Chrome exempting itself form macOS settings

Question

Chrome exempting itself form macOS settings

chew-z opened this issue 4 years ago · comments

In blog post Firefox is mentioned but not Chrome.

It might then come as a surprise to some users that Chrome will exempt itself from global settings on macOS (of course) and will use its own DNS-over-https. If someone would like to setup DoH on Chrome this is how to do it:

Go to Settings-> Privacy and Security --> Security and scroll down to Use Secure DNS. Check this option and select predefined server (Google, Cloudflare) or use your own.

Chrome 87 on Big Sur 11.0.1

BirdInFire · Answer 1 · Mon Aug 30 2021 01:08:30 GMT+0800 (China Standard Time)

@chew-z
Not really a bug nor an auto exemption, chrome, like edge, Vivaldi (so all chromium based browser), use the profile settings, and call themselves (with their own dnsrypt client) an encrypted server.
They are 3 way to forbid that.

First more complicated, is to use the config file or command (read doc of your browser) to tell the browser he must disable this feature.

Second is to use as a source (For the profile) A server who block all url of DNS server.

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

BirdInFire · Answer 2 · Mon Aug 30 2021 21:55:43 GMT+0800 (China Standard Time)

@paulmillr Since it's not a bug in .mobileconfig file I ask this issue be closed.
We cannot fix it only apple can so I vote to close it but it's up to you.

Alex Bush · Answer 3 · Sat Oct 16 2021 04:37:19 GMT+0800 (China Standard Time)

@BirdInFire

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?

BirdInFire · Answer 4 · Sat Oct 16 2021 04:39:50 GMT+0800 (China Standard Time)

@BirdInFire

And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.

Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?

Gift : https://github.com/nextdns/metadata/blob/master/parentalcontrol/bypass-methods

BirdInFire · Answer 5 · Sat Oct 16 2021 08:59:10 GMT+0800 (China Standard Time)

@Jikodis note : if you plan tu use Apple relay (for safari + DNS resolution) when Mac OS 12 will be there you must remove the two first domain from it

mask.icloud.com
mask-h2.icloud.com

Chris · Answer 6 · Sat Oct 16 2021 22:55:05 GMT+0800 (China Standard Time)

Apple relay will bypass nextdns so if you use it mobileconfig will not be used
because they use their own dns

you can try it with dns leak

BirdInFire · Answer 7 · Sat Oct 16 2021 22:58:08 GMT+0800 (China Standard Time)

Apple relay will bypass nextdns so if you use it mobileconfig will not be used because they use their own dns

you can try it with dns leak

I know i tell him about relay to not see an issue later because of the host tweak