Mac OSX – DNSMasq Ad Block DNS

ByDavid Kittell
| | | | | 
# Get IP - Start
ip=$(ipconfig getifaddr en0)
nen=0
while [ -z $ip ]; do
let nen=nen+1
eth="en$nen"
#echo $eth
ip=$(ipconfig getifaddr $(echo $eth))
done
echo $ip
# Get IP - Stop

# Install Homebrew
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

# Update your homebrew installation
brew upgrade
# Install dnsmasq & wget
brew install dnsmasq wget


# Copy the default configuration file.
sudo cp $(brew list dnsmasq | grep /dnsmasq.conf.example$) /usr/local/etc/dnsmasq.conf
# Copy the daemon configuration file into place.
sudo cp $(brew list dnsmasq | grep /homebrew.mxcl.dnsmasq.plist$) /Library/LaunchDaemons/
# Start Dnsmasq automatically.
sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

sudo ln -s /usr/local/etc/dnsmasq.conf /etc/dnsmasq.conf

# Setup *.dev for localhost
cat > /usr/local/etc/dnsmasq.conf <<-EOF
listen-address=$ip
address=/.dev/$ip
# keep nameserver order of resolv.conf
strict-order

addn-hosts=/etc/hosts.dnsmasq
EOF

# Start DNSMasq
sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist


# Create resolver
# These are in order of preference:
#       localhost is checked first
#       If localhost doesn't have a reference it will go to the next server in line, and similar with the rest.

# If you want to use OpenDNS Family Shield (Family Safe DNS) comment out the first OpenDNS servers and uncomment the last two.
sudo bash -c 'echo "nameserver 127.0.0.1" > /etc/resolv.conf'
sudo bash -c 'echo "nameserver 208.67.222.222" >> /etc/resolv.conf' # OpenDNS Primary
sudo bash -c 'echo "nameserver 208.67.220.220" >> /etc/resolv.conf' # OpenDNS Secondary
#sudo bash -c 'echo "nameserver 208.67.222.123" >> /etc/resolv.conf' # OpenDNS Family Shield Primary
#sudo bash -c 'echo "nameserver 208.67.220.123" >> /etc/resolv.conf' # OpenDNS Family Shield Secondary

# Get Ad block DNS list - OPTIONAL - You can grab your favorite list and replace the one listed
cd ~/
curl -o host https://www.kittell.net/tools/dns/host
sudo mv host /etc/hosts.dnsmasq

sudo cp -v $(brew --prefix dnsmasq)/homebrew.mxcl.dnsmasq.plist /Library/LaunchDaemons
sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

#To configure the firewall to block all incoming traffic:
/usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on
#To see if block all is enabled:
/usr/libexec/ApplicationFirewall/socketfilterfw --getblockall

# Stop/Start DNSMasq
sudo launchctl stop homebrew.mxcl.dnsmasq
sudo launchctl start homebrew.mxcl.dnsmasq

# View Resolvers
scutil --dns
Originally Posted on July 30, 2016
Last Updated on October 21, 2016
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.