How to prevent a DNS leak in OS X

While using VPN in OS X and ISP's (Internet Service Provider) DNS there is a risk of de-anonymization, so it's necessary to prevent a DNS leak.

Viscosity users are able to apply the built-in solution. For Tunnelblick use the follow guide:

  1. Go to "System Preferences":
  2. Choose "Network" in "Internet & Wireless" section:
  3. Go to "Advanced":
  4. Go to "DNS".

  5. Set "Off" for "Configure IPv6". Or if VPN service supports IPv6 keep it as "Automatically".

  6. Remove all addresses from the list of DNS servers. Add an non-existent DNS address - Instead of this address you can set up Google Public DNS address -

  7. With enabled IPv6 support set up 0:0:0:0:0:0:0:42 as non-existent IPv6 address or 2001:4860:4860::8888 (Google Public DNS).

    Also keep only address in "Search Domains" section.

    From now ISP's DNS will not be used.

show comments