Mac
How to Enforce DNS Settings on a Macbook
Connect your MacBook to your Content Policy by enforcing DNS settings.
If you've enabled content filtering and want to prevent it from being accidentally or intentionally bypassed, a good place to start is to enforce and protect DNS settings on your Mac.
DNS settings can be changed in several ways on Mac devices. Fortunately, a setup that doesn't allow most kinds of changes to DNS is possible.
This guide will walk through our recommendations:
- Enforce global DNS settings on your MacBook to establish default, protected DNS settings that other applications and browsers will use.
- Disable conflicting DNS features on web browsers.
Set Protected Global DNS Settings with Apple Configs
It's possible to set the system DNS settings on a Mac and protect it from being modifed later on. There are a few effective ways to do this.
You can use an Apple Config Generator to install a config that adds the protected DNS settings.
Apple Configs can be used to control settings on your Mac in such a way that they can't be changed without removing the Config File that sets those restrictions.
For example, if you're using Tech Lockdown's Apple Config Generator, you can include DNS settings that point to your DNS Content Policy .
Disable Web Browser Features than Bypass DNS
Some web browsers could have settings that can override the system-level DNS settings set on your Mac. It's a good idea to disable these features when using a content filter and prevent them from being re-enabled.
Check if Secure DNS is conflicting with Content Filtering
On most browsers (Google Chrome, Microsoft Edge, Brave Browser, Firefox), here's how you can check if Secure DNS is enabled:
If it's enabled, it will look like this:
If the browser is not using the system DNS provider, then your web browser may not be pointing to your preferred DNS provider.
Make sure this is toggled off:
Lock Secure DNS and prevent it from being reactivated
You can force-disable Secure DNS so it can't be reenabled later, intentionally or unintentionally. This will ensure the secure DNS from the system, that you've protected earlier, is used in this web browser.
Similar to how DNS settings can be enforced with config files, browser restrictions can also be set on a Mac.
You can use an Apple Config Generator to protect the DNS features in web browsers. You can apply the same restriction to multiple browsers with one toggle like this:
This should apply to most Chromium browsers and Firefox.
Block Access to System Settings
On top of the restrictions you've enabled on your Mac, another way to prevent changes to settings is to block access to certain applications or URLs on your computer.
Block Access to System Settings
You can block access to the System Settings application entirely to prevent general changes to DNS. Use our advice for blocking applications on Mac for our recommendations.
Block the Settings Page in your Browser
Although this is entirely optional if you have locked browser DNS settings using an Apple Config Generator , you might still consider blocking access to the settings section of your web browser to prevent further customizations.
Using some of our recommendations in our dedicated guide for blocking URL keywords .
These are the URLs you should block to remove access to each browser's settings page:
- Chrome:
chrome://settings - Edge:
edge://settings - Firefox:
about:preferences
Frequently Asked Questions
How can I test if I'm connected to a particular DNS server?
You can use an online tool like DNS Leak Test and see who your current DNS provider is. If a web browser feature is overriding your system's DNS settings, you'll see a different provider when you run that DNS leak test.