Back to Knowledge Base

Quick Reference

Configuration Endpoints

Use these addresses across all methods below.

🔒 DNS over HTTPS

https://dns.unrulycitizen.com/dns-query

🛡 DNS over TLS

dns.unrulycitizen.com Port: 853

§ I

Network Settings

The simplest approach — native to macOS 14 Sonoma and later, no extra tools needed.

Method 1 — System Settings (macOS 14+ Sonoma)

1
Open System Settings

Click the Apple menu → "System Settings".

2
Navigate to Network

Click "Network" in the sidebar.

3
Select Your Connection

Click your active network connection — Wi-Fi or Ethernet.

4
Open DNS Settings

Click "Details" → select the "DNS" tab.

5
Add the DoH Endpoint

Click "+" under DNS Servers and enter:

https://dns.unrulycitizen.com/dns-query
6
Apply Settings

Click "OK" then "Apply" to save the configuration.

§ II

Terminal

Works on all macOS versions. Use when the GUI method isn't available or for scripted setup.

Method 2 — Terminal Commands

Open Terminal and run the following. Replace "Wi-Fi" with your network service name from the first command.

# List your network services to find the correct name networksetup -listallnetworkservices # Enable DoH for your network service sudo networksetup -setdnsoverhttps "Wi-Fi" on \ https://dns.unrulycitizen.com/dns-query # Disable fallback to unencrypted DNS sudo networksetup -setdnsoverhttpsfallbacks "Wi-Fi" off # Verify the configuration networksetup -getdnsoverhttps "Wi-Fi"

§ III

Configuration Profile

Ideal for deploying across multiple Macs or managing settings through an MDM.

Method 3 — Mobileconfig Profile

Copy the XML below into a file named unrulycitizen-dns.mobileconfig, then double-click it to install via System Settings → Privacy & Security → Profiles.

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadType</key> <string>com.apple.dnsSettings.managed</string> <key>PayloadUUID</key> <string>UNIQUE-UUID-HERE</string> <key>PayloadIdentifier</key> <string>com.unrulycitizen.dns</string> <key>PayloadVersion</key> <integer>1</integer> <key>DNSSettings</key> <dict> <key>DNSProtocol</key> <string>HTTPS</string> <key>ServerAddresses</key> <array> <string>https://dns.unrulycitizen.com/dns-query</string> </array> </dict> </dict> </array> <key>PayloadDisplayName</key> <string>Unruly Citizen DNS over HTTPS</string> <key>PayloadIdentifier</key> <string>com.unrulycitizen.dns.profile</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>PROFILE-UUID-HERE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

§ IV

Browser-Specific DoH

Encrypts DNS within a single browser without touching system settings — works on all macOS versions.

Method 4 — Firefox & Chrome

Firefox

Navigate to about:config in Firefox and set the following preferences:

network.trr.mode = 3 network.trr.uri = https://dns.unrulycitizen.com/dns-query network.trr.bootstrapAddress = 140.82.41.243
Chrome / Chromium

Navigate to chrome://settings/security, enable "Use secure DNS", select "Custom", and enter:

https://dns.unrulycitizen.com/dns-query

Alternatively, launch Chrome from Terminal with the flag already set:

open -a "Google Chrome" --args \ --enable-features="dns-over-https" \ --dns-over-https-servers="https://dns.unrulycitizen.com/dns-query"

Confirm It's Working

Verification

Run these commands to confirm DoH is active and no unencrypted queries are leaking.

Check DNS Configuration

# Inspect active resolvers scutil --dns | grep -A5 "resolver #" # Confirm DoH is set for your interface networksetup -getdnsoverhttps "Wi-Fi" # Basic resolution test dig @140.82.41.243 unrulycitizen.com nslookup unrulycitizen.com 140.82.41.243

Test the DoH Endpoint Directly

Install dog via Homebrew (brew install dog), then run:

# Query via DoH dog @https://dns.unrulycitizen.com/dns-query google.com # Or test the JSON API with curl curl -H "accept: application/dns-json" \ "https://dns.unrulycitizen.com/dns-query?name=unrulycitizen.com&type=A"

A valid JSON response confirms the encrypted endpoint is reachable.

Common Issues

Troubleshooting

If something isn't working, check these first.

DoH Not Working?

  • macOS 14 (Sonoma) or later required for native DoH in Settings
  • Confirm port 443 (HTTPS) is open through your firewall
  • Verify the DoH endpoint URL is exactly correct
  • Disable VPN or proxy temporarily and retest
  • Restart mDNSResponder: sudo killall -HUP mDNSResponder

Common macOS Issues

  • macOS 13 or earlier: use the Terminal or browser method
  • VPN conflicts: some VPNs override DNS settings silently
  • Corporate networks: may block external DNS servers
  • Certificate errors: ensure system date and time are correct
  • Multiple interfaces: configure each network service separately

Version Support

macOS Compatibility

Choose the right method for your macOS version.

macOS 14+ Sonoma

Native DoH in System Settings. Recommended — no extra tools.

macOS 11–13

Use Terminal commands or install a configuration profile.

All Versions

Browser-specific DoH works everywhere, any macOS release.

Need More Help?

Reach out or explore other platform guides in the Knowledge Base.

Contact Us → ← Back to Knowledge Base