Merge branch 'macos-ignore-loopback-dns'

mullvad · Sep 25, 2024 · b806916 · b806916
2 parents 7b54ec3 + a169d15
commit b806916
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -42,6 +42,8 @@ Line wrap the file at 100 chars.                                              Th
 #### macOS
 - Disable split tunnel interface when disconnected. This prevents traffic from being sent through
   the daemon when the VPN is disconnected.
+- Don't hijack DNS when localhost is configured. This is more in line with other platforms.
+  Unexpected DNS traffic is still blocked when leaving the host.
 
 ### Fixed
 #### Linux

diff --git a/talpid-core/src/dns/macos.rs b/talpid-core/src/dns/macos.rs
@@ -173,6 +173,10 @@ impl State {
             match settings {
                 // Do nothing if the state is already what we want
                 Some(settings) if settings.address_set() == desired_set => (),
+                // Ignore loopback addresses
+                Some(settings) if settings.ips().any(|ip| ip.is_loopback()) => {
+                    log::trace!("Not updating DNS config: localhost is used");
+                }
                 // Apply desired state to service
                 _ => {
                     let path_cf = CFString::new(path);
@@ -280,6 +284,12 @@ impl DnsSettings {
         BTreeSet::from_iter(self.server_addresses())
     }
 
+    pub fn ips(&self) -> impl Iterator<Item = IpAddr> {
+        self.server_addresses()
+            .into_iter()
+            .filter_map(|addr| addr.parse::<IpAddr>().ok())
+    }
+
     /// Parses a CFArray into a Rust vector of Rust strings, if the array contains CFString
     /// instances only, otherwise `None` is returned.
     fn parse_cf_array_to_strings(array: CFArray) -> Option<Vec<String>> {