HostuxDNS

Encrypted DNS on macOS

Overview

macOS can use HostuxDNS in two different ways. The most universal method is a configuration profile, which also works on iPhone and iPad. On macOS Ventura and later, you can also configure encrypted DNS directly in System Settings without installing a profile.

This guide covers both methods and explains when to use DoH or DoT.

Option 1: install a configuration profile

A configuration profile is the easiest option if you want a simple setup or if your macOS version does not expose encrypted DNS directly in the interface.

  1. Download the profile with Safari.
  2. Open the downloaded file and review the profile details.
  3. Approve the installation when macOS asks for confirmation.
  4. Once installed, the encrypted DNS resolver is applied system-wide.

Option 2: configure DoH or DoT in System Settings

On macOS 13 Ventura and later, you can enter the encrypted resolver directly:

  1. Open System Settings > Network.
  2. Select your active interface, then click Details.
  3. Open the DNS tab.
  4. Add one of the following:
    • https://dns.hostux.net/dns-query for DoH
    • dns.hostux.net for DoT
  5. Apply the change and close the panel.

Apple documentation for network DNS settings

Ad and tracker blocking

If you configure DoH manually, you can use the filtering endpoint:

  • https://dns.hostux.net/ads for DoH with ad and tracker blocking

Manual DoT setup only accepts the hostname, so there is no path-based filtering in that mode. If you want filtering with DoT, use the dedicated configuration profile instead.

Notes

Which method should you choose?
Use a profile if you want the simplest setup or if you also manage Apple mobile devices. Use the built-in settings if you prefer a manual macOS-only configuration.
DoH or DoT?
DoH is more flexible because it supports the /ads filtering endpoint. DoT is simpler if you want to configure only a hostname.
System-wide coverage
Both methods apply at the operating system level, so browsers and most applications use the same encrypted resolver.

See also

DNS over HTTPS in Firefox Private DNS on Android DoH vs DoT