DNS over TLS (DoT) client for Mavericks?

[bbbc]

Any of you know of a DNS over TLS (DoT) client for Mavericks? Hoping to configure NextDNS on someone's machine that can't do it via their router.

The official NextDNS client on the MAS is for 10.11 - https://apps.apple.com/us/app/nextdns/id1464122853 . This solution was only for macOS Sierra 10.12 - https://dnsprivacy.org/wiki/display/DP/Stubby+GUI+for+macOS .

 

[Wowfunhappy]

I don't think DNS over TLS existed when Mavericks was current, so I wouldn't bet on it.

I don't know a ton about NextDNS, but is there a reason you can't do it in System Preferences with the IPv4 and/or IPv6 addresses listed on https://my.nextdns.io/3e7c8a/setup? I don't think TLS is providing much extra security (the tech is really somewhat controversial overall) and I'd always prefer to use the Apple-native system where one exists and can be reasonably used.

 

[Wowfunhappy]

Oh! Oh! Or you can use NextDNS's official command line client! https://github.com/nextdns/nextdns/releases

The NextDNS client was written in a recent version of Go. Anything compiled with Go 1.12 or newer won't work on Mavericks—when you try to run it, you'll get an error:

dyld: Symbol not found: _fdopendir$INODE64
  Referenced from: /usr/local/bin/nextdns
  Expected in: flat namespace

Aka, the binary wants to use a function that doesn't exist in Mavericks. Luckily, MacPorts has a library for exactly this situation, because MacPorts is awesome! https://github.com/macports/macports-legacy-support I've attached a compiled copy.

In order to use this library, you need to inject it into the binary you want to run. So instead of just typing "NextDNS" into the Terminal, you'd type:

DYLD_INSERT_LIBRARIES=/path/to/libMacportsLegacySupport.dylib NextDNS

I still highly recommend just doing this in System Preferences instead. But thanks for giving me the opportunity to write up how to get Go programs working.

 

[bbbc]

Any chance Wowfunhappy you can give complete install instructions please for the TERMINALly challenged? I believe I was able to merge the library you attached into the NextDNS CLI Darwin client I manually downloaded, but then got confused whether I still needed to install Xcode 6.2 and Homebrew to complete NextDNS' install instructions - https://github.com/nextdns/nextdns/wiki/MacOS . Could NextDNS CLI be intermingled with your Squid proxy server?

The problem with doing NextDNS through System Preferences is that the end-users IPs I want to help are behind Carrier-grade NAT / CGN / CGNAT (think mobile hotspot), so unfortunately linking the IP won't work. I know AdGuard DNS could be used, but hope to implement DNS privacy through encryption.

 

[Wowfunhappy]

I don't actually use NextDNS, so I can't tell you how to actually it, sorry. I only confirmed that it does in fact work on Mavericks.

Don't use Homebrew on Mavericks (in 2020), it's mostly broken. If you need a package manager, you can use MacPorts—but you shouldn't need either in this case. You should be able to download and use the binary without compiling anything. Just run it normally, except prefix all commands with DYLD_INSERT_LIBRARIES=/path/to/libMacportsLegacySupport.dylib.

I don't think there's a way to "integrate" the Library into the binary in a way that will work. There's actually been a lot of discussion about this on the MacPorts bug tracker, and while I frankly don't understand most of it, the gist as far as I can tell is that it can't currently be done for Go 1.13+. You need to inject the library every time.

What you could and probably should do is create a wrapper shell script that runs NextDNS with the library injected.