Skip to content

Instantly share code, notes, and snippets.

@riipandi

riipandi/_readme.md

Forked from irazasyed/1-dnsmasq-dnscrypt-proxy-setup.md
Last active August 17, 2020 20:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save riipandi/0e4748c1cfeaf5378ff816953ca673b2 to your computer and use it in GitHub Desktop.
Save riipandi/0e4748c1cfeaf5378ff816953ca673b2 to your computer and use it in GitHub Desktop.
Download ZIP
DNSCrypt + dnsmasq-proxy + Laravel Valet
Raw
_readme.md

Setup dnsmasq with Cloudflare on macOS

Using Laravel Valet for localhost development, So it installs dnsmasq with it. dnsmasq runs on port 53, The default DNS port. So we setup dnscrypt-proxy on port 5300 with the default config files in this gist.

dnscrypt-proxy Installation

brew install dnscrypt-proxy

dnscrypt-proxy Config

Open /usr/local/etc/dnscrypt-proxy.toml file in your fav. editor and replace the content with the one from this gist and save it.

Start dnscrypt-proxy and add it to load when system boots up.

sudo brew services start dnscrypt-proxy

dnsmasq Config

Open /usr/local/etc/dnsmasq.conf file in your editor and replace the content with the one from this gist and save it. Restart dnsmasq for changes to take reflect.

sudo brew services restart dnsmasq

Final Step

It's now time to update your DNS to local DNS server by adding 127.0.0.1 in your System Preferences > Network > Advanced > DNS > DNS Servers.

Optional

Get BitBar and install dnscrypt-proxy-switcher plugin to control dnscrypt-proxy from your menu bar.

Raw
dnscrypt-proxy.toml
# dnscrypt-proxy was setup using homebrew
# Config Path:
# curl -L# https://git.io/JJ4mA -o /usr/local/etc/dnscrypt-proxy.toml
server_names = ['NextDNS-xxxxxx']
# server_names = ['adguard-dns', 'cisco', 'cloudflare']
listen_addresses = ['127.0.0.1:5300', '[::1]:5300']
max_clients = 120
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
doh_servers = true
require_dnssec = true
require_nolog = true
require_nofilter = false
force_tcp = false
timeout = 2500
keepalive = 30
cert_refresh_delay = 240
fallback_resolvers = ['203.142.82.222:53', '203.142.84.222:53']
ignore_system_dns = true
netprobe_timeout = 30
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
block_ipv6 = false
cache = true
cache_size = 512
cache_min_ttl = 600
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
[query_log]
# file = '/var/log/dnscrypt-proxy/query.log'
format = 'tsv'
[nx_log]
# file = '/var/log/dnscrypt-proxy/nx.log'
format = 'tsv'
[blacklist]
[ip_blacklist]
[whitelist]
[schedules]
[sources]
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
[static]
[static.'NextDNS-xxxxxx']
stamp = 'sdns://_nextdns_stamp_'
Raw
dnsmasq.conf
# Installed with Homebrew (Laravel Valet)
# Config Path: /usr/local/etc/dnsmasq.conf
port=53
server=/welcome2.wifi.id/118.98.44.10
server=127.0.0.1#5300
#interface=eth0
no-resolv
bogus-priv
strict-order
localise-queries
cache-size=10000
#addn-hosts=/etc/pihole/local.list
#addn-hosts=/etc/pihole/custom.list
#log-queries
#log-facility=/var/log/dnsmasq.log
#local-ttl=2
#log-async
#conf-dir=/etc/dnsmasq.d
conf-dir=/usr/local/etc/dnsmasq.d/,*.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment