1

MacOS profile not working in Ventura 13.1

Hello,

I've configured my home router to distribute by default the NextDNS IPv4 DNS servers through DHCP. 

Then I've generated and installed a MacOS profile for my MacMini M1 running Ventura 13.1.

No matter whether the profile is correctly installed, the OS is still using the NextDNS IPv4 servers.

sudo /usr/bin/profiles -P
Marco [1] attribute: profileIdentifier: io.nextdns.xxxxx.profile
There are 1 configuration profiles installed

 

scutil --dns
DNS configuration

resolver #1
  search domain[0] : router
  nameserver[0] : 45.90.28.32
  if_index : 13 (en1)
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : router
  nameserver[0] : 45.90.28.32
  if_index : 13 (en1)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

 

Connecting to test.nextdns.io using Safari

{
"status": "ok",
"protocol": "UDP",
"profile": "xxxxxxxxxxxxx",
"client": "xxxxxxxxxxxxx",
"srcIP": "xxxxxxxxxxxxx",
"destIP": "45.90.28.32",
"anycast": true,
"server": "zepto-mil-1",
"clientName": "unknown"
}

 

Connecting to test.nextdns.io using Microsoft Edge with manually configured NextDNS DoH 

{
"status": "ok",
"protocol": "DOH",
"profile": "xxxxxxxxxxxxx",
"client": "xxxxxxxxxxxxx",
"srcIP": "xxxxxxxxxxxxx",
"destIP": "192.145.127.148",
"anycast": false,
"server": "zepto-mil-1",
"clientName": "chrome",
"deviceName": "Edge MacOS",
"deviceID": "xxxxxxxxxxxxx"
}

 

What's wrong? How can I set up MacOS to use NextDNS DoH across all the OS?

13replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I was also not able to get NextDNS to work properly on an M1 Mac with macOS 13.1, using profiles. Using the NextDNS app however seems to be doing the trick. Pro: Quick access to disable NextDNS/change profile. Cons: No automated exclusion of wifi SSIDs, no hardcoded client name.

    Like 1
      • Marco
      • Marco.2
      • 4 mths ago
      • Reported - view

      ionos isn't the NextDNS app setting up a persistent VPN tunnel? It's a bit more invasive than just setting up a DNS profile :( 

      Like
      • ionos
      • ionos
      • 4 mths ago
      • Reported - view

      Marco You're right, on macOS it still does that (iOS seems to have a dedicated OS-supported DNS-proxy mechanism).

      Like
  • The same problem here with the Mac Profile, it doesn't work properly on an M1 Pro MacBook with macOS 13.1.

    The VPN tunnel with the NextDNS Mac App works fine but as said above by ionos it's a bit too invasive for my taste.

    Like
  • Thanks for your inputs here! I hope NextDNS can chime in and clarify whether the issue is already known and they are working on a fix.

    Like
  • Please could anybody from NextDNS support us here? Thanks

    Like
  • I am having the same problem too. Profile not working, only Mac app is working.

    Still no fix after 2 months?

    Like
  • Same here. 

    Like
  • Use Adguard Home + Custom DNS to use NextDNS on a mac, then you have a pause/off button you can use when need be. 

    Superior solution and its developed more rapidly. 

    Like
  • Having the same problem on Ventura 13.4. Any solutions to this?

    Like
  • Some applications, such as Cisco AnyConnect, install their own profiles that automatically launch and interfere with the NextDNS profile, you should disabling it.

    You can check this by going to the settings section: Networks → VPN & Filters → and at the bottom, there will be a section called VPN & Proxies. Disable all profiles, especially those related to DNS, and activate the NextDNS profile.

    Like
    • SimWhite I just have only one profile - NextDNS. It still doesn't work. I've restarted my router and Mac multiple times.

      Like
  • Correct, only one can be enabled at one time. Since I am using Symantec (SEP) Antivirus, I cannot enable any other DNS / DoH etc. This happen to any DoH including AdGuard, so this is not NextDNS problem.

    Like
Like1 Follow
  • 1 Likes
  • 23 hrs agoLast active
  • 13Replies
  • 273Views
  • 8 Following