis avatar Oct 15 '21 20:10 Jikodis

@BirdInFire

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?

Gift : https://github.com/nextdns/metadata/blob/master/parentalcontrol/bypass-methods

BirdInFire avatar Oct 15 '21 20:10 BirdInFire

@Jikodis note : if you plan tu use Apple relay (for safari + DNS resolution) when Mac OS 12 will be there you must remove the two first domain from it

mask.icloud.com mask-h2.icloud.com

BirdInFire avatar Oct 16 '21 00:10 BirdInFire

Apple relay will bypass nextdns so if you use it mobileconfig will not be used because they use their own dns

you can try it with dns leak

Who-42 avatar Oct 16 '21 14:10 Who-42

Apple relay will bypass nextdns so if you use it mobileconfig will not be used because they use their own dns

you can try it with dns leak

I know i tell him about relay to not see an issue later because of the host tweak

BirdInFire avatar Oct 16 '21 14:10 BirdInFire