Safari does not respect the operating system’s DNS settings, it uses its own. I have seen several reports online that you can disable this behaviour by turning off iCloud Private Relay or disabling Advanced Tracking and Fingerprint Protection, but was never able to do so with various combinations.
> Safari does not respect the operating system’s DNS settings, it uses its own.
I have known this for a long time, and still find it shocking. I run Graphene on a Pixel now (with my own DNS server), so I don't really care, but I feel bad for the hundreds of millions of Apple users who think that Apple is a "privacy-respecting" company.
I don't think this behavior is expected. When I've tested it, I was able to get DNS to behave in the expected manner. Apple does make design decisions that can be frustrating, but in most cases I find 1) there's a way to work around it or 2) the decision was the lesser of two evils.
Absolutely love GOS as well. What are you using for your DNS server?
iCloud Private Relay is the only thing that stops Safari using your NextDNS config, turn that off and you're golden. I've been using NextDNS since it launched, I love it.
We just ran into this testing web filtering with Cloudflare DNS. You are correct that iCloud Private Relay bypasses the configured DNS servers, but there is another spot - the "Advanced Tracking and Fingerprint Protection" that is a setting in Safari (Settings, Safari, Advanced Settings.) It is on by default for the Private Mode browsing.
> iCloud Private Relay is the only thing that stops Safari using your NextDNS config
Maybe that’s true for the NextDNS configuration—I don’t know, I haven’t tested, so I’ll take your word for it—but not true for DNS settings in general.
> turn that off and you're golden.
Unless you want iCloud Private Relay, in which case you’re not.
Safari does not respect the operating system’s DNS settings, it uses its own. I have seen several reports online that you can disable this behaviour by turning off iCloud Private Relay or disabling Advanced Tracking and Fingerprint Protection, but was never able to do so with various combinations.
> Safari does not respect the operating system’s DNS settings, it uses its own.
I have known this for a long time, and still find it shocking. I run Graphene on a Pixel now (with my own DNS server), so I don't really care, but I feel bad for the hundreds of millions of Apple users who think that Apple is a "privacy-respecting" company.
I don't think this behavior is expected. When I've tested it, I was able to get DNS to behave in the expected manner. Apple does make design decisions that can be frustrating, but in most cases I find 1) there's a way to work around it or 2) the decision was the lesser of two evils.
Absolutely love GOS as well. What are you using for your DNS server?
I run Unbound on my server for DNS.
How are you setting DNS and on which platform? I've tested this extensively and it does work in my experience.
iCloud Private Relay is the only thing that stops Safari using your NextDNS config, turn that off and you're golden. I've been using NextDNS since it launched, I love it.
We just ran into this testing web filtering with Cloudflare DNS. You are correct that iCloud Private Relay bypasses the configured DNS servers, but there is another spot - the "Advanced Tracking and Fingerprint Protection" that is a setting in Safari (Settings, Safari, Advanced Settings.) It is on by default for the Private Mode browsing.
> iCloud Private Relay is the only thing that stops Safari using your NextDNS config
Maybe that’s true for the NextDNS configuration—I don’t know, I haven’t tested, so I’ll take your word for it—but not true for DNS settings in general.
> turn that off and you're golden.
Unless you want iCloud Private Relay, in which case you’re not.
It’s is.
It’s not, and a basic “Safari DNS” web search shows you it’s not.