How to Setup DNS over HTTPS in Safari

Safari uses system-level DNS settings, which means you need to configure DoH at the system level rather than within the browser itself. This guide will walk you through the different methods to enable DoH in Safari.

Prerequisites

• macOS 10.15 (Catalina) or later
• Administrative access to your Mac
• A DoH provider (e.g., Cloudflare, Google, or NextDNS)

Configuration Methods

1. System-Level Configuration

The most straightforward way to enable DoH in Safari is to configure it at the system level:

1. Open System Settings
2. Click on “Network”
3. Select your active network connection
4. Click “Details”
5. Select the “DNS” tab
6. Click the ”+” button to add DNS servers
7. Enter the following addresses:

   1.1.1.1
   1.0.0.1

8. Click “OK” to save the changes

2. Using Configuration Profiles

Configuration profiles provide a more secure and managed way to configure DoH:

1. Download a DoH configuration profile from your preferred provider
2. Double-click the profile to install it
3. Open System Settings
4. Go to “Profiles” to verify the installation
5. The profile will automatically configure your system’s DNS settings

3. Using Third-Party Tools

Several third-party tools can help you enable DoH:

Cloudflare WARP

1. Download and install Cloudflare WARP
2. Launch the application
3. Enable WARP in the application
4. Safari will automatically use the configured DNS

NextDNS

1. Sign up for a NextDNS account
2. Download and install the NextDNS configuration profile
3. Follow the setup instructions
4. Safari will use the configured DNS automatically

Verification

To verify that DoH is working correctly:

1. Open Safari
2. Visit any website
3. Open the Network tab in Safari’s Developer Tools
4. Look for DNS queries in the network traffic
5. Verify that the queries are using HTTPS

Troubleshooting

Common Issues

1. DNS Queries Not Using HTTPS

   • Verify that your system-level DNS settings are correct
   • Check if any VPN or proxy is interfering with DNS resolution
   • Ensure that your network allows HTTPS traffic

2. Configuration Profile Not Working

   • Verify that the profile is properly installed
   • Check System Settings > Profiles
   • Try removing and reinstalling the profile

3. Third-Party Tool Issues

   • Ensure the tool is properly configured
   • Check for any conflicts with other network tools
   • Verify that the tool has necessary permissions

Best Practices

1. Security

   • Use trusted DoH providers
   • Enable DNSSEC when available
   • Regularly update your configuration profiles

2. Performance

   • Choose a DoH provider with servers close to your location
   • Monitor DNS resolution times
   • Consider using multiple providers for redundancy

3. Privacy

   • Review your DoH provider’s privacy policy
   • Enable any available privacy features
   • Consider using providers that don’t log queries

Next Steps

• Server List - Choose a suitable DoH server
• Security Best Practices - Ensure secure configuration
• Tools - Explore additional DoH tools
• FAQ - Find answers to common questions