Do not use this guide. The dnscrypt protocol and dnscrypt-proxy configuration file have changed a lot since I wrote this gist. Check the following links for help:
- Install DNSMasq
$ brew install dnsmasq
- Install DNSCrypt-proxy
$ brew install dnscrypt-proxy
-
Configure
-
/usr/local/etc/dnsmasq.conf ⬇
-
/Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist ⬇
-
/Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ⬇
-
Reload
dnscrypt-proxy
service$ cd /Library/LaunchDaemons/ $ sudo launchctl unload homebrew.mxcl.dnscrypt-proxy.plist && sudo launchctl load homebrew.mxcl.dnscrypt-proxy.plist
-
Reload
dnsmasq
service$ sudo launchctl unload homebrew.mxcl.dnsmasq.plist && sudo launchctl load homebrew.mxcl.dnsmasq.plist
-
Set DNS IP: 127.0.0.1
$ scutil --dns
...
resolver #1
search domain[0] : openvpn
nameserver[0] : 127.0.0.1
flags : Request A records, Request AAAA records
reach : Reachable,Local Address
...
$ nslookup -type=txt debug.opendns.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
debug.opendns.com text = "server 7.ams"
debug.opendns.com text = "flags 20 0 2f4 800000000000000"
debug.opendns.com text = "id 0"
debug.opendns.com text = "source xxx.xxx.xxx.xxx:xxxxx"
debug.opendns.com text = "dnscrypt enabled (xxxxxxxxxxxxxxxx)"
Authoritative answers can be found from:
@jamesacampbell This might be very late to the game, but I just came across this and I think by default you can't make
dsnmasq
anddnscrypt-proxy
work together, for a simple reason that they both want to listen to port 53. This gist points out that all you need to do is to makednscrypt-proxy
on another port (here is 40), then pointdnsmasq
to127.0.0.1#40
for upstream DNS server, while NOT trying any other DNS servers specified in the system.