Random Tech

month

July 2011

1 post

Block bad hosts on a Mac using dnsmasq

I recently ran into hpHosts - a great community managed HOSTS file that blocks all sorts of baddies on the internet. It sure makes it a bit safer out there, and saves some resources when browsing.

But on Snow Leopard, having a huge HOSTS file really brings the system down. This seems to be an issue with DirectoryService, a process that handles DNS requests on Snow Leopard. My poor MacBook grinded to a halt several times, and I had to hard-reset.

Luckily there is a solution! It is called dnsmasq, a dns forwarder that you can install locally (or on your router). It is very fast, and handles huge HOSTS files quite smoothly.

Here’s a simple guide to install dnsmasq on a Mac:

I used the excellent homebrew to install it, but you can also use MacPorts.

brew install dnsmasq
mkdir /usr/local/etc
cp /etc/resolv.conf /usr/local/etc/
mate /usr/local/etc/dnsmasq.conf       # edit this file and copy contents from below
sudo cp /usr/local/Cellar/dnsmasq/2.55/uk.org.thekelleys.dnsmasq.plist /Library/LaunchDaemons/
sudo chown root:wheel /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist

Note: ‘mate’ is a command line shortcut to TextMate, a popular text editor for Mac that I use to edit files. You can use any editor, just make sure to save dnsmasq.conf to /usr/local/etc.

“2.55” in the path refers to the version number of dnsmasq I used to install, and this may vary due to version differences. Just replace the number with whatever is available on the path. Please note that depending on what you use to install dnsmasq, these paths may be slightly different.

Last two steps are for adding dnsmasq to startup, but I believe MacPorts automatically does this.

Here’s the config file I use: (contents of /usr/local/etc/dnsmasq.conf)

addn-hosts=/usr/local/etc/blocked-hosts
resolv-file=/usr/local/etc/resolv.conf
interface=en1
domain-needed
bogus-priv

“blocked-hosts” is a slightly cropped version of the HOSTS file from hpHosts. Just copy/paste bad hosts section into /usr/local/etc/blocked-hosts.

I set “interface” to “en1”, which is the interface AirPort uses on my MacBook. If you’re using a wired ethernet connection, you might want to try “en0”.

You can start and test dnsmasq manually using:

sudo /usr/local/sbin/dnsmasq
nslookup
> server 127.0.0.1

Finally you can change your Mac’s DNS: Go to System Preferences > Network > Advanced > DNS, and type “127.0.0.1” there. Your Mac should now use dnsmasq with the blacklist.

Note for Google Chrome users: Chrome has a built-in prefetch/caching mechanism that may prevent you from blocking these sites at first. You can change this in Preferences > Under the Hood. Try using Safari to test first.

I hope this helps!

Jul 04, 201124 notes
#mac #guide #dnsmasq #dns
Next page →
2011
  • January
  • February
  • March
  • April
  • May
  • June
  • July 1
  • August
  • September
  • October
  • November
  • December