Page 1 of 1

Full DNS still leaking

Posted: Mon Feb 10, 2020 1:44 am
by dlman1890
I've set my VPN configuration to "Full DNS (Use VPN DNS for all traffic)" but I'm still seeing the original resolver using scutil --dns. It looks like all IPV6 queries (and any queries not resolved by my vpn) will be leaking. Ideally I want no split-tunneling at all with that option enabled (like tunnelblick and pritunl). Is there any way to accomplish this with Viscosity? Perhaps I am doing something wrong.

resolver #1
search domain[0] : utun10.viscosity
nameserver[0] :
if_index : 17 (utun10)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)

resolver #2
search domain[0] :
nameserver[0] : 2001:558:feed::1
nameserver[1] : 2001:558:feed::2
nameserver[2] :
nameserver[3] :
if_index : 6 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)

Re: Full DNS still leaking

Posted: Mon Feb 10, 2020 8:11 am
by James
Hi dlman1890,

If your VPN connection is IPv4 only, and your underlying network connection supports IPv6, you'll likely want to enable the "Block IPv6 traffic while connected to IPv4-only VPN connections" option: ... work-leaks

macOS will not attempt to fall back to "resolver #2" if your VPN server can't resolve a query. Additional resolvers will only be used if your primary VPN DNS server/s are completely unreachable.