How to Use Cloudflare DNS on Mac OS for Speed & Privacy

Apr 9, 2018 - 30 Comments

How to use Cloudflare DNS on a Mac

CloudFlare now has a consumer DNS service that is very fast and also centered around privacy. CloudFlare DNS says they won’t log IP addresses or sell your data, which in the modern era is perhaps more important than ever for users who value the vague concept of internet privacy.

This article will show you how to setup and use CloudFlare DNS on a Mac.

For some quick background, DNS is what links an IP address to an easy to read domain name, and it’s sort of like an internet directory service. The faster the DNS requests are, the faster your general internet performance will be because there is less time spent performing lookups to associate an IP address to a domain name. No, it won’t increase the actual transfer speeds, but using faster DNS may increase the response time of accessing various internet services and websites. But as mentioned above, it’s not just speed that makes Cloudflare DNS enticing, it’s the privacy-centric nature of the service, if you’re interested in learning more you can read more here from Cloudflare.

How to Setup Cloudflare DNS on Mac OS

If you’re already familiar with changing DNS servers on Mac OS then this process should be familiar to you, the main difference then is the addition of the Cloudflare DNS IP of 1.1.1.1 and 1.0.0.1. Here are the full steps:

  1. Go to the  Apple menu and then select “System Preferences”
  2. Choose the “Network” control panel
  3. Select “Wi-Fi” from the sidebar and then click on the “Advanced” button
  4. Choose the “DNS” tab
  5. Now click the “+” plus button to add a new DNS server, and enter: 1.1.1.1
  6. Click the “+” plus button again and add another new DNS server: 1.0.0.1
  7. If other DNS entries exist, click and drag the “1.1.1.1” and “1.0.0.1” entries above them in the list, or for maximum privacy and to rely entirely on Cloudflare DNS, delete the other DNS entries (it is recommended to make a note of any pre-configured DNS IP addresses just in case)
  8. Cloudflare DNS setup in Mac OS

  9. Click the “OK” button and then click “Apply”

When you apply the network setting changes your internet connection will likely temporarily disconnect and reconnect again.

You should not need to quit and relaunch any networking apps for the change to take effect, but to be thorough you may want to anyway. Or you can reboot your computer.

Likewise it shouldn’t be necessary to flush DNS caches but you’re welcome to clear DNS cache anyway, you can learn how to reset DNS cache in MacOS High Sierra, Sierra, El Capitan, and other Mac OS X versions if need be.

If you have multiple Macs and decide you want to use CloudFlare DNS on all of them, you’ll want to repeat the same DNS configuring setup process on each of them, and you could also change DNS servers on iPhone or iPad if you want to set those to use the service as well.

How do I know if Cloudflare DNS is faster for me?

This is a great question, since every user and every ISP will likely have different performance for different DNS providers. Fortunately there are multiple ways to check DNS performance:

If you want to run a DNS comparison speed test yourself from your own Mac, and you’re savvy with the command line, you can save this bash script as dnstest.sh (via cleanbrowsing) to your local directory, and then run the following command:

bash ./dnstest.sh |sort -k 22 -n

Cloudflare DNS performance versus other DNS

In each of my own personal tests, Cloudflare DNS was the fastest, but individual results may vary per location, ISP, and other variables.

If this interests you then try it out yourself and see if it’s faster for you, but even if it’s not, some people may opt to use CloudFlare DNS for the purported privacy benefit. That’s a personal decision, so whether you want to use CloudFlare DNS, your ISP provided DNS, or any other DNS, that’s your call!

.

Related articles:

Posted by: Paul Horowitz in Mac OS, Security, Tips & Tricks

30 Comments

» Comments RSS Feed

  1. john says:

    Could someone comment on the privacy implications of leaving Comcast’s “Search Domain” entry in Network settings, i.e. hsd1.or.comcast.net. Wouldn’t this cause your searches to be logged by Comcast regardless of your DNS server entries?

    If you want to use another DNS like Google/Cloudflare/OpenDNS shouldn’t you use their Search Domain? How would someone go about discovering the correct Search Domain for those DNS servers?

    Thanks.

    • cd says:

      I am wondering the exact same thing!

      How to remove the Comcast settings in the System Preferences > Network > Advanced > DNS > Search Domains box setting????

      It’s not private if that is locked in is it?

  2. Rick says:

    Anyone know how to change similarly the DNS settings on an Airport Extreme?

    • Violet says:

      Yes! I wondered this too. Usually with wi-fi router you go to “192.168.0.1” or “192.168.1.1” or similar in your web browser, but with Airport Extreme, the configuration is through a utility and not a web browser.

      How to change DNS Settings on Apple AirPort Extreme:

      – Open the “AirPort Utility application” (found in /Applications/Utilities)

      – Click the AirPort Extreme icon to show the status section

      – Click ‘Edit’ to view the Settings window

      – Click the “Internet” tab

      – Enter the DNS servers 1.1.1.1 in the Primary DNS Server and 1.0.0.1 in the Secondary DNS Server fields (you can also use Google DNS if you’d rather do that, 8.8.8.8)

      – Click ‘Update’ for change to take effect, it will disconnect and reconnect your router connections from all devices to AirPort Exstreme

      That should do the trick!

  3. Isidore says:

    Based in the US. hmm….

  4. Isidore says:

    Where are cloudflare and its servers based? That would ultimately effect what the legislative environment is, would it not?

  5. Jan Steinman says:

    I run my own caching DNS server. I’ve been using my ISP’s DNS as the read-through server. Is there any reason I can’t use Cloudflare DNS as the backup for a caching server?

  6. Michael Spencer says:

    Can’t change the DNS in my Xfinity Router/Wifi box. So if I change the DNS on my Mac, which goes through the Xfinity box, where are my DNS requests going?

  7. Bob Crites says:

    Got exactly the same up and down speeds with this and Open DNS

  8. Will says:

    when it first came out I tested it, Google DNS (8.8.8.8) is still the quickest for me

  9. Valentin says:

    Changing DNS settings on my router will affect my entire network? via ethernet and wifi? {macs, iPads, iPhones} ?

    Thank You.

  10. David says:

    Thanks for the dnstest comparison script.
    I tried this before doing anything.
    I am based in the UK.
    My existing DNS supplier is still the fastest with cloud share coming in 3rd.
    So won’t be changing.

  11. Dave says:

    Or how about setting up a Pi-hole and using Cloudflare on that. Instant entire network using it and no adverts. Life is good.

  12. rpk says:

    If you can override the DNS severs in your router and it uses DHCP to give addresses to all your machines and devices, that should be fine.

    You can also geek out if you’re tech savvy. Run a local DNS resolver on a mac that gets addresses from Cloudflare (which can be cached) and share by pointing all of your other devices to the mac.

    The best alternative is to mod a router with OpenWrt or Tomato and run a DNS resolver on it. Something like dnsmasq works well. You can also block thousands of ad sites and trackers with it.

    For even better security, you can encrypt your DNS lookups so that your ISP doesn’t get a history of the sites you visit. It appears Cloudflare supports a couple of encryption options. Then it’s down to whether you trust Cloudflare or your ISP with that info.

    If you want to go full on, setup a Virtual Private Server (VPS) for about $5/mo on DigitalOcean or Linode or another service. It’s a lot of work, but you can set up a VPN, a DNS resolver that blocks ads/trackers and encrypt all of your DNS queries. There’s some VPN/cipher packages out there even the Chinese govt. haven’t cracked yet. You also get to trust your VPN service, because you are running it yourself. Unfortunately it is not trivial to set this up.

    Nothing is ever 100% secure, but running your own VPS will keep out most of the bottom feeding weasel Ad companies, data trackers and ISPs.

    p.s. it’s also trivial to block the over 188,000 IP addresses that FaceF*ck have registered.

  13. caraa says:

    unfortunately only applies to mac

    • Paul says:

      Yes the article is, however you can set the custom DNS on any operating system, including Windows, Android, Linux, iOS, etc.

  14. Michael says:

    This is really cool information – changing DNS for me definitely sped up my web traffic! I am anxious to see the answers to the above questions, but thanks in advance for the tip! peace!

  15. John says:

    What about going the next step and encrypting the DNS traffic so our wonderful ISPs can’t snoop anymore?

  16. Boggled says:

    Thanks for the script. Cloudflare turned out to be 3x slower than my ISP…
    …and my ISP’s secondary DNS turned out to be 3x faster than its primary.

    test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 Average
    telus2 45 ms 45 ms 43 ms 45 ms 44 ms 45 ms 43 ms 45 ms 43 ms 46 ms 44.40
    level3 50 ms 46 ms 46 ms 50 ms 50 ms 46 ms 52 ms 45 ms 48 ms 51 ms 48.40
    quad9 46 ms 44 ms 43 ms 43 ms 44 ms 89 ms 43 ms 45 ms 43 ms 44 ms 48.40
    neustar 48 ms 47 ms 53 ms 49 ms 47 ms 49 ms 48 ms 50 ms 51 ms 49 ms 49.10
    google 44 ms 45 ms 43 ms 44 ms 46 ms 102 ms 42 ms 45 ms 43 ms 46 ms 50.00
    norton 53 ms 55 ms 49 ms 53 ms 52 ms 52 ms 51 ms 50 ms 49 ms 54 ms 51.80
    cleanbrowsing 48 ms 51 ms 55 ms 51 ms 47 ms 150 ms 43 ms 87 ms 42 ms 78 ms 65.20
    opendns 72 ms 42 ms 44 ms 76 ms 42 ms 165 ms 48 ms 70 ms 68 ms 50 ms 67.70
    comodo 89 ms 92 ms 90 ms 93 ms 95 ms 92 ms 87 ms 84 ms 88 ms 88 ms 89.80
    10.0.0.1 62 ms 82 ms 43 ms 45 ms 104 ms 289 ms 43 ms 206 ms 43 ms 110 ms 102.70
    cloudflare 42 ms 45 ms 44 ms 1000 ms 45 ms 43 ms 45 ms 45 ms 43 ms 43 ms 139.50
    telus1 45 ms 47 ms 49 ms 45 ms 45 ms 44 ms 46 ms 1000 ms 45 ms 44 ms 141.00
    yandex 184 ms 331 ms 185 ms 184 ms 197 ms 185 ms 189 ms 201 ms 194 ms 381 ms 223.10
    adguard 185 ms 395 ms 184 ms 186 ms 186 ms 183 ms 183 ms 417 ms 193 ms 390 ms 250.20
    freenom 168 ms 166 ms 256 ms 166 ms 216 ms 394 ms 170 ms 307 ms 159 ms 1000 ms 300.20

  17. Anay says:

    Speed yes, but not privacy, because it’s not the DoH setup. For that you need to use dnscrypt-proxy or cloudflared-proxy.

  18. Curious says:

    Why should I use Cloudflare over OpenDNS? I honestly want to know if one is better than the other for privacy and security.

  19. JBurke says:

    How does this compare to https://www.opendns.com
    OPEN DNS?
    208.67.222.222
    208.67.220.220

  20. Man says:

    If I want to do a “one and done” for all my devices, couldn’t changing the DNS servers in my router settings take care of that?

    • Man says:

      I think I just answered my own question after clicking submit. I guess that is the case when I am on my home network, but beyond that, I guess I would be submitting to whatever DNS the network if I don’t change it on the individual devices. Is that correct?

    • Paul says:

      Yes, you can change the router DNS and that will assign throughout your network if you use auto DHCP from the router to assign IP information. But every router config is different, many people don’t know their router login information, etc…

  21. Patrick says:

    Good golly, did you get that graphic from a local kindergarten website?

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site