Kamal Nasser

Network-specific DNS settings on macOS

Cloudflare recently announced 1.1.1.1, their new privacy-first super-fast DNS resolver. I updated my LAN DNS resolver to use 1.1.1.1 in place of 8.8.8.8 as the upstream DNS server, but I also wanted to apply these settings to all networks, not just my home network.

One option would be changing macOS's DNS settings to use 1.1.1.1 instead of whatever the DHCP server pushes to it, but that would also mean that I would lose the advantages of running a LAN DNS server—mainly being able to access local machines using their hostname.

I created two macOS network locations. One called Home that kept the DNS settings empty and therefore wouldn't override the current network's defaults, and one called Not Home that has 1.1.1.1 and 1.0.0.1 hardcoded as the DNS resolvers.

screenshot

Now, I can go into System Preferences and choose a network location and automatically have my DNS settings set to either Cloudflare's or the current network's defaults.

I use ControlPlane to automate switching between the two locations, depending on the WiFi network I'm connected to. With ControlPlane, I can create "contexts" and "rules" for when each context is applicable based on "evidence sources." Then, I can configure "actions" that are run when a context is activated or deactivated.

I created two contexts, named Home and Not Home like the network locations, and two corresponding rules based on my home WiFi network's BSSID using the Nearby WiFi Network evidence rule. It says "Nearby" but it's only activated when you're actually connected to the network.

screenshot

Finally, I created two actions to switch to right network location depending on the context:

screenshot

And that's it! macOS now uses 1.1.1.1 on public networks, and my local DNS resolver at home.