Skip to main content

Step 9: Configure DNS

In this step, you will complete your VPN configuration by setting up your DNS settings. This will allow you to resolve platform-specific Crime domains when connected to the VPN, such as:

Detailed guidance is also available in this document

Prerequisites

  • You should have your Tunnelblick VPN mostly configured from Step 8

Configure Dnsmasq

Dnsmasq is used as a local DNS server that forwards queries to upstream DNS servers when you are connected to the VPN.

Run self-service script in your terminal:

./self-service/run.sh dns

This script will:

  • Check if you have dnsmasq installed and prompt you to install it using homebrew if not
  • Verify if dnsmasq is running on your machine
  • Locate your dnsmasq config file as it can be in two different locations depending on whether you have an Intel or Apple Silicon Mac
  • Append the required configuration from a template into your dnsmasq config file
  • Run dnsmasq test command to verify your configuration is valid

Option B: Manual Configuration

If you do not want to use the script you should install dnsmasq yourself and ensure it is running.

Then copy and paste the contents of this template file at the end of the configuration file which may be located in one of the following paths:

  • /usr/local/etc/dnsmasq.conf (Intel Macs)
  • /opt/homebrew/etc/dnsmasq.conf (Apple Silicon Macs)

Set your macOS DNS to use dnsmasq

Once you have confirmed that your dnsmasq is running with correct configuration, you need to set your macOS network settings to use dnsmasq as the primary DNS server.

  1. Open macOS Settings
  2. Go to Network or WiFi
  3. Click Details on your active connection
  4. On the panel to the left click DNS
  5. By default there should be no entries there just your ISP defaults
  6. Click the + button to add a new DNS server
  7. Enter 127.0.0.1 and press enter - you can close the settings app now

Provided that you are connected to the VPN you should be able to access platform domains while rest of the traffic should still go through your regular connection.

📋 View screenshot: macOS Settings App macOS Settings App
📋 View screenshot: macOS Wifi Settings macOS Wifi Settings
📋 View screenshot: macOS DNS Settings macOS DNS Settings
📋 View screenshot: macOS Set local DNS macOS Set local DNS

Verify your VPN and DNS configuration

To verify everything is working correctly:

  1. Disable Global Protect - you cannot have Tunnelblick and Global Protect active at the same time because Global Protect overwrites all other configuration
  2. Connect your Tunnelblick VPN
  3. Open new browser window and verify you can access:

⚠️ Disabling Global Protect is important - you will not be able to access Crime resources otherwise.You can re-enable it once you are done accessing Crime resources.

📋 View screenshot: Disable Global Protect Disable Global Protect Global Protect disabled
📋 View screenshot: Jenkins dashboard Jenkins Dashboard
📋 View screenshot: Gerrit Code Review Gerrit Code Review

Summary Checklist

Dnsmasq installed, configured and running

macOS DNS set to 127.0.0.1

Global Protect disabled

Successfully connected Tunnelblick VPN

Able to access Gerrit Code Review and Jenkins sites

Next step: Step 10: Configure SSH

← Back to onboarding overview

This page was last reviewed on 9 December 2025. It needs to be reviewed again on 9 June 2026 by the page owner platops-build-notices .
This page was set to be reviewed before 9 June 2026 by the page owner platops-build-notices. This might mean the content is out of date.