Possibly because I had turned on Secure DNS inside Firefox as an experiment, I’ve been having weird DNS issues on a new Mac Mini (Tahoe). Via Wireshark, I’ve just confirmed (well, to the extent I can) that outgoing DNS requests are being routed through some sort of HTTPS tunnel at a Cloudflare IP address (104.16.248.249). I do not have Cloudflare configured anywhere visible in the normal System Settings, and I have disabled Secure DNS in Firefox. Still, I can’t get my machine back to using my own local DNS server.
The machine is almost brand new; I’ve barely used it. I don’t know enough about MacOS to even guess what kind of thing stuffed that Cloudflare thing into my OS but I want it out.
Specifically, what I’m doing in Wireshark is setting up a Display Filter:
ip.src==192.168.50.73 and tcp.port==443 or udp.port==443
With that, I start capturing and then do a dig command in a terminal window. I see a burst of either UDP or TCP packets going to that Cloudflare IP address. With that filter setting, I don’t see much else besides the activity from my terminal dig invocations, so it’s pretty clear that that’s where those packets are coming from.
