野声

Hey, 野声!

谁有天大力气可以拎着自己飞呀
twitter
github
HomeArchivesShortsPortfoliosFriendsAbout

Configure DNS Over HTTPS on MacOS

#DoH#MacOS#DNS3293
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author recently set up DoH (DNS over HTTPS) on their MacOS device and documented the process. They explored different options such as using smartdns or dnscrypt-proxy + dnsmasq. They also developed a uTools plugin for quick DNS switching. The article explains what DoH is and provides instructions for using smartdns-rs or dnsmasq + dnscrypt-proxy. It also includes installation steps and configuration details for both options. The author recommends using dnscrypt-proxy with an alidns configuration.

Recently, I have been tinkering with setting up DoH locally on MacOS, so I will record the process.

There are different solutions, such as using smartdns or dnscrypt-proxy + dnsmasq.

I also wrote a uTools plugin to quickly switch DNS.

What is DoH#

To understand what DoH is, you can refer to: https://en.wikipedia.org/wiki/DNS_over_HTTPS.

Using smartdns-rs#

smartdns-rs is a cross-platform local DNS server written in Rust. It obtains the fastest website IP and provides the best internet experience. It supports DoH and DoT.

Open source on GitHub: https://github.com/mokeyish/smartdns-rs

Using this software makes it very convenient to use DoH.

Download the binary file for your system from the releases page, unzip it, and then execute:

At this point, the software will install itself to /usr/local/bin/smartdns, and in the future, you only need to execute smartdns to control the behavior of the service.

The default configuration file used by the service is: /usr/local/etc/smartdns/smartdns.conf. You can check the official documentation for specific parameters:

Simply add the following configuration to the bottom of this file:

smartdns will listen on port 53 of the local machine by default.

Using dnsmasq & dnscrypt-proxy#

The tools used are dnscrypt-proxy + dnsmasq.

dnscrypt-proxy is responsible for initiating DoH requests.

dnsmasq is a lightweight domain name resolution server that forwards DNS requests to dnscrypt-proxy and forwards domain names within certain company domains to upstream DNS distributed by the router.

Installing dnsmasq and dnscrypt-proxy#

Installation is simple, using brew:

Installing locationchanger#

Execute:

Then paste the following code at the end of the location changer script /usr/local/bin/locationchanger:

This way, the script will run when we connect to the network.

Then create a file $HOME/.locations/default:

The content is as follows:

This command will write the DNS issued by the router to the file $HOME/upstream.conf.

Then manually execute locationchanger once to generate this file.

Configuration#

Configuring dnsmasq#

Check where brew prompts you for the configuration file, for example, on my M1 Mac, brew prompts that the configuration file is located at /opt/homebrew/etc/dnsmasq.conf:

Then modify the contents of this configuration file:

Configuring dnscrypt-proxy#

The configuration file address for M1 Mac is: /opt/homebrew/etc/dnscrypt-proxy.toml

Here is my personal configuration. I only keep one DoH from Alibaba Cloud, and I comment out all the contents under sources. This way, the startup will be much faster.

If you keep the contents under sources, the software will have to find the fastest DNS every time it starts, which takes a long time.

References#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.