You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Installation

1. Install Homebrew if you don't aleady have it:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"


2. Install stubby

brew install stubby

Running Stubby on the command line

sudo /usr/local/opt/bin/stubby -C /usr/local/opt/etc/stubby/stubby.conf -l
  • The -l flag enables logging

Test Stubby

A quick test can be done by using dig (or your favourite DNS tool) on the loopback address

> dig @127.0.0.1 www.example.com

Running Stubby as a service

Running stubby like this will mean it runs continually in the background

sudo brew services start stubby

Logging from the stubby service

The logging is currently crude and simply writes to a file. (We are working on making this better!) To see the logs

sudo tail -f /usr/local/var/log/stubby/stubby.log

Modify your upstream resolvers

Once this change is made your DNS queries will be re-directed to Stubby and sent over TLS! 
(You may need to restart some applications to have them pick up the network settings).

For Stubby to re-send outgoing DNS queries over TLS the recursive resolvers configured on your machine must be changed to send all the local queries to the loopback interface on which Stubby is listening.

To switch to use Stubby for DNS resolution run:

sudo /usr/local/opt/sbin/stubby-setdns-macos.sh

To switch back to your default DNS config (no privacy) use:

sudo /usr/local/opt/sbin/stubby-setdns-macos.sh -r

Configuring stubby

It is recommended to use the default configuration file provided which will use 'Strict' privacy mode and spread the DNS queries among several of the current DNS Privacy test servers. Note that this file contains both IPv4 and IPv6 addresses. The file is installed in:

/usr/local/opt/etc/stubby/stubby.conf

More information on how to customise the configuration can be found here.


  • No labels