DNS leaks

Got a problem with Viscosity or need help? Ask here!

klausus

Posts: 2
Joined: Wed Jan 17, 2024 7:00 pm

Post by klausus » Wed Jan 17, 2024 7:12 pm
I am trying to get the following working, but no success:

I have a local network with my own DNS server and a local domain and many devices that are registered in the local DNS. When I type a local address in my browser (device.localdomain.com) the corresponding device responds. All good.

When I connect to hide.me VPN I still want access to my local network, so I configured a net_getway route for my network and configured split DNS with my DNS server. While this works it causes a DNS leak since my DNS server is the primary server being used and it reaches out to the WAN DNS (not VPN DNS) when needed.

What I would like to happen is that the VPN of hide.me is being used primarily and if a lookup there fails (since it's probably my local domain) my DNS is used. I can't figure out how to make that happen.

James

User avatar
Posts: 2309
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Jan 18, 2024 3:08 pm
Hi klausus,

You'll want to use Full DNS Mode, rather than Split DNS Mode, to ensure that DNS lookups by default use your VPN DNS servers.

To exclude your local domain from using the VPN DNS servers, you can make use of macOS's "/etc/resolver/" feature. This allows you to specify to macOS that it should use particular DNS servers for certain domains. Essentially what you need to do is create the "/etc/resolver/" directory if it doesn't exist, create a plain text file named "localdomain.com" (i.e. your local domain), and inside that file specify the DNS server to use (e.g. "nameserver 192.168.0.1").

You can find some proper guides online of how to do this by searching for "macOS /etc/resolver/" into your preferred search engine. I should add though that while we've tested this process in the past, it's not something we've tried on recent versions of macOS, so the process may have changed.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

klausus

Posts: 2
Joined: Wed Jan 17, 2024 7:00 pm

Post by klausus » Fri Jan 19, 2024 1:50 am
Hi James,

That works like a charm. Tested on Mac OS Sonoma 14.2.1. Thanks much, Klaus
3 posts Page 1 of 1