Enable DoH on macOS with cloudflared

Enable DoH on macOS with cloudflared

quick start DoH on MacOS



👣 #doh #cloudflare #macos

macOS big sur now supports native DoH and DoT, you can follow this guid to configure on your Mac. If you have a self-hosting DoH/DoT server, you can also enable in your Mac following my blog post: https://frankindev.com/2019/11/26/doh-dot-based-on-adguardhome/.

cloudflared is an open source golang DNS over HTTPS (DoH) client developed by Cloudflare, which allow us quick start DoH for macOS system at present.

Install cloudflared using Homebrew

brew install cloudflare/cloudflare/cloudflared

Create config file

Create a new config file: /usr/local/etc/cloudflared/config.yaml, with the following content:

proxy-dns: true
  - https://dns.frankindev.com/dns-query/public
  - https://dns.google/dns-query

Multi upstream are supported. You can find a list of DoH upstream at: https://github.com/curl/curl/wiki/DNS-over-HTTPS.

Activate cloudflared as a service

sudo cloudflared service install

Test and set

dig A @ github.com

If it’s working, change local DNS to on you MacOS (System Preferences > Network > Advanced > DNS).

Restart cloudflared service

If the DNS resolving stopped, restart the cloudflared service with:

sudo cloudflared service uninstall
sudo cloudflared service install

Although cloudflared works, but I found it slows my DNS queries a lot that push me back to the traditional way… Waiting for new release of macOS Big Sur with native support of DoH…

Ads by Google


Frank Lin

Hey, there! This is Frank Lin (@flinhong), one of the 1.41 billion . This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.


Setup an IKEv2 server with strongSwan



Setup an IKEv2 server with strongSwan

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunnelling between networks. It is developed by Microsoft and Cisco (primarily) for mobile users, and introduced as an updated version of IKEv1 in 2005. The IKEv2 MOBIKE (Mobility and Multihoming) protocol allows the client to main secure connection despite network switches, such as when leaving a WiFi area for a mobile data area. IKEv2 works on most platforms, and natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary.