All that stuff I said before in Internet Address Lookup Security? Well, that’s the old way and probably doesn’t even work anymore. At least, that’s how it appeared to me and sent me off to find the new solution: DNSCrypt version 2.
remove the other stuff
# brew install dnscrypt-proxy
# sudo brew services start dnscrypt-proxy
add 127.0.0.1 to DNS
After upgrading to High Sierra 10.13.5, DNSCrypt was hanging a lot. It didn’t look like it had been working right lately anyway and now it was time to take another look. It took some digging since the old page loads some other info now and didn’t point to the new version.
1. DNSCrypt Proxy
On DNSCrypt.info go to Implementations to find the first link under All Platforms for DNSCrypt-Proxy. This takes you directly to the github page where the new version of this project is now maintained. There are also direct links to Installation Instructions and Download. I used the shortcut described next.
First, if you used the previous guide, remove that stuff first. There’s no longer a macOS installer, but you can use those handy instructions linked above to guide you through the steps. However, hopefully you have already needed to do technical installations like this and have Homebrew installed. For example, I recently wanted to use telnet but found it is no longer included in macOS. A simple Homebrew command was all it took. So if you have Homebrew here are the simple steps.
brew install dnscrypt-proxy
Running this command from Terminal will get and install dnscrypt-proxy and all of its required files.
sudo brew services start dnscrypt-proxy
This command starts dnscrypt-proxy and makes it start automatically later. It needs to be run with sudo as a system-level service.
2. Change Network Preferences DNS
In Network Preferences > Advanced > DNS add 127.0.0.1 so all DNS requests are routed locally which is handled by the local dnscrypt-proxy service. This is fairly technical but if you click the plus (+) and add that number your Mac will now use dnscrypt, securing all internet address lookups. If you have other manual entries there you should remove them.
You’re done! Run a couple commands and change Network Settings. Pretty easy!
3. Easy DNSCrypt Proxy Changes
For simple dnscrypt-proxy changes, add BitBar and the dnscrypt-proxy switcher BitBar plugin.
Get BitBar if you don’t already have it (download). Unzip, put in Applications, run, and create a plugins folder. I clicked New Folder, went to Home, created “bitbar plugins”, then clicked the Use button. It automatically adds itself to Login Items so it will start automatically later. This allows you to add just about anything to your menu bar.
Add the dnscrypt-proxy switcher Bitbar plugin. Using the “Add to BitBar” button on that page makes this a simple step. Now you can easily change dnscrypt-proxy right from the menu bar.