DoT w/ Stubby & dnsmasq on macOS
4th May 2020
OK, let’s start with DoT definition:
DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
There are, of course, multiple ways to use DoT on macOS.1 I took the approach of dnsmasq + Stubby simply because I had already planned playing with the former – editing /etc/hosts
has bitten me so many times, that I finally gave up and decided to use some tiny DNS instead. Additionally I wanted to get rid of at least some trackers, counters, analytics and, potentially, ads.