bantana and 10 July 2019
dns resolv --> dnsmasq --> dnscrypt-proxy --> internet dnscrypt
If en0 is internet link:
sudo tcpdump -i en0 -vvv 'port 443'
Install dnscrypt-proxy:
brew install dnscrypt-proxy sudo vi /usr/local/etc/dnscrypt-proxy.toml >> modify: listen_addresses = ['127.0.0.1:5300', '[::1]:5300'] sudo brew services restart dnscrypt-proxy
Install dnsmasq:
brew install dnsmasq sudo vi /usr/local/etc/dnsmasq.conf >> modify: server=127.0.0.1#5300 sudo brew services restart dnsmasq
Change local dns resolv with 127.0.0.1.
$ dig +dnssec icann.org ; <<>> DiG 9.10.6 <<>> +dnssec icann.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50952 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1472 ;; QUESTION SECTION: ;icann.org. IN A ;; ANSWER SECTION: icann.org. 3554 IN A 192.0.43.7 icann.org. 3554 IN RRSIG A 7 2 600 20190719002550 20190627174048 61202 icann.org. YQzj2jgkjzjX+LqU7eajQxD4hnACTSX3JtrZOpbEzUoUG2BlJ13CcTKs Q1JPaEo6AR5U22J2tEyHzrnv0bF5Wj8erdtRjmIKMTVuWNOYDI76iBWZ Vm2DT5WlXSypkqXz3bdkr5I0gb6bvnICVzCOejS/QIQiO4c6f6qJcaT2 U0U= ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 10 18:20:14 CST 2019 ;; MSG SIZE rcvd: 223