Issue with "Excluded Domains" options in apple.nextdns.io
Recently when I tried to create an Apple profile using apple.nextdns.io, specifying the list of domains I wanted to exclude, the domains remained resolved through NextDNS.
I found that the output `.mobileconfig` contains duplicated keys when we use "Excluded Domains". Here's the snippet:
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>DomainAction</key>
<string>NeverConnect</string>
<key>Domains</key>
<array>
<string>dav.orange.fr</string>
<string>msg.t-mobile.com</string>
</array>
</dict>
</array>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>DomainAction</key>
<string>NeverConnect</string>
<key>Domains</key>
<array>
<string>example.com</string>
<string>example.net</string>
</array>
</dict>
</array>
</dict>
The valid value would looks like:
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>DomainAction</key>
<string>NeverConnect</string>
<key>Domains</key>
<array>
<string>dav.orange.fr</string>
<string>msg.t-mobile.com</string>
<string>example.com</string>
<string>example.net</string>
</array>
</dict>
</array>
</dict>
Note: I don't know why there are `dav.orange.fr` and `msg.t-mobile.com`, since my excluded domains are only `example.com` and `example.net`.
At the moment, I use a non-signed profile since I need to edit the `.mobileconfig` file manually.
Please help with this issue, so we can still use the signed profile and the `.mobileconfig` work out of the box.
2 replies
-
Ha Ge Zi Thanks for the alternative!
I already tested it, and it works.
There are three points regarding the approach using the alternative:
- Since it's using the LetsEncrypt certificate, we need to update the signed profile every 90 days
- To overcome that, we can generate a non-signed profile and sign it manually using our own paid certificate to get a longer period :|
- Or, we keep using the non-signed profile (like I did previously)
I am still waiting for the NextDNS team to fix that so that we can use the official generator and have a signed profile with a longer period of certificate validity.
Anyway, thanks @hagezi for your block list, I am a user of your Pro++, and it works wonderfully!
Cheers!
-
Just ran into this problem myself.
Please also could you add the ability to configure this using the iOS app.
Content aside
-
4
Likes
- 1 yr agoLast active
- 2Replies
- 596Views
-
5
Following