How to disable Bonjour in Apple Mac OS X Tiger
12 Comments Published by Felipe Alfaro Solana August 19th, 2005 in Apple, Mac OS X, NetworkingI personally don’t want Bonjour (Zeroconf, mDNSResponder, Rendezvous) running all the time, because I rarely use it and because it gives away information such as your username, what services you’re running, computer name and more, depending on what you’re running. From a security perspective, you’re making it easy for an attacker to enumerate services and usernames without even having to do active scanning a lot of the time.
In order to permanently disabled the mDNSResponder daemon, run the following command:
launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
This will unload the daemon from memory and will modify the .plist file so the service will be permanently disabled and won’t be loaded during next startup. In fact, the previous command adds the lines highlighted in bold to the “/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist” file:
cat /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.apple.mDNSResponder</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>-launchdaemon</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
To reenable the service, simply issue:
launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
which will, in turn, remove the previously highlighted lines in bold from the “.plist” file.
NOTE: Disabling Bonjour breaks iTunes support for remote speakers.
12 Comments to “How to disable Bonjour in Apple Mac OS X Tiger”
- 1 Pingback on Jul 6th, 2007 at 09:16
- 2 Pingback on Aug 8th, 2008 at 02:23
- 3 Pingback on Aug 16th, 2008 at 12:46
You need to quote the XML you copied and pasted into your blog entry so that it shows up correctly. My browser is actually parsing it and rendering it as plain text without the XML tags.
I quoted the XML, so it should work now
Thanks, Cailean!
Yup, the XML is readable, but nothing is highlighted
Exactly which lines are added to the file?
It’s highlighted for me (and I’ve checked on Safary, Opera and Firefox). Anyways, these are the two lines that are highlighted:
OK, this unload it from memory and disables it from autoload, great tip. But other daemons/services, have a “required” line in the plist file, so mDNSresponder is launched at restart anyway.
Is it posible to prevent this from happen?. Will this services that have this “dependency” run without it?
It’s not a critical issue for me, but it will be great to have more control over this service.
Thank you!!.
do you know how to enable it ? Please let me know?
This breaks apple tv setup discovery
I never said that disabling Bonjour would not break anything
when I paste the above referenced line I get the following response.
launchctl: CFURLWriteDataAndPropertiesToResource(/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist) failed: -10
No such process
Also wondering why directory access has the bonjour checkbox ghost colored and cannot uncheck. I often see bonjour workaround in console when looking for stuff in my sys, thinking this just sucks that security on my mac has a flaw that may cause me problems. Any updates to this page or other way of disabling or blocking bonjour?