Mac
How to Enforce DNS Settings on a Macbook
Connect your MacBook to your Content Policy by enforcing DNS settings.
If you've enabled content filtering on your Mac and want to prevent bypass, a good place to start is to enforce and protect DNS settings on your Mac.
DNS settings can be changed in several ways on Mac devices. Fortunately, a setup that doesn't allow most kinds of changes to DNS is possible.
This guide will walk through our recommendations:
- Enforce global DNS settings on your MacBook to establish default DNS settings that other applications will use.
- Disable DNS features on web browsers.
- Block the System Settings application to prevent changes.
Set Global DNS Settings
Setting DNS globally for other applications is the most comprehensive approach. Some applications could do this for you, but you could also use Config Files.
Set DNS manually through System Settings
You can add fallback DNS settings to your Mac manually. Ideally, you could set up your home router to set DNS automatically, but it can be done on your Mac computer instead.
There might be some limitations around entering DNS addresses manually, so if this isn't an option, consider other enforcement methods.
Set DNS with a Config File
A more effective way is to use Config Files on your Mac.
This is used to control settings on your Mac in such a way that they can't be changed without removing the Config File that sets those restrictions.
For example, if you're using Tech Lockdown's Apple Config Generator , you can include DNS settings that point to your Content Policy.
Set DNS with an Application
Another option is to use an Application to automatically set DNS. This could set DNS on all networks.
Tech Lockdown uses a filtered VPN application to connect a Mac device to a DNS Content Policy . This means that rules can be applied directly to a specific user's device if they sign into the application with their email address.
Disable Web Browser Features than Bypass DNS
Some web browsers could have settings that either conflict with filtered DNS settings set on your Mac or disable them unintentionally. This setting is called Secure DNS, and it's a good idea to disable these features when using a content filter.
Check if Secure DNS is conflicting with Content Filtering
On most Chromium browsers (Google Chrome and Microsoft Edge), here's how you can check if Secure DNS is enabled:
If it's enabled, it will look like this:
Make sure this is toggled off:
Lock Secure DNS and prevent it from being reactivated
You can force-disable Secure DNS so it can't be reenabled later, intentionally or unintentionally.
Similar to how DNS settings can be enforced with Config Files, browser restrictions can also be enforced or disabled on a Mac device.
Using the Apple Config Generator , you can apply the same restriction to multiple browsers like this:
This should apply to most Chromium browsers and Firefox.
Block Access to System Settings
On top of the restrictions you've enabled on your Mac, another way to prevent changes to settings is to block access to certain applications or URLs on your computer.
Block Access to System Settings
You can block access to the System Settings application entirely to prevent general changes to DNS. Use our advice for blocking applications on Mac for our recommendations.
Block the Settings URL in your Browser
Using some of our recommendations in our dedicated guide for blocking URL keywords .
These are the URLs you should block to remove access to each browser's settings page:
- Chrome:
chrome://settings - Edge:
edge://settings - Firefox:
about:preferences
Frequently Asked Questions
How can I test if I'm connected to a particular DNS server?
You can use an online tool like DNS Leak Test and see who your current DNS provider is.