Currently all DNS queries are being queried over normal HTTP that can be intercepted and the hacker/scammer can then respond with a different IP address, misleading you to a clone of the original website that the hacker owns.
This can be avoided by installing Cloudflare's own app, cloudflared
, on your machine to route all your DNS queries over HTTPS which is secure and can't be altered. It's also a lot faster! 💡 Learn More
This is a guide on how to install cloudflared
to query Cloudflare's DNS server over an HTTPS connection.
- Install Homebrew if you don't have it
brew install cloudflare/cloudflare/cloudflared
sudo mkdir /etc/cloudflared
sudo nano /etc/cloudflared/config.yaml
and paste in 1 of the following:
For open and unprotected browsing:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
To block malware:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.2/dns-query
- https://1.0.0.2/dns-query
To block malware & adult content:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.3/dns-query
- https://1.0.0.3/dns-query
sudo cloudflared service install
Test: dig +short @127.0.0.1 cloudflare.com AAAA
You should see these IPv6 addresses of cloudflare.com :
2606:4700::6810:84e5
2606:4700::6810:85e5
- (optional) Open 2 tabs with this address and only refresh the 2nd tab after you changed your DNS settings to see the difference between your old settings and new settings : https://1.1.1.1/help
- System Preferences
- Network
- Select your internet connection (WiFi/Ethernet)
- Advanced
- DNS tab
- Click on + button, bottom left
- Add
127.0.0.1
and hit enter - OK
- Apply
Visit https://1.1.1.1/help and you should see:
Debug Information | |
---|---|
Connected to 1.1.1.1 | Yes |
Using DNS over HTTPS (DoH) | Yes |
Using DNS over TLS (DoT) | No |