How to prevent a DNS leak in OS X
While using VPN in OS X and ISP's (Internet Service Provider) DNS there is a risk of de-anonymization, so it's necessary to prevent a DNS leak.
Viscosity users are able to apply the built-in solution. For Tunnelblick use the follow guide:
- Go to "System Preferences":
- Choose "Network" in "Internet & Wireless" section:
- Go to "Advanced":
- Go to "DNS".
- Remove all addresses from the list of DNS servers. Add an non-existent DNS address - 127.0.0.42. Instead of this address you can set up Google Public DNS address - 220.127.116.11.
Set "Off" for "Configure IPv6". Or if VPN service supports IPv6 keep it as "Automatically".
With enabled IPv6 support set up 0:0:0:0:0:0:0:42 as non-existent IPv6 address or 2001:4860:4860::8888 (Google Public DNS).
Also keep only 127.0.0.1 address in "Search Domains" section.
From now ISP's DNS will not be used.