Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Use of networking service by location

T

thinkpanda

macrumors newbie
Original poster
Sep 29, 2013
7
0
Let say I have installed a networking profile from Encrypted DNS to MacOS, so that DNS queries are encrypted.

This means I have a "networking service" in network preferences, like this:

Screenshot 2022-01-21 at 17.53.25.png


On the other hand, occasionally I will be on a site where I need to access a local DNS server, so I want the Google DNS setting be inactive for that. I was thinking that I can set up two network locations. One is for home, and one is for work. At location "home", I have that Google DNS service active and make it inactive for location "work".

After I created two network locations, I attempt to make the Google DNS service to be "inactive" in location "work" (with "Apply"). Then i found that that service become inactive in location "home" as well. This means I don't have separate active/inactive status for that service in different locations.

Did I do something wrong, or is it the way MacOS works that I cannot get around that?
 
Those profiles are interesting and convenient, but useless in my opinion because they can’t be used with a firewall (LittleSnitch), they seems to escape some queries and they can’t be modified after being installed.
If you want to use them, you could potentially set some OnDemandRules https://developer.apple.com/documentation/devicemanagement/dnssettings/ondemandruleselement
ProfileCreator makes the task easier https://github.com/ProfileCreator/ProfileCreator
After testing dnscrypt https://github.com/b0gdanw/dnscrypt-proxy-macos and cloudflared https://github.com/b0gdanw/cloudflared-macos in Catalina, I use Stubby GUI for macOS https://dnsprivacy.org/wiki/display/DP/Stubby+GUI+for+macOS It’s still working in Big Sur.
 
Answer my own question. It turn out I hand craft a configuration profile so that it is deactivated only for specific SSID. Then it would be alright to keep the configuration on.

That is, I have that configuration profile connect to a DNS over TLS server, but when I am at working place, the setting is deactivated, and the DNS server from DHCP is used.

This means I added the following setting to the .mobileconfig file, and deployed it manually.

Code: 
<key>OnDemandRules</key>
<array>
    <dict>
        <key>Action</key>
        <string>Disconnect</string>
        <key>SSIDMatch</key>
        <array>
            <string>[work place SSID]</string>
        </array>
    </dict>
    <dict>
        <key>Action</key>
        <string>Connect</string>
    </dict>
</array>
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back