Best way to install as service on Mac?

I installed as per https://github.com/nextdns/nextdns/wiki/MacOS ... but this then needs to be started manually each time.

What's the best way to install as a service/daemon/launch agent?

Does someone have a .plist?

Would be nice to include that in the above wiki page.


8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I’m using a Mac and do not have this problem.   In the past I used the app, so maybe that created a setting that I’m not aware of.

  • Now I recall from some time ago:

    sudo nextdns config set -auto-activate

    For additional options:

    Usage of  nextdns config set:
            Run activate at startup and deactivate on exit.
            Bogus private reverse lookups.
            All reverse lookups for private IP ranges (ie 192.168.x.x, etc.) are
            answered with "no such domain" rather than being forwarded upstream.
            The set of prefixes affected is the list given in RFC6303, for IPv4
            and IPv6. (default true)
      -cache-max-age duration
            If set to greater than 0, a cached entry will be considered stale after
            this duration, even if the record's TTL is higher.
      -cache-size string
            Set the size of the cache in byte. Use 0 to disable caching. The value
            can be expressed with unit like kB, MB, GB. The cache is automatically
            flushed when the pointed configuration is updated. (default "0")
      -config value
            NextDNS custom configuration id.
            The configuration id can be prefixed with a condition that is match for
            each query:
            * A CIDR can be used to restrict a configuration to
              a subnet.
            * 00:1c:42:2e:60:4a=abcdef: A MAC address can be used to restrict
              configuration to a specific host on the LAN.
            This parameter can be repeated. The first match wins.
      -config-file string
            Custom path to configuration file.
      -control string
            Address to the control socket. (default "/var/run/nextdns.sock")
            Automatic detection of captive portals and fallback on system DNS to
            allow the connection to establish.
            Beware that enabling this feature can allow an attacker to force nextdns
            to disable DoH and leak unencrypted DNS traffic.
      -discovery-dns string
            The address of a DNS server to be used to discover client names.
            If not defined, the address learned via DHCP will be used. This setting
            is only active if report-client-info is set to true.
      -forwarder value
            A DNS server to use for a specified domain.
            Forwarders can be defined to send proxy DNS traffic to an alternative
            DNS upstream resolver for specific domains. The format of this parameter
            is [DOMAIN=]SERVER_ADDR[,SERVER_ADDR...].
            A SERVER_ADDR can ben either an IP[:PORT] for DNS53 (unencrypted UDP,
            TCP), or a HTTPS URL for a DNS over HTTPS server. For DoH, a bootstrap
            IP can be specified as follow: https://dns.nextdns.io#
            Several servers can be specified, separated by comas to implement
            This parameter can be repeated. The first match wins.
      -listen value
            Listen address for UDP DNS proxy server.
            Log DNS queries.
      -max-ttl duration
            If set to greater than 0, defines the maximum TTL value that will be
            handed out to clients. The specified maximum TTL will be given to
            clients instead of the true TTL value if it is lower. The true TTL
            value is however kept in the cache to evaluate cache entries
            freshness. This is best used in conjunction with the cache to force
            clients not to rely on their own cache in order to pick up
            configuration changes faster.
            Embed clients information with queries.
            Automatically configure NextDNS for a router setup.
            Common types of router are detected to integrate gracefuly. Changes
            applies are undone on daemon exit. The listen option is ignored when
            this option is used.
      -timeout duration
            Maximum duration allowed for a request before failing. (default 5s)
            Lookup /etc/hosts before sending queries to upstream resolver. (default true)
      • Ze'ev
      • Zeev
      • 9 mths ago
      • Reported - view

      Calvin Hobbes  I already have

      auto-activate true

      but there is nothing nextdns in launchctl list

    • Ze'ev are you having a parallel conversation about this on GitHub?  Olivier is the main developer and knows the system far better than I do.

      I don’t know the answer to your question.   I just know  the nextdns service automatically starts  for me after restarting the system.

  • Ze'ev

    From your dashboard use the Apple Configuration Profile Generator available at apple.nextdns.io.

    Click advanced
    Give the Device a name and select a model from the list
    Then select Trust NextDNS Root CA and Sign Configuration Profile

    So much easier and a lot simpler than setting other stuff

    Tested working on Catalina mac (10.15.7)

    Like 1
      • Ze'ev
      • Zeev
      • 7 mths ago
      • Reported - view

      Terry Webbs The thing says "macOS Big Sur or higher" ... yet working for you on Catalina?

      Anyway I've tried that a few times, just installed it again, and I still get "This device is using NextDNS with no configuration."

  • Did you ever try that suggestion to disable DoH in Chrome

    when disabled run this again

    • itsok889
    • ดูหนังออนไลน์, เว็บดูหนังฟรี, ดูหนังออนไลน์HD, ดูหนังออนไลน์ชัด
    • itsok889
    • 7 mths ago
    • Reported - view

    ขอบคุณสำหรับข้อมูลที่ดี และเป็นข้อมูลที่เป็นประโยชน์อย่างยิ่ง

Like Follow
  • 7 mths agoLast active
  • 8Replies
  • 301Views
  • 4 Following