How to prevent a DNS leak in OS X

While using VPN in OS X and ISP's (Internet Service Provider) DNS there is a risk of de-anonymization, so it's necessary to prevent a DNS leak.

Viscosity users are able to apply the built-in solution. For Tunnelblick use the follow guide:

  1. Go to "System Preferences":
  2. Choose "Network" in "Internet & Wireless" section:
  3. Go to "Advanced":
  4. Go to "DNS".

  5. Set "Off" for "Configure IPv6". Or if VPN service supports IPv6 keep it as "Automatically".

  6. Remove all addresses from the list of DNS servers. Add an non-existent DNS address - 127.0.0.42. Instead of this address you can set up Google Public DNS address - 8.8.8.8.

  7. With enabled IPv6 support set up 0:0:0:0:0:0:0:42 as non-existent IPv6 address or 2001:4860:4860::8888 (Google Public DNS).


    Also keep only 127.0.0.1 address in "Search Domains" section.

    From now ISP's DNS will not be used.


show comments