macOS app no longer seems to work after upgrading to macOS 12.4
Just upgraded to Monterey 12.4 and it doesn't appear that the macOS app is working anymore
- App is enabled with a Configuration ID set
- visiting test.nextdns.io shows that it is not connecting by DoH (expected result is that you would be)
- NextDNS Account panel shows an amber status up the top, with a message that the NextDNS configuration is not being used
I tried a configuration profile but I get the same result. Manually adding my configurations' DNS servers in System Preferences does work (it shows up in my logs), but the traffic isn't DoH (which is expected) so this workaround isn't ideal.
29 replies
-
Not sure if it is a related issue or not, but NextDNS doesn't seem to be working at all for me on macOS 12.0.1 either. The issue just came up randomly tonight for me. Might not be a version-specific concern after all. Figured I would just throw that out there.
-
Same issue. macOS app is not working for my macbook as well as my friends from May 17th 9:00 AM (UTC+9). I use nextdns for a Raspbian, iPads, iPhones, androids, Windows 11 PCs. No other devices are affected but only 2 macbooks.
Both macbooks are 12.3.1 (not updated to latest version yet)
-
For me, updating to macOS12.4 gives the following:
- test.nextdns.io shows: ""status": "ok","protocol": "DOH",
- ads are not blocked in safari, but are blocked in firefox
(iCloud relay is "off")
Makes no sense to me!
-
My MacOS 12.4 has the same problem and is not working
-
And also same behaviour on iOS 15.5:
- test.nextdns.io is OK
- ads are not blocked
Definitively seems that the update broke something
-
iOS 15.5 working without any issues on my end, the only issue is macOS 12.4
-
Updated to macOS 12.4 and now NextDNS app doesn't work any more on my MBP. DNS profile and CLI work as expected but I still prefer the app because it works well with Tailscale. Hope this will be fixed soon.
-
Same here – updated macOS to 12.4, and the nextdns.io app apparently stopped doing much if anything at all. Setting Prefs > Network > DNS to 45.90.28.166 seems to help, though.
-
Still on 12.3.1 (derp), and seeing ads in Safari (15.4) and Chrome today?
Going to my.nextdns.io shows me "This device is not using NextDNS" even though it's clearly enabled. -
Same here, both on Mac and iOS. Doesn't work with app, doesn't work with manual profile reinstallation.
-
+1 here too. Was broken on 12.3.1, upgraded to 12.4, still broken.
-
Ah I thought it was just me. I spent the entire evening to switching back and forth between NextDNS app and NextDNS profile on macOS Monterey hoping that it would be fixed. Both doesn't seem to work.
Works fine on my Android phone using Private DNS entry. -
I also just noticed issues.
Details:
- Issues for me are on macOS 12.3.1 (so it's probably not related to 12.4) with the NextDNS app. I'm seeing my ISP DNS and the status icon is red. My ISP DNS is also shown in leak tests
- The profile on macOS 12.3.1 still works, the icon is green mostly* and my ISP DNS is not shown in leak tests
- iCloud Private Relay on or off doesn't matter, the app does not work, the profile does
- On iOS 15.4.1, the app seems to work fine still
* About mostly: The setup tab (used in Brave, no Private Relay) currently shows my ISP and a red icon, even though I'm still seeing the log reflecting pages visited.
-
Since macos12.4 update nothing works, not the App, not the config profile, iCloud private relay is off..
-
WORKING WORKAROUND:
in macOS, open a terminal and install NextDNS via CLI:
sh -c "$(curl -sL https://nextdns.io/install)"
If in the future you want to remove NextDNS again, use the exact same command and choose "remove NextDNS".
-
We found the issue and put a temporary fix in place. We are working on a long term solution.
-
NextDNS Can you please describe the issue and the workaround?
-
Rob bear with me, as it is going to be a bit technical: Our TLS certificate provider decided (without notice) to stop embedding SCTs in the certificates themselves, but to put them in the OCSP staples. This is an optimization and should have been transparent to us, but it broke our custom certificate check we have in the macOS app which is expecting SCTs embedded. This custom certificate check is here to workaround SNI blocking of our DoH hostnames.
As a short term fix, we reverted the active certificate for dns.nextdns.io to the one of the previous week (we have a weekly staggered delayed rotation of all our certs) that was still embedding the SCTs in to make our macOS app happy. We are working on a fix of the app that will be rolled soon. In the meantime, our automated certificate manager has been set to hold on this version of the certificate (with the embed SCTs) until the new version of the macOS app with the fix is fully deployed.
We are sorry for the inconvenience. Such third party dependency changes indirect impacts are challenging to anticipate.
-
NextDNS This is so good news and thanks for the technical description! Such fast issue solving is why your service is the best!!
-
NextDNS Thank you for this update!
-
NextDNS Have you reverted to use the cert that has no embeded SCTs? This has broken many third party apps that try to use nextdns on MacOS and iOS. For example, any app that is built with golang cannot validate your certificate (issue here: https://github.com/golang/go/issues/51991), with the error saying "certificate is not standards compliant".
Is it possible to ask your cert provider to provide certs with embeded SCTs until golang has fixed this issue or can you switch to another cert provider? Thanks.
-
-
Mine is still doing this on iPad so 15.5
Content aside
- Status Fixed
-
9
Likes
- 2 yrs agoLast active
- 29Replies
- 1578Views
-
24
Following