![Dnscrypt Dnscrypt](/uploads/1/2/1/4/121426885/454664834.jpg)
While I usually use a VPN in public places like cafes, I don't always do on networks I trust more, like my home or University. Nearly all of my network traffic is encrypted thanks to HTTPS, so my DNS requests are the only plaintext data I sent out in the wild.
Contribute to alterstep/dnscrypt-osxclient development by creating an account on GitHub. Since macOS does not natively support DoH or DoT, I use dnscrypt-proxy, a DNS proxy written in Go by the great Frank Denis, which support DoH and DNSCrypt as you would expect. DNSCrypt/dnscrypt-proxy dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
I've been using DNS-over-TLS (DoT) on my Android phone for nearly 2 years thanks to Android's native DoT support since version 9. After doing a little bit of research a while ago, I thought it would be a hassle to use an encrypted DNS protocol on my MacBook, but it turns out to be very simple.
Since macOS does not natively support DoH or DoT, I use dnscrypt-proxy, a DNS proxy written in Go by the great Frank Denis, which support DoH and DNSCrypt as you would expect.
It is available via Homebrew:
Once that's done you'll want to edit
/usr/local/etc/dnscrypt-proxy.toml
. Well, it will work out of the box, but I wanted to use a different resolver.Dnscrypt For Mac
I want to filters ads and trackers at the DNS level so I use AdGuard. The id of this resolver is
adguard-dns-doh
. The whole list is available on the DNSCrypt website.Let's see if
dnscrypt-proxy
can resolve domains:![Dnscrypt For Mac Dnscrypt For Mac](/uploads/1/2/1/4/121426885/725522679.jpg)
Dnscrypt For Macrame
Now let's start the service and register it so that it will automatically start during the next boot:
If you're using Wi-Fi, you can set the resolver from the command line:
Dnscrypt For Mac
Otherwise, go the the system preferences and set it yourself.
Now, by issuing a simple
dig
we can see that 127.0.0.1
is able to resolve DNS queries.Dnscrypt For Macbook Air
To see if all the queries are going through
dnscrypt-proxy
, you can stop the service and check that you're not able to resolve anything.Congrats, your DNS queries are a little more private now.