How to use custom DNS on eduroam WiFi

tl;dr Switch to a local proxy server (dnscrypt-proxy) using DNSCrypt.

It’s been a dream since my first university year (fall 2016) to use whatever DNS server I wanted, without eduroam’s restrictions. In particular, I wanted to use Google’s DNS (until I found Cloudflare’s 1.1.1.1 DNS), but the solution I found below has an extra benefit — the DNS traffic is encrypted, so no leaking or spoofing.

Cloudflare’s DNS vs others, speed comparison. https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/

The Problem

Just to reiterate, the problem is that eduroam filters all DNS packets except those sent to eduroam’s own DNS. If you switch the DNS from the default, DNS queries won’t resolve, so you can’t browse websites as usual.

The Solution

Install a proxy server, set it up to send DNS queries over DNSCrypt or DNS-over-HTTPS to your preferred DNS server (it must support the encrypted protocol), then point your operating system’s DNS to that proxy. You’d usually run the proxy server on localhost.

It works because DNSCrypt and DNS-over-HTTPS are encrypted DNS protocols that use port 443, which seems to work around eduroam’s filters.

For Mac I use https://github.com/jedisct1/dnscrypt-proxy, but all other major platforms seem to be supported. Although it’ll take some time to install and configure, it’s worth it.

This is also a great resource that can help you set it up: https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/