Skip to content

Instantly share code, notes, and snippets.

Forked from tmslnz/
Created February 3, 2019 03:04
Show Gist options
  • Save aelkz/cabfed5e8980c85d721cb9ef1ff804ee to your computer and use it in GitHub Desktop.
Save aelkz/cabfed5e8980c85d721cb9ef1ff804ee to your computer and use it in GitHub Desktop.
Setting up dnsmasq on OS X

Install dnsmasq

Via brew or other method

Set up DNS resolver order

In order to work on every connection and on any TLD, dnsmasq needs to be the first DNS resolver receving the query.

And since dnsmasq is a local process, all DNS queries need to go to

On macOS, /etc/resolv.conf is automaticaly created, depending on a variety of things (network settings, etc), so it cannot be edited.

The only practical option is to create a new Network Location via Network Preferences, and set all interfaces (Wi-Fi, Thunderbolt Ethernet, etc) to use a static DNS server address.

This can be done via GUI or via Terminal. Mutliple DNS servers can be passed, and will be used in-order.

networksetup -setdnsservers "Wi-Fi"
networksetup -setdnsservers "Bluetooth PAN"
networksetup -setdnsservers "Thunderbolt Ethernet"
networksetup -setdnsservers "Thunderbolt Bridge"

Set up dnsmasq

dnsmasq configuration is simple.

domain-needed         # Only lookup full domains
bogus-priv            # No reverse IP lookups
no-resolv             # Don't use DNS servers listed in resolv.conf
no-poll               # Don't poll changes in resolv.conf
no-hosts              # Don't read /etc/hosts

# Host files

# Wildcard .dev domain

# DNS Servers
server=   # DNS.WATCH
server=        # Google
server=     # Comodo Secure DNS

# Listen for DHCP requests

# TODO: look into forwarding DHCP options from router for captive networks, etc.
# dhcp-option=option:dns-server,,


dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on macOS. Attempting to set these wil prevent dnsmasq to start.

The .dev domain

Another popular use of dnsmasq is to route all whaveter**.dev** requests to, to use for local development environments.

In order for this setup to work, we need:

  1. A new DNS reolver entry in /etc/resolver/
  2. A config line in dnsmasq.conf

For (1) simply create /etc/resolver/dev. The filename dev is used by resolver (5) to determin the domain it applies to (.dev in our case).

The contents of the file would simply be:


Changing and reloading the configurations

Reloading resolver configuration

Changes in the /etc/resolver/* are automatically read and applied.

Reloading dnsmasq configuration

dnsmasq.conf is read once at load. In order to refresh it the dnsmasq service needs to be restarted. homebrew.mxcl. below only applies if dnsmasqwas installed via Homebrew (

sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
sudo sudo launchctl stop homebrew.mxcl.dnsmasq
sudo sudo launchctl start homebrew.mxcl.dnsmasq

Reloading dnsmasq hosts

If you have set dnsmasq to load hosts from external files (addn-hosts=…), then those file changes can be updated by sending SIGHUP to dnsmasq like this:

sudo pkill -SIGHUP dnsmasq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment