Merge branch 'disable-chrome-dns-resolver'

2 files changed, 11 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 66500519a6..34c22f9ae3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -55,6 +55,10 @@ Line wrap the file at 100 chars.                                              Th
 - Always kill `sslocal` if the tunnel monitor fails to start when using bridges.
 - Show relay location constraint correctly in the CLI when it is set to `any`.
 
+#### macOS
+- Disable built-in DNS resolver in Electron. Prevents Electron from establishing connections to
+  DNS servers set in system network preferences.
+
 #### Windows
 - Fix app size after changing display scale.
 - Fix daemon not starting if all excluded app paths reside on non-existent/unmounted volumes.
diff --git a/gui/src/main/index.ts b/gui/src/main/index.ts
index ede8384e67..5bce63cc2d 100644
--- a/gui/src/main/index.ts
+++ b/gui/src/main/index.ts
@@ -463,6 +463,13 @@ class ApplicationMain {
   }
 
   private onReady = async () => {
+    // Disable built-in DNS resolver.
+    app.configureHostResolver({
+      enableBuiltInResolver: false,
+      secureDnsMode: 'off',
+      secureDnsServers: [],
+    });
+
     // There's no option that prevents Electron from fetching spellcheck dictionaries from
     // Chromium's CDN and passing a non-resolving URL is the only known way to prevent it from
     // fetching.  https://github.com/electron/electron/issues/22995