This is a guide to use the new cloudflare's 1.1.1.1 DNS resolver on mac, using DNS over TLS on standard port 853.
Note: This is different from the guide on https://1.1.1.1/, simply setting dns server does not provide TLS security for the initial request to the DNS resolver (so your roommates using your wifi can still see what you are browsing!). In order to have the best privacy out of cloudflare's 1.1.1.1, we have to send the request over port 853.
brew install stubby
open the config file in
/usr/local/etc/stubby/stubby.yml
replace everything in the upstream_recursive_servers: section with just:
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
Settings -> Network -> Advanced... -> DNS -> DNS Servers, click on + and add 127.0.0.1.
Start the Stubby daemon and that's it!
sudo brew services start stubby
You can see that all out going traffic to 1.1.1.1 are now encrypted
Settings -> Network -> Advanced... -> DNS -> DNS Servers, click on - then
sudo brew services stop stubby
You might have some folder permission issues while installing Stubby on High Sierra. Try the following
sudo chown -R whoami:admin PATH_TO_DIRECTORY_IT_CAN'T_SYMLINK
e.g. sudo chown -R whoami:admin /usr/local/share
Then do:
brew unlink stubby && brew link stubby
(Thanks Jason for figuring it out)
https://dnsprivacy.org/wiki/pages/viewpage.action?pageId=3145812