Chrome exempting itself form macOS settings
chew-z opened this issue · comments
In blog post Firefox is mentioned but not Chrome.
It might then come as a surprise to some users that Chrome will exempt itself from global settings on macOS (of course) and will use its own DNS-over-https. If someone would like to setup DoH on Chrome this is how to do it:
Go to Settings-> Privacy and Security --> Security and scroll down to Use Secure DNS. Check this option and select predefined server (Google, Cloudflare) or use your own.
Chrome 87 on Big Sur 11.0.1
@chew-z
Not really a bug nor an auto exemption, chrome, like edge, Vivaldi (so all chromium based browser), use the profile settings, and call themselves (with their own dnsrypt client) an encrypted server.
They are 3 way to forbid that.
First more complicated, is to use the config file or command (read doc of your browser) to tell the browser he must disable this feature.
Second is to use as a source (For the profile) A server who block all url of DNS server.
And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.
@paulmillr Since it's not a bug in .mobileconfig file I ask this issue be closed.
We cannot fix it only apple can so I vote to close it but it's up to you.
@BirdInFire
And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.
Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?
@BirdInFire
And third is to go the NEXDNS repository, search their list of all known secure server and copy past it in the hosts of Mac.
Can you explain the third option you mentioned? Are you saying that NextDNS maintains a public list of DNS entries for all known secure DNS providers?
Gift : https://github.com/nextdns/metadata/blob/master/parentalcontrol/bypass-methods
@Jikodis note : if you plan tu use Apple relay (for safari + DNS resolution) when Mac OS 12 will be there you must remove the two first domain from it
mask.icloud.com
mask-h2.icloud.com
Apple relay will bypass nextdns so if you use it mobileconfig will not be used
because they use their own dns
you can try it with dns leak
Apple relay will bypass nextdns so if you use it mobileconfig will not be used because they use their own dns
you can try it with dns leak
I know i tell him about relay to not see an issue later because of the host tweak