Full DNS still leaking

Got a problem with Viscosity or need help? Ask here!

dlman1890

Posts: 1
Joined: Mon Feb 10, 2020 1:37 am

Post by dlman1890 » Mon Feb 10, 2020 1:44 am
I've set my VPN configuration to "Full DNS (Use VPN DNS for all traffic)" but I'm still seeing the original resolver using scutil --dns. It looks like all IPV6 queries (and any queries not resolved by my vpn) will be leaking. Ideally I want no split-tunneling at all with that option enabled (like tunnelblick and pritunl). Is there any way to accomplish this with Viscosity? Perhaps I am doing something wrong.


resolver #1
search domain[0] : utun10.viscosity
nameserver[0] : 10.10.0.2
if_index : 17 (utun10)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)

resolver #2
search domain[0] : hsd1.co.comcast.net
nameserver[0] : 2001:558:feed::1
nameserver[1] : 2001:558:feed::2
nameserver[2] : 75.75.75.75
nameserver[3] : 75.75.76.76
if_index : 6 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Feb 10, 2020 8:11 am
Hi dlman1890,

If your VPN connection is IPv4 only, and your underlying network connection supports IPv6, you'll likely want to enable the "Block IPv6 traffic while connected to IPv4-only VPN connections" option:
https://www.sparklabs.com/support/kb/ar ... work-leaks

macOS will not attempt to fall back to "resolver #2" if your VPN server can't resolve a query. Additional resolvers will only be used if your primary VPN DNS server/s are completely unreachable.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1