Category Archives: Mac

How to do DNS over HTTPS with macOS

My last post detailed how you set up DNS over HTTPS (DoH) for a client Raspberry Pi. I mentioned that I tried this out first on a Mac, and so I’ve been asked to show how running DoH on macOS works. Here goes.

DNS-over-HTTPS on a Mac via a local DNS proxy
DNS-over-HTTPS on a Mac via a local DNS proxy

Once again, I’ll be using Cloudflare’s cloudflared DNS proxy, installed locally. On a Mac, install it using Homebrew with Cloudflare’s own Tap. This assumes, of course, that you have Homebrew installed — if not, click on this link above to do so. Now open up macOS’ Terminal app and run:

brew install cloudflare/cloudflare/cloudflared
Install cloudflared on a Mac using Homebrew
Install cloud flared with Homebrew

PS. If you’re interested in maintaining your own Homebrew Tap, check out this earlier post.

Now create a cloudflared configuration file as follows:

mkdir /usr/local/etc/cloudflared
nano  /usr/local/etc/cloudflared/config.yaml

When the file is open in the editor, paste in the following config:

proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://8.8.8.8/dns-query
Write the cloudflared config file in the nano text editor
Write the cloudflared config file

Once again, I’ve included Cloudflare’s DoH lookup URL and Google’s as the backup. Change them round or replace them entirely, as you prefer. The file itself is created at the default location for cloudflared’s configuration file.

DoH needs cloudflared to run at start up, and the macOS version of the proxy is geared up to make this happen for you. To get it to do so, just run this command:

sudo cloudflared service install
cloudflared can set itself up to run at startup
cloudflared can set itself up to run at startup

This does all the remaining setup you need. Specifically, it creates a macOS launch daemon in /Library/LaunchDaemons and starts it straight away. You can test it now with:

dig @127.0.0.1 apple.com AA

Note dig should be already installed on you Mac.

We point dig at localhost because that’s where the cloudflared’s service setup code exposes it. So all we need do now is set macOS to issue DNS queries to that address. Go to System Preferences > Network > Advanced > DNS and set your network connection’s primary DNS server’s address to 127.0.0.1. Click on the + button under the DNS Servers: box and enter the IP address in the space provided. Make sure the new address is at the top of the list: if necessary drag the entry up there. 

Specify the system-wide DNS server address in System Preferences
Specify the system-wide DNS server address in System Preferences

Click OK and then, back at the panel’s main page, Apply.

You’ll need to set the DNS server address for every network you use. For example, I happen to have a couple of wireless networks I connect to regularly, so I’ve set the DNS for each to localhost as shown above.

Once again, use dig to test it. This time you don’t need to provide the server address because that’ll be handled by your Mac’s network subsystem:

dig apple.com AA

Look for the last section of the output. You should see the query’s DNS server set to 127.0.0.1#53.

If it doesn’t work, check your config.yaml file’s contents and that you saved your DNS preferences for the WiFi or Ethernet network you’re currently using.

Network location, location, location

The question the inevitably comes at this point is: fine, but how do I use my Pi-Hole at home and my local DNS proxy when I’m elsewhere? Easy — utilise that ‘been around for ages but is little known or used’ macOS feature, network locations.

Pop back to the System Preferences > Network, but this time click on the Location menu at the top and select Edit Locations…. The location Automatic will be selected, so select Duplicate Location from the action menu toward the bottom of the panel:

Create a new, DoH-specific network location
Create a new, DoH-specific network location

When the duplicate comes up, it’ll be selected. Double-click on it to changed its name to, say, Home. Hit Enter and then click Done. You can now edit your WiFi networks’ DNS addresses for your home network’s Pi-Hole. This leaves you with two network locations: Automatic, set up for the local DNS proxy, and Home which accesses DNS via Pi-Hole. You might want to go change Automatic to Away.

Whatever your locations are called, you can switch between them by selecting the one you want from the Location sub-menu which is now available under the main Apple menu:

With extra locations in place, you can select them from the Apple menu
With extra locations in place, you can select them from the Apple menu

Flip between the two and use dig to check DNS queries are being served correctly. Done.

PreviewCode 1.2.0 released to support user-requested programming data file types

PreviewCode, my macOS Finder source code and data file preview app, has had a major update to support a bunch of developer-oriented file types requested by users. The new version, 1.2.0, is available now from the macOS App Store.

PreviewCode’s main UI
Continue reading

Tackle async signal safety in Swift

How do you safely interrupt a command-line program written in Swift? This question was posed to me this week by a reader who got in touch to point out that boilerplate code included in my How to write macOS command line tools in Swift post might not be totally safe: it could leave a program and system in an undefined state, which is never a good thing. So I took a closer look.

Continue reading

Looking for syntax highlighted QuickLook code previews? Look no further

I’d like to introduce you to the latest member of the PreviewApp family: PreviewCode, which provides syntax-coloured QuickLook previews and Finder icon thumbnails for over 50 programming languages, including Swift, Objective-C, C++, Rust, JavaScript and Python, and data file types for macOS. You can choose to preview your source code any of 100 dark and light themes.

Previewed code courtesy of PreviewCode
Continue reading

Stay ahead of git with this sharp script

I work on quite a few git repositories at once, and I don’t always commit changes in one before making changes to another. Or if I do, I don’t always push the changes up straight away. That might not be best practice in software development, but hey, it’s what I do. The issue for me is remembering what state each repo is in. Here’s the script I use to tell me.

Continue reading

MNU now supports Mac terminal emulator iTerm2

MNU, my macOS menu bar utility that lets you call up regularly used command line operations and more, now supports iTerm2, the popular alternative to macOS’ own Terminal app.

MNU in action
MNU in action
Continue reading

Crop picture files with confidence and pixel-precise offsets, using sips and imageprep

I recently had a rather large number of screenshots to process: specifically to crop them down to a small area about a third of screen width in and two-thirds of its height down. I could have done this manually, but it’s easy enough to make mis-crops when you’re cropping a couple of images by eye, let alone a 100 or so. The solution? Get your Mac to do it for you. Here’s how.

imageprep 6.30
Continue reading

How to fix ‘xcodebuild’ macOS Terminal slowdowns

For a while, running commands and scripts in macOS’ Terminal has felt slower than it should, especially when opening Terminal for the first time. Clearly my .zshrc file was being run, but there was a very noticeable pause between the completion of the script and before the prompt appeared. The gap was much less on my M1 Mac than my Intel machine, but still noticeable. Got the same problem? Here’s how to fix it.

macOS Terminal
Continue reading

Looking for YAML macOS QuickLook file previews? With PreviewYaml 1.0.0, you got ’em!

Last week I announced the release of a new version of PreviewMarkdown that will preview YAML front matter in Markdown files. Work on that release prompted me to code a new app that enables QuickLook previews and Finder icon thumbnails of YAML files.

QuickLook previews and icon thumbnails of YAML files can now be yours
Continue reading

Now available: PreviewMarkdown 1.3.0 with YAML support

Version 1.3.0 of PreviewMarkdown has just been released. Its key new feature: you now have the option to view YAML front matter in Markdown file previews. This is really handy if, like me, you use a static site generator and use YAML to record content metadata at the top of your Markdown page files.

With PreviewMarkdown 1.3.0, you can now preview files’ YAML content too
Continue reading