ahmozkya · July 2, 2025 01:46 · james-see · Dec 11, 2017 · ngocphamm · Apr 9, 2018
diff --git a/README.md b/README.md
diff --git a/dnsmasq.conf b/dnsmasq.conf
 # Configuration file for dnsmasq.
 #
 # Format is one option per line, legal options are the same
 # as the long options legal on the command line. See
 # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

 # Custom development domains
 address=/.dev/127.0.0.1
 address=/.dom/127.0.0.1

 # Upstream DNSCrypt
 server=127.0.0.1#40

 #user=
 #group=

 # Don't read the hostnames in /etc/hosts.
 no-hosts
 
 # Do not go into the background at startup but otherwise run as
 # normal.
 keep-in-foreground
 
 # Do not provide DHCP or TFTP on the loopback interface.
 no-dhcp-interface=lo
 
 # Only listen on the loopback interface.
 listen-address=127.0.0.1
 
 # Only bind to interfaces dnsmasq is listening on.
 bind-interfaces
 
 # Never forward addresses in the non-routed address spaces.
 bogus-priv
 
 # Don't read /etc/resolv.conf.
 no-resolv

 # Reject (and log) addresses from upstream nameservers which are in
 # the private IP ranges. This blocks an attack where a browser behind
 # a firewall is used to probe machines on the local network.
 stop-dns-rebind
 
 # Exempt 127.0.0.0/8 from rebinding checks. This address range is
 # returned by realtime black hole servers, so blocking it may disable
 # these services.
 rebind-localhost-ok
 
 # Never forward plain names (without a dot or domain part).
 # domain-needed

 # Set the cache size here. If you don't use spam blocking add-ons such
 # Adblock Plus or Ghostery, you may want to increase this value as you
 # will be resolving more domain names.
 cache-size=1000

 #no-negcache
 #local-ttl=

 # Pass through DNSSEC validation results from dnscrypt-proxy.
 proxy-dnssec

 #mx-host=maildomain.com,servermachine.com,50
 #mx-target=servermachine.com
 #localmx
 #selfmx

 #log-queries
diff --git a/homebrew.mxcl.dnscrypt-proxy.plist b/homebrew.mxcl.dnscrypt-proxy.plist
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
 	<key>KeepAlive</key>
 	<true/>
 	<key>Label</key>
 	<string>homebrew.mxcl.dnscrypt-proxy</string>
 	<key>ProgramArguments</key>
 	<array>
 		<string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string>
 		<string>--local-address=127.0.0.1:40</string>
 		<string>--edns-payload-size=4096</string>
 		<string>--user=nobody</string>
 	</array>
 	<key>RunAtLoad</key>
 	<true/>
 	<key>StandardErrorPath</key>
 	<string>/dev/null</string>
 	<key>StandardOutPath</key>
 	<string>/dev/null</string>
 	<key>UserName</key>
 	<string>root</string>
 </dict>
 </plist>
diff --git a/homebrew.mxcl.dnsmasq.plist b/homebrew.mxcl.dnsmasq.plist
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
 	<key>Disabled</key>
 	<false/>
 	<key>KeepAlive</key>
 	<dict>
 		<key>NetworkState</key>
 		<true/>
 	</dict>
 	<key>Label</key>
 	<string>homebrew.mxcl.dnsmasq</string>
 	<key>ProgramArguments</key>
 	<array>
 		<string>/usr/local/opt/dnsmasq/sbin/dnsmasq</string>
 		<string>--keep-in-foreground</string>
 	</array>
 </dict>
 </plist>
	# Configuration file for dnsmasq.
	#
	# Format is one option per line, legal options are the same
	# as the long options legal on the command line. See
	# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

	# Custom development domains
	address=/.dev/127.0.0.1
	address=/.dom/127.0.0.1

	# Upstream DNSCrypt
	server=127.0.0.1#40

	#user=
	#group=

	# Don't read the hostnames in /etc/hosts.
	no-hosts

	# Do not go into the background at startup but otherwise run as
	# normal.
	keep-in-foreground

	# Do not provide DHCP or TFTP on the loopback interface.
	no-dhcp-interface=lo

	# Only listen on the loopback interface.
	listen-address=127.0.0.1

	# Only bind to interfaces dnsmasq is listening on.
	bind-interfaces

	# Never forward addresses in the non-routed address spaces.
	bogus-priv

	# Don't read /etc/resolv.conf.
	no-resolv

	# Reject (and log) addresses from upstream nameservers which are in
	# the private IP ranges. This blocks an attack where a browser behind
	# a firewall is used to probe machines on the local network.
	stop-dns-rebind

	# Exempt 127.0.0.0/8 from rebinding checks. This address range is
	# returned by realtime black hole servers, so blocking it may disable
	# these services.
	rebind-localhost-ok

	# Never forward plain names (without a dot or domain part).
	# domain-needed

	# Set the cache size here. If you don't use spam blocking add-ons such
	# Adblock Plus or Ghostery, you may want to increase this value as you
	# will be resolving more domain names.
	cache-size=1000

	#no-negcache
	#local-ttl=

	# Pass through DNSSEC validation results from dnscrypt-proxy.
	proxy-dnssec

	#mx-host=maildomain.com,servermachine.com,50
	#mx-target=servermachine.com
	#localmx
	#selfmx

	#log-queries
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>KeepAlive</key>
	<true/>
	<key>Label</key>
	<string>homebrew.mxcl.dnscrypt-proxy</string>
	<key>ProgramArguments</key>
	<array>
	<string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string>
	<string>--local-address=127.0.0.1:40</string>
	<string>--edns-payload-size=4096</string>
	<string>--user=nobody</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>StandardErrorPath</key>
	<string>/dev/null</string>
	<key>StandardOutPath</key>
	<string>/dev/null</string>
	<key>UserName</key>
	<string>root</string>
	</dict>
	</plist>