Currently all DNS queries are being queried over normal HTTP that can be intercepted and the hacker/scammer can then respond with a different IP address, misleading you to a clone of the original website that the hacker owns.
This can be avoided by installing Cloudflare's own app, cloudflared, on your machine to route all your DNS queries over HTTPS which is secure and can't be altered. It's also a lot faster! π‘ Learn More
This is a guide on how to install cloudflared to query Cloudflare's DNS server over an HTTPS connection.
- Install Homebrew if you don't have it
brew install cloudflare/cloudflare/cloudflaredsudo mkdir /etc/cloudflaredsudo nano /etc/cloudflared/config.yamland paste in 1 of the following:
For open and unprotected browsing:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
To block malware:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.2/dns-query
- https://1.0.0.2/dns-query
To block malware & adult content:
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.3/dns-query
- https://1.0.0.3/dns-query
sudo cloudflared service install
Test: dig +short @127.0.0.1 cloudflare.com AAAA
You should see these IPv6 addresses of cloudflare.com :
2606:4700::6810:84e5
2606:4700::6810:85e5
- (optional) Open 2 tabs with this address and only refresh the 2nd tab after you changed your DNS settings to see the difference between your old settings and new settings : https://1.1.1.1/help
- System Preferences
- Network
- Select your internet connection (WiFi/Ethernet)
- Advanced
- DNS tab
- Click on + button, bottom left
- Add
127.0.0.1and hit enter - OK
- Apply
Visit https://1.1.1.1/help and you should see:
| Debug Information | |
|---|---|
| Connected to 1.1.1.1 | Yes |
| Using DNS over HTTPS (DoH) | Yes |
| Using DNS over TLS (DoT) | No |