You can change the DNS on your Mac and lock your settings to prevent changes. This video shows you how to change DNS on a Mac via a Terminal.
Changing The Mac DNS via Terminal
Mac’s allow you to quickly change the DNS via the Settings->Network>Network Name>DNS screen.
This is approach is quick and easy, but sometimes we want to enforce some of the changes and prefer to do it via the terminal. This is especially helpful for individuals, organizations, doing this across multiple devices.
These tips require a basic understanding of the Mac terminal application, and are considered to be more advanced. You can also follow our step-by-step setup for Mac here.
This guide will show you how to use terminal to update your DNS nameservers.
The Networksetup Utility
Macs come with the networksetup command line (CLI) utilities. This utility allows a user to configure the network on a MacOS. That’s all you will use to change your devices DNS nameservers and prevent users from making changes.
Step 1 – Identify Your Interfaces
Identifying the interface you are working with is critical. It will tell you what is active, and what you are using.
Via your terminal application, run the networksetup utility with the list all network services option:
$ sudo networksetup -listallnetworkservicesThis will give you a response that looks like this:
An asterisk (*) denotes that a network service is disabled.
USB ACM
Thunderbolt Ethernet Slot 1
USB 10/100/1000 LAN
USB 10/100/1000 LAN 2
Wi-Fi
Bluetooth PAN
Thunderbolt BridgeMore often than not, you will be using the “Wi-Fi” interface, that’s how you are connecting to the internet. This can change, depending on your local configuration.
Step 2 – Update Interface with New DNS
In our instance, we are using the “Wi-Fi” interface so we can now use the networksetup utility with the set dns servers option:
 
networksetup -setdnsservers (Network Service) (DNS IP)This translates to something like this if you’re updating the Wi-Fi interface:
$ sudo networksetup -setdnsservers Wi-Fi 185.228.168.168That will force the Wi-Fi interface to use the CleanBrowsing DNS (e.g., 185.228.168.168 / Family Filter).
You can also set multiple DNS servers at the same time (assume Primary and Secondary):
$ sudo networksetup -setdnsservers Wi-Fi 185.228.168.168 185.228.169.168If you have a paid account, you will replace the values above with the values provided in your account.
Helptful Networksetup Tips & Tricks
This utility gives you some other features you might find helpful.
Option 1: Fallback to DHCP
Maybe you want to fall bak to DHCP, removing the values you just set. You can run something like this:
networksetup -setdnsservers Wi-FiOption 2: Verify DNS values
Maybe you want to verify the values set on the Wi-Fi interface. In this instance you can use the -getdnsservers option like this:
networksetup -getdnsservers Wi-Fi
185.228.168.168