Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Install Cloudflare DoH (DNS over HTTPS) for macOS

Cloudflare DoH (DNS over HTTPS)

Currently all DNS queries are being queried over normal HTTP that can be intercepted and the hacker/scammer can then respond with a different IP address, misleading you to a clone of the original website that the hacker owns. This can be avoided by installing Cloudflare's own app, cloudflared, on your machine to route all your DNS queries over HTTPS which is secure and can't be altered. It's also a lot faster! 💡 Learn More

This is a guide on how to install cloudflared to query Cloudflare's DNS server over an HTTPS connection.

👨‍🔧 Installation

  1. Install Homebrew if you don't have it
  2. brew install cloudflare/cloudflare/cloudflared
  3. sudo mkdir /etc/cloudflared
  4. sudo nano /etc/cloudflared/config.yaml and paste in 1 of the following:

For open and unprotected browsing:

proxy-dns: true
proxy-dns-upstream:
  - https://1.1.1.1/dns-query
  - https://1.0.0.1/dns-query

To block malware:

proxy-dns: true
proxy-dns-upstream:
  - https://1.1.1.2/dns-query
  - https://1.0.0.2/dns-query

To block malware & adult content:

proxy-dns: true
proxy-dns-upstream:
  - https://1.1.1.3/dns-query
  - https://1.0.0.3/dns-query
  1. sudo cloudflared service install

Test: dig +short @127.0.0.1 cloudflare.com AAAA

You should see these IPv6 addresses of cloudflare.com :

2606:4700::6810:84e5
2606:4700::6810:85e5
  1. (optional) Open 2 tabs with this address and only refresh the 2nd tab after you changed your DNS settings to see the difference between your old settings and new settings : https://1.1.1.1/help

⚙️ Change your DNS

  • System Preferences
  • Network
  • Select your internet connection (WiFi/Ethernet)
  • Advanced
  • DNS tab
  • Click on + button, bottom left
  • Add 127.0.0.1 and hit enter
  • OK
  • Apply

🚀 Test DNS over HTTPS

Visit https://1.1.1.1/help and you should see:

Debug Information
Connected to 1.1.1.1 Yes
Using DNS over HTTPS (DoH) Yes
Using DNS over TLS (DoT) No

💡 More info:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment