Clarify macOS DNS, use consistent style (#1006)

Signed-off-by: Daniel Gray <dng@disroot.org>

docs/dns.en.md

@@ -37,31 +37,39 @@ The criteria for the servers listed above are:
 
 ### Android
 
-Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS. The settings can be found in: *Settings* → *Network & Internet* → *Private DNS*.
+Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**.
 
 ### Apple Devices
 
 The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings).
 
 After installation of either a configuration profile or an app that utilizes the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
 
-- **iOS/iPadOS:** *Settings → General → VPN, DNS, & Device Management → DNS*
-- **macOS:** *System Preferences → Profiles* & *System Preferences → Network*
-- **tvOS:** *Settings → General → Privacy →* hover on "*Share Apple TV Analytics*" → press the play button on the remote
+#### Signed Profiles
 
-Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html).
+Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
 
-- **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
+#### iOS/iPadOS
+
+Select **Settings** → **General** → **VPN, DNS, & Device Management** → **DNS**
+
+#### macOS
+
+Select **System Preferences → Profiles** or **System Preferences** → **Network** → **Advanced**, (depending on if you have configuration profiles installed).
+
+#### tvOS
+
+Select **Settings** → **General** → **Privacy** → **Share Apple TV Analytics** → then press the *Play* button on the remote.
 
 ### Windows
 
 Windows users can [turn on DoH](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support) by accessing Windows settings in the control panel.
 
-Select *Settings* → *Network & Internet* → *Ethernet* or *WiFi*, → *Edit DNS Settings* → Preferred DNS encryption → *Encrypted only (DNS over HTTPS)*.
+Select **Settings** → **Network & Internet** → **Ethernet or WiFi**, → **Edit DNS Settings** → **Preferred DNS encryption** → **Encrypted only (DNS over HTTPS)**.
 
 ### Linux
 
-`systemd-resolved` doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639), which many Linux distributions use to do their DNS lookups. If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
+`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
 
 ## Encrypted DNS Proxies