===== DNS-over-https =====

Unter macOS kann Safari das aktuell nicht. Man könnte zwar ein .mobileconfig Profile erstellen und einspielen, aber dann bekommen LittleSnitch bzw. LuLu ein Problem.

Alternativ kann man sich [[https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS|DNSCrypt]] installieren. Das geht mit brew. Man muss dann nur noch den DNS in den Systemeinstellungen umstellen und den Service laufen lassen oder ihn im Terminal jedesmal starten.

<code>
brew install dnscrypt-proxy
sudo brew services info dnscrypt-proxy
</code>

After starting dnscrypt-proxy, you will need to point your
local DNS server to 127.0.0.1. You can do this by going to
System Preferences > "Network" and clicking the "Advanced..."
button for your interface. You will see a "DNS" tab where you
can click "+" and enter 127.0.0.1 in the "DNS Servers" section.

By default, dnscrypt-proxy runs on localhost (127.0.0.1), port 53,
balancing traffic across a set of resolvers. If you would like to
change these settings, you will have to edit the configuration file:
  /usr/local/etc/dnscrypt-proxy.toml

To check that dnscrypt-proxy is working correctly, open Terminal and enter the
following command. Replace en1 with whatever network interface you're using:

  sudo tcpdump -i en1 -vvv 'port 443'

You should see a line in the result that looks like this:

 resolver.dnscrypt.info

To restart dnscrypt-proxy after an upgrade:
  sudo brew services restart dnscrypt-proxy
Or, if you don't want/need a background service you can just run:
  /usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy -config /usr/local/etc/dnscrypt-proxy.toml


Stand März 2022