How to prevent a DNS leak in OS X

While using VPN in OS X and ISP's (Internet Service Provider) DNS there is a risk of de-anonymization, so it's necessary to prevent a DNS leak.

Viscosity users are able to apply the built-in solution. For Tunnelblick use the follow guide:

  1. Go to "System Preferences":

  2. Choose "Network" in "Internet & Wireless" section:

  3. Go to "Advanced":

  4. Go to "DNS".

    5. Set "Off" for "Configure IPv6". Or if VPN service supports IPv6 keep it as "Automatically".

  5. Remove all addresses from the list of DNS servers. Add an non-existent DNS address - 127.0.0.42. Instead of this address you can set up Google Public DNS address - 8.8.8.8.

    6. With enabled IPv6 support set up 0:0:0:0:0:0:0:42 as non-existent IPv6 address or 2001:4860:4860::8888 (Google Public DNS).


    Also keep only 127.0.0.1 address in "Search Domains" section.

    From now ISP's DNS will not be used.

show comments
Copyright © 2012-2019, ZorroVPN.com