Comments (13)
The problem for me was this line in the configuration file:
conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
There is no such file.
I commented it out and put the trusted-anchor setting instead (see README).
Note: trust anchor: https://data.iana.org/root-anchors/root-anchors.xml
Instructions:
To configure dnsmasq, copy the example configuration to /usr/local/etc/dnsmasq.conf
and edit to taste.cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf
To have launchd start dnsmasq now and restart at startup:
sudo brew services start dnsmasq
Note: requires sudo.
It copies the file, but check the permissions, execute the following command to change it:
sudo chmod 0644 /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
You may want to update the documentation.
Thanks for maintaining the page.
Hope this helps.
from macos-security-and-privacy-guide.
Hi Rishad,
Can you make sure dnsmasq is listening on port 53? You can check with sudo lsof -ni:53
or dig a google.com @127.0.0.1
to see if you get a valid response.
from macos-security-and-privacy-guide.
I do not get any output from the lsof
command.
This is what I get for the dig
command:
; <<>> DiG 9.8.3-P1 <<>> a google.com @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached
from macos-security-and-privacy-guide.
It looks like dnsmasq isn't running, or is listening on the wrong port.
Try defaults read /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
and then run the program with arguments manually to see if there's any errors, e.g.:
sudo /Users/drduh/homebrew/opt/dnsmasq/sbin/dnsmasq --keep-in-foreground -C /Users/drduh/homebrew/etc/dnsmasq.conf
from macos-security-and-privacy-guide.
defaults read /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
{
KeepAlive = 1;
Label = "homebrew.mxcl.dnsmasq";
ProgramArguments = (
"/usr/local/opt/dnsmasq/sbin/dnsmasq",
"--keep-in-foreground",
"-C",
"/usr/local/etc/dnsmasq.conf"
);
RunAtLoad = 1;
}
sudo /Users/drduh/homebrew/opt/dnsmasq/sbin/dnsmasq --keep-in-foreground -C /Users/drduh/homebrew/etc/dnsmasq.conf
:
sudo: /Users/drduh/homebrew/opt/dnsmasq/sbin/dnsmasq: command not found
from macos-security-and-privacy-guide.
Sorry, you'll have to run that as, sudo /usr/local/opt/dnsmasq/sbin/dnsmasq --keep-in-foreground -C /usr/local/etc/dnsmasq.conf
since you have it installed in a different location. Let me know if you get any output from that.
from macos-security-and-privacy-guide.
No output from that but something seems to be running.
from macos-security-and-privacy-guide.
Great, so now in another Terminal window you should be able to check lsof
and dig
output. Maybe you forgot to load the launch daemon previously? sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
ought to do it. Let me know how that works out.
from macos-security-and-privacy-guide.
sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
said the service was already loaded.
This is the output from lsof
:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dnsmasq 31066 nobody 4u IPv4 0x6e71819a5557e477 0t0 UDP 153.90.44.135:domain
dnsmasq 31066 nobody 5u IPv4 0x6e71819a568c8bb7 0t0 TCP 153.90.44.135:domain (LISTEN)
dnsmasq 31066 nobody 6u IPv4 0x6e71819a5557dfa7 0t0 UDP 127.0.0.1:domain
dnsmasq 31066 nobody 7u IPv4 0x6e71819a567f1117 0t0 TCP 127.0.0.1:domain (LISTEN)
dnsmasq 31066 nobody 8u IPv6 0x6e71819a4f5e4c67 0t0 UDP [fe80:7::e026:fdff:feb0:7f89]:domain
dnsmasq 31066 nobody 9u IPv6 0x6e71819a596d2f77 0t0 TCP [fe80:7::e026:fdff:feb0:7f89]:domain (LISTEN)
dnsmasq 31066 nobody 10u IPv6 0x6e71819a58a74ad7 0t0 UDP [fe80:4::8638:35ff:fe56:89ea]:domain
dnsmasq 31066 nobody 11u IPv6 0x6e71819a4bf00f77 0t0 TCP [fe80:4::8638:35ff:fe56:89ea]:domain (LISTEN)
dnsmasq 31066 nobody 12u IPv6 0x6e71819a54eff117 0t0 UDP [fe80:1::1]:domain
dnsmasq 31066 nobody 13u IPv6 0x6e71819a4bf00a37 0t0 TCP [fe80:1::1]:domain (LISTEN)
dnsmasq 31066 nobody 14u IPv6 0x6e71819a55c3486f 0t0 UDP [::1]:domain
dnsmasq 31066 nobody 15u IPv6 0x6e71819a4bf49f77 0t0 TCP [::1]:domain (LISTEN)
This is the output from dig
:
; <<>> DiG 9.8.3-P1 <<>> a google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47290
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 121 IN A 173.194.33.129
google.com. 121 IN A 173.194.33.137
google.com. 121 IN A 173.194.33.133
google.com. 121 IN A 173.194.33.142
google.com. 121 IN A 173.194.33.128
google.com. 121 IN A 173.194.33.130
google.com. 121 IN A 173.194.33.131
google.com. 121 IN A 173.194.33.135
google.com. 121 IN A 173.194.33.134
google.com. 121 IN A 173.194.33.132
google.com. 121 IN A 173.194.33.136
;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 30 11:53:49 2015
;; MSG SIZE rcvd: 204
from macos-security-and-privacy-guide.
Great, it looks like everything's loaded and working now. Can you try setting your DNS server to 127.0.0.1 again and see if your other programs work in resolving domain names?
from macos-security-and-privacy-guide.
I just tried setting my DNS server to 127.0.0.1 but nothing loads up in my web browser.
from macos-security-and-privacy-guide.
Even though the dig
and lsof
commands both return results? Strange stuff. I'm not quite sure what to make of that, then.
from macos-security-and-privacy-guide.
I reinstalled dnsmasq and followed the steps again. It worked fine this time. I don't know why that is! Thank you for your help!
from macos-security-and-privacy-guide.
Related Issues (20)
- Mac Setups
- VLC vs browser for unvetted audio/video files HOT 13
- Wow! HOT 1
- Sectools HOT 1
- Question: Why remove the admin account from FileVault? HOT 3
- "Firmware" part is outdated / Intel-based Mac only HOT 7
- Increasing attack surface using simple virus scanner HOT 4
- Misleading information in Google Chrome section HOT 2
- Security Guide
- Add BusKill HOT 3
- please add in these features from the unistgov HOT 8
- Mac event IDs
- Update to include Brave Browser? HOT 2
- WARNING - Dangerous VPN company - Adware/Malware
- Mac_OSX_Startup.pdf no longer available HOT 1
- Soryy
- Little Snitch & Steven Black Host HOT 3
- Lockdown Mode
- Refresh Santa section HOT 2
- Create threat model section
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from macos-security-and-privacy-guide.