The Homebrew formula currently installs the 0.1.5 version of stubby, based on getdns 1.2
1. Install Homebrew if you don't aleady have it:
2. Install stubby
Running Stubby on the command line
- The -l flag enables logging
A quick test can be done by using dig (or your favourite DNS tool) on the loopback address
Running Stubby as a service
Running stubby like this will mean it runs continually in the background
Logging from the stubby service
The logging is currently crude and simply writes to a file. (We are working on making this better!) To see the logs
Modify your upstream resolvers
Once this change is made your DNS queries will be re-directed to Stubby and sent over TLS!
(You may need to restart some applications to have them pick up the network settings).
For Stubby to re-send outgoing DNS queries over TLS the recursive resolvers configured on your machine must be changed to send all the local queries to the loopback interface on which Stubby is listening.
To switch to use Stubby for DNS resolution run:
To switch back to your default DNS config (no privacy) use:
It is recommended to use the default configuration file provided which will use 'Strict' privacy mode and spread the DNS queries among several of the current DNS Privacy test servers. Note that this file contains both IPv4 and IPv6 addresses. The file is installed in:
More information on how to customise the configuration can be found here.