How to disable Bonjour in Apple Mac OS X Tiger

August 19th, 2005

I personally don’t want Bonjour (Zeroconf, mDNSResponder, Rendezvous) running all the time, because I rarely use it and because it gives away information such as your username, what services you’re running, computer name and more, depending on what you’re running. From a security perspective, you’re making it easy for an attacker to enumerate services and usernames without even having to do active scanning a lot of the time.

In order to permanently disabled the mDNSResponder daemon, run the following command:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

This will unload the daemon from memory and will modify the .plist file so the service will be permanently disabled and won’t be loaded during next startup. In fact, the previous command adds the lines highlighted in bold to the “/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist” file:

cat /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.apple.mDNSResponder</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>-launchdaemon</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>

To reenable the service, simply issue:

launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

which will, in turn, remove the previously highlighted lines in bold from the “.plist” file.

NOTE: Disabling Bonjour breaks iTunes support for remote speakers.

Posted in Apple, Mac OS X, Networking | 12 Comments »

12 Responses to “How to disable Bonjour in Apple Mac OS X Tiger”

  1. Walt-O-Matic » Blog Archive » Macbook Pro: Network connectivity just disappears Says:
    July 6th, 2007 at 9:16 AM

    [...] even while Apple has a way to disable Bonjour, I’m not sure that I want to, nor am I 100% convinced this is the problem, but is more likely [...]

  2. Cailean Says:
    November 20th, 2007 at 8:55 AM

    You need to quote the XML you copied and pasted into your blog entry so that it shows up correctly. My browser is actually parsing it and rendering it as plain text without the XML tags.

  3. Felipe Alfaro Solana Says:
    November 20th, 2007 at 4:19 PM

    I quoted the XML, so it should work now :)

    Thanks, Cailean!

  4. Geir Aalberg Says:
    January 17th, 2008 at 2:23 AM

    Yup, the XML is readable, but nothing is highlighted :(

    Exactly which lines are added to the file?

  5. Felipe Alfaro Solana Says:
    February 5th, 2008 at 4:46 AM

    It’s highlighted for me (and I’ve checked on Safary, Opera and Firefox). Anyways, these are the two lines that are highlighted:

    Disabled

    :)

  6. Crantall Says:
    February 25th, 2008 at 2:13 PM

    OK, this unload it from memory and disables it from autoload, great tip. But other daemons/services, have a “required” line in the plist file, so mDNSresponder is launched at restart anyway.
    Is it posible to prevent this from happen?. Will this services that have this “dependency” run without it?
    It’s not a critical issue for me, but it will be great to have more control over this service.
    Thank you!!.

  7. Mac Interop: Networking | Concentrated Technology Says:
    August 8th, 2008 at 2:23 AM

    [...] The only real caveat with Mac networking is Bonjour (formerly Rendezvous), a sort of plug-n-play protocol that relies on DNS trickery and broadcasts in order to advertise and locate network services, like iTunes’ Remote Speakers, Bonjour-enabled printers and network gateways, and more. You might not notice if this protocol is even running – it’s not as chatty as NetBIOS, although it serves a similar function – but you can turn it off, permanently, if you want to. Just open Terminal (it’s in the Utilities folder) and read this article. [...]

  8. Tech.It.To.Me->{By.Anton.Perez} » mDNSResponder errors on MacBook Pro Says:
    August 16th, 2008 at 12:46 PM

    [...] culprit: Apple’s Bonjour service.  To disable it, here’s the complete how-to article, but the command you need to run [...]

  9. Jessica Lopez Says:
    April 12th, 2009 at 10:30 AM

    do you know how to enable it ? Please let me know?

  10. colin Says:
    May 3rd, 2009 at 11:27 PM

    This breaks apple tv setup discovery

  11. Felipe Alfaro Solana Says:
    May 3rd, 2009 at 11:47 PM

    I never said that disabling Bonjour would not break anything ;)

  12. robert Says:
    June 9th, 2009 at 12:20 PM

    when I paste the above referenced line I get the following response.

    launchctl: CFURLWriteDataAndPropertiesToResource(/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist) failed: -10
    No such process

    Also wondering why directory access has the bonjour checkbox ghost colored and cannot uncheck. I often see bonjour workaround in console when looking for stuff in my sys, thinking this just sucks that security on my mac has a flaw that may cause me problems. Any updates to this page or other way of disabling or blocking bonjour?

Leave a Reply