As Cloudflare announced their 188.8.131.52 DNS service yesterday, I decided to give it a try. There are two reasons for that: They promise not to log your requests and it seems that it is the fastest DNS service available (another source).
When you visit any website, even though it is encrypted, the name of the server usually goes unencrypted and everyone (your ISP, the free wifi provider like the cafeteria you are in, etc.) sees the domain name.
So, how do you set it up on your macOS? The official guidelines are somehow “hacky” and I use homebrew, so I don’t want to install stuff outside of homebrew. If you don’t use homebrew on your Mac, follow the instructions to set it up first.
brew install dnscrypt-proxy
Next edit /usr/local/etc/dnscrypt-proxy.toml and change line starting with server_names to
server_names = ['cloudflare']
If you are especially lazy and don’t want to edit the file, you can do this (paste with newlines):
patch /usr/local/etc/dnscrypt-proxy.toml << EOF --- dnscrypt-proxy.toml.orig 2018-04-02 15:17:45.000000000 +0200 +++ dnscrypt-proxy.toml 2018-04-02 14:59:31.000000000 +0200 @@ -22,7 +22,7 @@ ## The proxy will automatically pick the fastest, working servers from the list. ## Remove the leading # first to enable this; lines starting with # are ignored. -# server_names = ['scaleway-fr', 'google', 'yandex'] +server_names = ['cloudflare'] ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. EOF
Then just start it and make sure it starts on boot:
sudo brew services start dnscrypt-proxy
Try it out:
dig www.paralelnapolis.sk @localhost
And then go to System Preferences / Network / Advanced and make sure that the only line in your DNS section is 127.0.0.1 (if you add, it will probably remove anything you had there).
Enjoy possibly faster and more private browsing!