From b668c86084af4086218d661b2f62145e9764335f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20L=C3=B6nnhager?= <david.l@mullvad.net>
Date: Tue, 24 Sep 2024 18:29:50 +0200
Subject: [PATCH 1/2] Do not touch DNS config if localhost is used

Co-authored-by: Markus Pettersson <markus.pettersson@mullvad.net>
---
 talpid-core/src/dns/macos.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/talpid-core/src/dns/macos.rs b/talpid-core/src/dns/macos.rs
index 78f455068859..dbfd056d015e 100644
--- a/talpid-core/src/dns/macos.rs
+++ b/talpid-core/src/dns/macos.rs
@@ -173,6 +173,10 @@ impl State {
             match settings {
                 // Do nothing if the state is already what we want
                 Some(settings) if settings.address_set() == desired_set => (),
+                // Ignore loopback addresses
+                Some(settings) if settings.ips().any(|ip| ip.is_loopback()) => {
+                    log::trace!("Not updating DNS config: localhost is used");
+                }
                 // Apply desired state to service
                 _ => {
                     let path_cf = CFString::new(path);
@@ -280,6 +284,12 @@ impl DnsSettings {
         BTreeSet::from_iter(self.server_addresses())
     }
 
+    pub fn ips(&self) -> impl Iterator<Item = IpAddr> {
+        self.server_addresses()
+            .into_iter()
+            .filter_map(|addr| addr.parse::<IpAddr>().ok())
+    }
+
     /// Parses a CFArray into a Rust vector of Rust strings, if the array contains CFString
     /// instances only, otherwise `None` is returned.
     fn parse_cf_array_to_strings(array: CFArray) -> Option<Vec<String>> {

From a169d15c855f5c7eb55a6f4968311d5c7608d469 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20L=C3=B6nnhager?= <david.l@mullvad.net>
Date: Tue, 24 Sep 2024 18:35:11 +0200
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3962a66f7842..42ca200024eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,8 @@ Line wrap the file at 100 chars.                                              Th
 #### macOS
 - Disable split tunnel interface when disconnected. This prevents traffic from being sent through
   the daemon when the VPN is disconnected.
+- Don't hijack DNS when localhost is configured. This is more in line with other platforms.
+  Unexpected DNS traffic is still blocked when leaving the host.
 
 ### Fixed
 #### Linux