Never mind, it was what I thought it was, IVP 6
1 Like
@ace seems like this might make a nice follow-up article; though I swear you have one in the archives somewhere. With privacy at the forefront of everyone’s minds these days, DNS and VPN providers are something everyone should consider.
Cheers!
F
The .local domain name is reserved for use by multicast DNS services (see also RFC 6762). It should never be used as an actual DNS domain.
Apple equipment (and other computers running mDNS software) will redirect all requests for .local names to the mDNS software and will never attempt to resolve the name with DNS.
I wrote a series of articles on my personal blog for setting up a Raspberry Pi to act as a DHCP and DNS server for a small LAN. I hadn’t shared the links here because they’re not really Apple related, but since there’s been a lot of discussion, here they are:
- Using a Raspberry Pi for Basic Networking Services
- … Part 2: DHCP server
- … Part 3: Static IP addresses
- … Part 4: DNS server
The setup and installation procedures are really only going to be applicable to a Debian Linux device (like a Raspberry Pi), but the concepts discussed are universal and should be applicable to just about anything. (And an experienced administrator can install these packages on macOS. Sadly, Apple no longer provides them as a part of macOS Server.)
We covered this topic a few years ago, before Warp was available.
I’d be open for an article about Warp, if you or @glennf were interested in writing it.
Thank you, @Shamino and @frederico. I regret the career path that took me away from computer administration 25 years ago and recognize that most of the information you provided is now beyond my ken and above my pay grade. In case it isn’t obvious, I do not run my own DNS server, and we don’t even share folders on the home network.
I see you listed the IPv6 servers ahead of the IPv4 servers. Is this better in some way?
Another interesting read, and another lesson in how much I don’t know.
And this is why I’m not able to work much anymore; I used to know that about ten years ago. Thanks for the correction; much appreciated. I’ll try to find some time to correct it above. If you want to suggest the edit, it would be most welcome.
Happy Saturday
Again, from top to bottom, it will fallback (down) from you most preferred server; if it’s not available, it will keep trying until it runs out of options.
In short, IPv6 is faster and more secure; it has universal implementation of end-to-end encryption, amongst many other features that are good for both the individual and the internet and LANs alike.
Here’s a decent quick read
https://www.sophos.com/en-us/security-news-trends/security-trends/why-switch-to-ipv6.aspx
Happy Saturday
1 Like
I think this thread has proven I no longer have tHe Nawlg required; I’d hate o write something in need of immediate and multiple corrections.
it was fun messing around and reediting that thread, though. A nice reminder of the value of technical writing for the novice. I can’t tell you how much I miss writing long-form and quick tips; I even got jazzed writing code documentation. (and fo course, once I made the mistake of telling my workgroup, I had little time to code anymore. (:
The be fair, .local is not mentioned by RFC 2606 (Reserved Top Level DNS Names). RFC 2606 only documents the .test, .example, .invalid and .localhost domains. Surprisingly, the list of reserved TLDs has not been expanded since the RFC was written in 1999.
That having been said, the Multicast DNS RFC does say (in Appendix G):
For myself, I have a domain name I registered for myself years ago, back when I had a static IP address from my ISP. It’s one of the locality-based .us sub-domains composed from my name and the town I lived in when I created the domain. Although I no longer live in that house and no longer have a static IP address, I continue using the domain name for my home LAN.
The nice thing about locality-based domains is that they are free (but registrars may charge a nominal fee to create, change or delete them). You have to live in the locality, but that’s not normally a big deal. (I should probably delete my domain and get a new one for where I live, but since that name has no Internet hosts it doesn’t matter.)
The instructions at macOS desktop client · Cloudflare WARP client docs say it’s for High Sierra and Catalina. What’s a poor fellow running Mojave to do? (Please don’t say install Catalina.)
Sorry, I should have split this out between iOS and macOS.
The above instruction to “just use the app” referred to iOS; the ‘1.1.1.1 with Warp.app’ for iOS is free – for DNS – and is super fast, and easy to install. (1.1.1.1: Faster Internet on the App Store)
They also have as subscription component called Warp +, which is a VPN service, to protect your actual data; however, nearly all your data is already encrypted, so it’s not about security, it’s about privacy.
Their VPN service will block anyone from tracking your location via data connections, such as what movies you watch on Netflix, what items you look at on Amazon, what pages you search in Google, etc.
The DNS will only make private your website lookups when you type a website name into the address location bar in Safari, or whatever, anytime you open a bookmark, etc., as well as all of the apps on your phone doing DNS lookups.
As for the Mac, the Warp Client for macOS is 64bit, so it should run on Mojave; however, you only need to install it if you want to use it for VPN, not for DNS.
If you wish to use Cloudflare 1.1.1.1 DNS on your Mac, simply follow the detailed instructions above to change the*** DNS lookup tables*** on your router and/or on each individual Mac/web-capable device in your how (excluding iOS devices, if you use the iOS app; that would be redundant).
So, @Will_M Will, let’s start with your home/office router: do you use an Apple Airport device? Is that in addition to a router/WiFi-router from your ISP?
Let’s start there, and address each set of privacy needs.
1 Like
Thanks, @frederico. Most of that I had understood, but clarification is good.
I was going for the VPN, and I was dismayed that the instructions said High Sierra and Catalina but omitted Mojave. Being a timid sort, I stopped and posted the question. I wish the instructions had said High Sierra or later or added but not Mojave.
For now, I’m only interested in the Mac side of the house. Following your earlier instructions (thank you), I had already updated the tables (with IPv6 and IPv4) on the Airport Express, the iMac, and the MacBook. Since the iMac gets all its internet through the Airport Express, I assume updating its tables was redundant; the MacBook has wandered around the country and will again (I hope), so I definitely wanted to update its tables.
The ISP’s device (that I call a bridge and the ISP calls a modem) connects to the Airport Express by an ethernet cable, and all internet (at home) goes through the single Airport Express.
In case it matters, there are also two iPhones (that do very few internet things) and one iPad (that does much more but still not much). I do expect to try to install ‘1.1.1.1 with Warp.app’ on the iPad and probably the iPhones, later.
Also in case it matters, there is a Time Capsule connected to the iMac and the MacBook (when it’s in my study) by ethernet. The Time Capsule provides connectivity to the printer for both computers but does not connect to the internet.
In summary, my concern was that Mojave was not listed as an acceptable version of macOS for the VPN solution. If it really doesn’t work, will I damage anything by installing it and trying to use it?
Thanks for your continuing help.