Protect your Mac against poisoned DNS servers

As my colleague, Preston Gralla, wrote today, the potential for the very serious DNS exploit to leave your Macintosh and network prone to attacks is significant. While most ISP's DNS servers are patched (Comcast and Verizon) or will be shortly (AT&T), some smaller companies have yet to update their DNS servers.

For instance, Apple has yet to update Leopard client or server to protect from this class of exploits.  Update: Just fixed today!

If you are on a wireless connection at a coffee bar or on a foreign company's wireless, your machine could be using an exploitable DNS server.

How to protect your Mac? Simply point your computers DNS setting toward a DNS server that has been patched. OpenDNS DNS servers have been patched against the exploit and are free to use across the network.

Obviously consult with your System Administrator before doing any of these settings. Corporate networks often have internal DNS mapping which won't be recorded in OpenDNS.

Assuming you are using Leopard:

First, Open up Your System Preferences/Network and chosse your means of connecting to the internet (usually Airport).

Picture_4.png

Then click on the Advanced button on the bottom right. Then click on the DNS tab.

Picture_3_1.png

Add the following DNS server's IP addresses and hit OK:

208.67.222.222

208.67.220.220

Picture_5_1.png

Once that is done hit Apply. At this point you should be using OpenDNS servers to resolve IP addresses. While the roundabout time of resolution might slow insignificantly, you will know that the DNS server you are using hasn't been corrupted by an exploit.

Related Post

Preston Gralla:

Protect yourself against poison DNS attacks in 30 seconds

rss_bug.jpg

Like this Apple blog? Subscribe to the RSS feed!

121?bg=99CCFF&fg=444444&anim=0
FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies