Via brew or other method
Set up DNS resolver order
In order to work on every connection and on any TLD,
dnsmasq needs to be the first DNS resolver receving the query.
dnsmasq is a local process, all DNS queries need to go to
/etc/resolv.conf is automaticaly created, depending on a variety of things (network settings, etc), so it cannot be edited.
The only practical option is to create a new Network Location via Network Preferences, and set all interfaces (Wi-Fi, Thunderbolt Ethernet, etc) to use a static DNS server address.
This can be done via GUI or via Terminal. Mutliple DNS servers can be passed, and will be used in-order.
networksetup -setdnsservers "Wi-Fi" 127.0.0.1 networksetup -setdnsservers "Bluetooth PAN" 127.0.0.1 networksetup -setdnsservers "Thunderbolt Ethernet" 127.0.0.1 networksetup -setdnsservers "Thunderbolt Bridge" 127.0.0.1
Set up dnsmasq
dnsmasq configuration is simple.
domain-needed # Only lookup full domains bogus-priv # No reverse IP lookups no-resolv # Don't use DNS servers listed in resolv.conf no-poll # Don't poll changes in resolv.conf no-hosts # Don't read /etc/hosts # Host files addn-hosts=/etc/hosts-a addn-hosts=/etc/hosts-b # Wildcard .dev domain address=/dev/127.0.0.1 # DNS Servers server=22.214.171.124 # DNS.WATCH server=126.96.36.199 # Google server=188.8.131.52 # Comodo Secure DNS # Listen for DHCP requests listen-address=127.0.0.1 # TODO: look into forwarding DHCP options from router for captive networks, etc. # dhcp-option=option:dns-server,0.0.0.0,10.10.10.1
hostsdir are not supported on macOS. Attempting to set these wil prevent
dnsmasq to start.
The .dev domain
Another popular use of dnsmasq is to route all whaveter**.dev** requests to
127.0.0.1, to use for local development environments.
In order for this setup to work, we need:
- A new DNS reolver entry in
- A config line in
For (1) simply create
/etc/resolver/dev. The filename
dev is used by
resolver (5) to determin the domain it applies to (
.dev in our case).
The contents of the file would simply be:
Changing and reloading the configurations
Reloading resolver configuration
Changes in the
/etc/resolver/* are automatically read and applied.
Reloading dnsmasq configuration
dnsmasq.conf is read once at load. In order to refresh it the
dnsmasq service needs to be restarted.
homebrew.mxcl. below only applies if
dnsmasqwas installed via Homebrew (https://brew.sh/)
sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist sudo sudo launchctl stop homebrew.mxcl.dnsmasq sudo sudo launchctl start homebrew.mxcl.dnsmasq
Reloading dnsmasq hosts
If you have set
dnsmasq to load hosts from external files (
addn-hosts=…), then those file changes can be updated by sending
dnsmasq like this:
sudo pkill -SIGHUP dnsmasq