Setting up dnsmasq

tools Aug 30, 2020

This guide explains how set up that all *.test domains point to your local machine.

We use .test instead of .dev (acquired by Google) and .local (has weird resolver issues in macOS and is therefore really slow).

First install dnsmasq:

brew install dnsmasq

(you should install it as service, with brew services start dnsmasq)

Now add a config file in /usr/local/etc/dnsmasq.conf and add the following at the end of the line:


This tells dnsmasq to resolve the .test TLD to your local machine.

Now we only need to tell macOS, that for resolving .test requests, it should use dnsmasq. So we create the config in /etc/resolver/test:


The file name of the file always matches the TLD it should be used for. As soon as the file is created, macOS automatically updates and now resolves the TLD correctly.

Now restart dnsmasq:

brew services restart dnsmasq

Creating a self signed certificate

Now we create a self-signed (but trusted) certificate for all *.test domains.

First install mkcert via homebrew:

brew install mkcert nss
mkcert -install

Create certficate

Now create the certificate. In this example we create a certificate for localhost, current.test and *.current.test:

mkcert current.test "*.current.test" localhost ::1
mkdir /usr/local/etc/pki/_.current.test && mv "$(mkcert -CAROOT)"/current.test* /usr/local/etc/pki/_.current.test

Installation in nginx

First get the file paths for the just created certificates:

ls -lA /usr/local/etc/pki/_current.test

Then add these files in nginx:

server {
    # ...
    listen 443 ssl http2;
    ssl_certificate     /usr/local/etc/pki/_.current.test/current.test+4.pem;
    ssl_certificate_key /usr/local/etc/pki/_.current.test/current.test+4-key.pem;

(keep in mind that the number in the file name can differ in your case)

Photo credit: Guillaume de Germain