Viscosity allows you to easily specify DNS and WINS servers, along with corresponding DNS domains, to use while connected to your VPN connection. Once you are connected these settings will automatically override your normal DNS settings. Once you disconnect your normal settings will be automatically restored.

What are DNS and WINS?

The Domain Name System (DNS) allows your computer to automatically convert human-readable domains to computer-readable IP addresses. For example, when you type www.sparklabs.com.au into your web browser your computer will automatically ask your DNS server to convert this to an IP address it can use. Your DNS server should return the IP address of our server, and then your computer will contact the server using the IP address. Without a DNS server, or if the DNS server can't be reached, your may be unable to browse the web or access other computers.

The Windows Internet Name Service (WINS) is similar to DNS, however it is typically used to allow you to connect to Windows based computers, servers, and some printers using the computer's name (instead of having to use it's IP address). If you can't access Windows computers on the remote VPN network by name, but you can by IP address, then you'll probably need to specify a WINS server.

DNS Security

If you use Viscosity to ensure your security privacy on untrusted networks you should make sure you have specified a DNS server to use while connected. If you do not have a VPN server specified your computer may try and automatically use a DNS server on the network you are connected to, rather than access one through the VPN connection. This means an attacker could potentially identify what websites/servers you are contacting, or redirect you to fake websites, even if they can't view the actual network traffic. This is known as DNS leakage.

If you'd like to specify a DNS server to use, but don't wish to setup a DNS server yourself, you may like to use OpenDNS's or Google's public DNS servers:

OpenDNS Public DNS Servers

• 208.67.222.222
• 208.67.220.220

Google Public DNS Servers

• 8.8.8.8
• 8.8.4.4

In most cases your VPN provider will be remotely setting a DNS server for Viscosity to use. However if you are unsure, or are connecting to a OpenVPN server you have configured yourself, you should be aware of this issue.

Specifying DNS Servers In Viscosity

Viscosity allows you to specify DNS servers for each connection along with (optionally) corresponding DNS domains. This can be done easily like so:

1. Open Viscosity's Preferences window
2. Select your connection from the list and click the Edit button
3. Click on the Networking tab
   
   
   
   
4. Tick "Enable DNS support"
5. Enter your DNS server/s into the "DNS Servers" field. If you have more than one DNS server, separate each server using a space (" ") or a comma (",").
6. Enter your DNS domains to use into the "Domains" field, or leave this field blank if you don't have any. Separate multiple domains with a space or comma.
7. Click Save

Specifying WINS Servers In Viscosity

Viscosity also supports WINS servers. These must be set using the relevant OpenVPN command, rather than through the user interface, like so:

1. Open Viscosity's Preferences window
2. Select your connection from the list and click the Edit button
3. Click on the Advanced tab
   
   
   
   
4. Enter the command "dhcp-option WINS x.x.x.x" (without quotes) on a new line in the configuration command section. Replace x.x.x.x with the IP address of your WINS server.
5. If you have multiple WINS servers, repeat the above step for each server
6. Click Save

Pushing DNS/WINS Settings From The Server

It's also possible to inform Viscosity of DNS servers, WINS server, and Domains to use from the server's end by "pushing" out the relevant "dhcp-option" commands. This has the advantage of allowing the VPN administrator to change these settings (if required) without having to manually update them in each copy of Viscosity.

Push DNS Servers

To push out DNS settings from the server, the following command can be entered into the OpenVPN configuration file. Replace x.x.x.x with the IP address of the DNS server to use. Multiple push commands can be used to push more than one DNS server.

push "dhcp-option DNS x.x.x.x"

Push DNS Domains

DNS search domains can also be pushed from the server using the following command. Replace example.com with the desired search domain to use. Multiple push commands can be used to push more than one domain.

push "dhcp-option DOMAIN example.com"

Push WINS Servers

WINS servers can be pushed out in a similar fashion to DNS servers. Replace x.x.x.x with the IP address of the WINS server to use. Multiple push commands can be used to push more than one WINS server.

push "dhcp-option WINS x.x.x.x"

Checking Which DNS Servers Are Being Used

The following instructions allow you to determine what DNS servers your computer is using. You can follow these instructions while your VPN connection is active to determine what DNS servers are being set (if any) by the remote VPN server, or to check that your DNS servers (and domains) are being correctly set when the VPN connection is activated.

1. Open the Terminal application. This can be found at /Applications/Utilities/Terminal.app
   
2. Enter the following command into the window that appears, and then press Return or Enter on your keyboard.
   scutil --dns
   
   
   
   
3. Your computer's DNS settings should be displayed (you may have to scroll upwards to view the start). In most cases these details will be listed under "resolver #1". The "nameserver[x]" entries are your DNS servers (where x indicates their order), while the "domain" entries are your DNS search domains.
4. Quit Terminal from the File menu when finished