Cloudflare recently announced 220.127.116.11, their new privacy-first super-fast DNS resolver. I updated my LAN DNS resolver to use 18.104.22.168 in place of 22.214.171.124 as the upstream DNS server, but I also wanted to apply these settings to all networks, not just my home network.
One option would be changing macOS's DNS settings to use 126.96.36.199 instead of whatever the DHCP server pushes to it, but that would also mean that I would lose the advantages of running a LAN DNS server—mainly being able to access local machines using their hostname.
I created two macOS network locations. One called
Home that kept the DNS settings empty and therefore wouldn't override the current network's defaults, and one called
Not Home that has
188.8.131.52 hardcoded as the DNS resolvers.
Now, I can go into System Preferences and choose a network location and automatically have my DNS settings set to either Cloudflare's or the current network's defaults.
I use ControlPlane to automate switching between the two locations, depending on the WiFi network I'm connected to. With ControlPlane, I can create "contexts" and "rules" for when each context is applicable based on "evidence sources." Then, I can configure "actions" that are run when a context is activated or deactivated.
I created two contexts, named
Not Home like the network locations, and two corresponding rules based on my home WiFi network's BSSID using the Nearby WiFi Network evidence rule. It says "Nearby" but it's only activated when you're actually connected to the network.
Finally, I created two actions to switch to right network location depending on the context:
And that's it! macOS now uses 184.108.40.206 on public networks, and my local DNS resolver at home.