Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chrome exempting itself form macOS settings #19

Open
chew-z opened this issue Nov 26, 2020 · 8 comments
Open

Chrome exempting itself form macOS settings #19

chew-z opened this issue Nov 26, 2020 · 8 comments
Labels
apple bug invalid behavior by Apple system(s)

Comments

@chew-z
Copy link

chew-z commented Nov 26, 2020

In blog post Firefox is mentioned but not Chrome.

It might then come as a surprise to some users that Chrome will exempt itself from global settings on macOS (of course) and will use its own DNS-over-https. If someone would like to setup DoH on Chrome this is how to do it:

Go to Settings-> Privacy and Security --> Security and scroll down to Use Secure DNS. Check this option and select predefined server (Google, Cloudflare) or use your own.

Chrome 87 on Big Sur 11.0.1

@paulmillr paulmillr added the apple bug invalid behavior by Apple system(s) label Aug 9, 2021
@ghost
Copy link

ghost commented Aug 29, 2021

@chew-z
Not really a bug nor an auto exemption, chrome, like edge, Vivaldi (so all chromium based browser), use the profile settings, and call themselves (with their own dnsrypt client) an encrypted server.
They are 3 way to forbid that.

First more complicated, is to use the config file or command (read doc of your browser) to tell the browser he must disable this feature.

Second is to use as a source (For the profile) A server who block all url of DNS server.

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

@ghost
Copy link

ghost commented Aug 30, 2021

@paulmillr Since it's not a bug in .mobileconfig file I ask this issue be closed.
We cannot fix it only apple can so I vote to close it but it's up to you.

@Jikodis
Copy link

Jikodis commented Oct 15, 2021

@BirdInFire

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?

@ghost
Copy link

ghost commented Oct 15, 2021

@BirdInFire

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?

Gift : https://github.com/nextdns/metadata/blob/master/parentalcontrol/bypass-methods

@ghost
Copy link

ghost commented Oct 16, 2021

@Jikodis note : if you plan tu use Apple relay (for safari + DNS resolution) when Mac OS 12 will be there you must remove the two first domain from it

mask.icloud.com
mask-h2.icloud.com

@Who-42
Copy link

Who-42 commented Oct 16, 2021

Apple relay will bypass nextdns so if you use it mobileconfig will not be used
because they use their own dns

you can try it with dns leak

@ghost
Copy link

ghost commented Oct 16, 2021

Apple relay will bypass nextdns so if you use it mobileconfig will not be used because they use their own dns

you can try it with dns leak

I know i tell him about relay to not see an issue later because of the host tweak

@mariosal
Copy link

The following instructions are given by Mullvad.net for Chrome-based browsers.

https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#macos

Make sure to turn off Secure DNS in your web browser.

Chrome / Brave / Edge :

The DNS profile works right away in Safari and Firefox, however if you are using Chromium based browsers such as Chrome, Brave or Edge then they will not use the DNS profile unless you disable the built in browser DNS client. Open the Terminal and run the following commands:

defaults write com.google.Chrome BuiltInDnsClientEnabled -bool false

defaults write com.brave.Browser BuiltInDnsClientEnabled -bool false

defaults write com.microsoft.Edge BuiltInDnsClientEnabled -bool false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
apple bug invalid behavior by Apple system(s)
Projects
None yet
Development

No branches or pull requests

5 participants