When deployed, the web protection service handles all DNS requests generated on a macOS computer.
In more complex networking environments,"split-DNS" handling, where DNS request routing is prescribed based on your specific networking requirements, may be required.
The DNS Settings profile used by the web protection service enables two levels of control that you may adopt based upon your networking requirements:
Disabling web protection completely under specific network conditions.
Configuring specific domains to always bypass the web protection service.
Both of these configurations rely on the DNS Settings profile's On Demand rules parameter. These rules are constructed using XML and must be crafted manually either in your UEM/MDM solution's UI or by editing the profile downloaded from Jamf Security Cloud before being uploaded to your UEM or MDM solution. In either case, it is important that you test the profile changes on test devices to ensure proper behavior before deploying to production.