Protect your Mac against poisoned DNS servers

As my colleague, Preston Gralla, wrote today, the potential for the very serious DNS exploit to leave your Macintosh and network prone to attacks is significant. While most ISP's DNS servers are patched (Comcast and Verizon) or will be shortly (AT&T), some smaller companies have yet to update their DNS servers.

For instance, Apple has yet to update Leopard client or server to protect from this class of exploits.  Update: Just fixed today!

If you are on a wireless connection at a coffee bar or on a foreign company's wireless, your machine could be using an exploitable DNS server.

How to protect your Mac? Simply point your computers DNS setting toward a DNS server that has been patched. OpenDNS DNS servers have been patched against the exploit and are free to use across the network.

Obviously consult with your System Administrator before doing any of these settings. Corporate networks often have internal DNS mapping which won't be recorded in OpenDNS.

Assuming you are using Leopard:

First, Open up Your System Preferences/Network and chosse your means of connecting to the internet (usually Airport).


Then click on the Advanced button on the bottom right. Then click on the DNS tab.


Add the following DNS server's IP addresses and hit OK:


Once that is done hit Apply. At this point you should be using OpenDNS servers to resolve IP addresses. While the roundabout time of resolution might slow insignificantly, you will know that the DNS server you are using hasn't been corrupted by an exploit.

Related Post

Preston Gralla:

Protect yourself against poison DNS attacks in 30 seconds


Like this Apple blog? Subscribe to the RSS feed!


Copyright © 2008 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon