Set Up ChinaDNS with DNS over HTTPS on macOS

Because of shortage of UDP, it’s very often to get false DNS results. So I use 1.1.1.1 with DNS over HTTPS as my DNS server and I also set up ChinaDNS to get a faster experience since many websites use CDN nowadays. At the same time, I use Dnsmasq to cache DNS results.

Set up 1.1.1.1 with DNS over HTTPS

$ brew install cloudflare/cloudflare/cloudflared
$ sudo cloudflared service install
$ mkdir -p /etc/cloudflared
$ cat << EOF > /etc/cloudflared/config.yaml
$ proxy-dns: true
$ proxy-dns-port: 5311
$ proxy-dns-upstream:
$  - https://1.1.1.1/dns-query
$  - https://1.0.0.1/dns-query
$ EOF
$ sudo launchctl start com.cloudflare.cloudflared

Set up ChinaDNS

$ brew install chinadns-c
$ cd /usr/local/opt/chinadns-c/share
$ curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt
$ rm -f iplist.txt && wget --no-check-certificate  https://raw.githubusercontent.com/YKilin/ChinaDNS/master/iplist.txt
$ cat << EOF > /usr/local/opt/chinadns-c/homebrew.mxcl.chinadns-c.plist
$ <?xml version="1.0" encoding="UTF-8"?>
$ <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
$ <plist version="1.0">
$   <dict>
$     <key>Label</key>
$     <string>homebrew.mxcl.chinadns-c</string>
$     <key>ProgramArguments</key>
$     <array>
$       <string>/usr/local/bin/chinadns</string>
$       <string>-m</string>
$       <string>-c</string>
$       <string>/usr/local/opt/chinadns-c/share/chnroute.txt</string>
$       <string>-p</string>
$       <string>5322</string>
$       <string>-s</string>
$       <string>114.114.114.114,127.0.0.1:5311</string>
$     </array>
$     <key>KeepAlive</key>
$     <dict>
$       <key>NetworkState</key>
$       <true/>
$     </dict>
$     <key>RunAtLoad</key>
$     <true/>
$   </dict>
$ </plist>
$ EOF
$ sudo brew services start chinadns-c

Set up Dnsmasq

$ brew install dnsmasq

Add server=127.0.0.1#5322 to /usr/local/etc/dnsmasq.conf and uncomment #conf-dir=/usr/local/etc/dnsmasq.d/,*.conf.

$ cd /usr/local/etc/dnsmasq.d
$ curl -O https://raw.githubusercontent.com/cokebar/gfwlist2dnsmasq/master/gfwlist2dnsmasq.sh
$ sh gfwlist2dnsmasq.sh -p 5311 -o gfwlist2dnsmasq.conf
$ curl -O https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
$ sudo brew services start dnsmasq

Now all the three parts are working and correct DNS records can be used by the system.