MacOS: DNS proxy extension does not start automatically.

App & System Services Core OS
dmytrofromukrainka OP
Created Dec ’21
Replies 3
Boosts 0
Views 856
Participants 2

Hi everyone,

We've developed the MacOS app which contains System Network Extension (DNS proxy). The app and extension are signed with Developer ID and notarized. We install the app to target mac's through MDM.

For some reason, MacOs does not start the DNS proxy automatically after installing. But this way works perfectly for iOS. The MDM profile contains the System Extension and DNS proxy options.

The question #1: should the MacOS activate and start DNS proxy automatically as iOS does. Or in this case we need to start the DNS proxy from the app programatically only. I mean using OSSystemExtensionRequest.activationRequest and NEDNSProxyManager.

The question #2: does MacOS support the DNS proxy provider configuration (Vendor specific configuration values) ? is there another way to pass some values from MDM to MacOS app and/or extension ?

It looks like there is no reason to believe that signing, notarization or MDM profile has some kind of mistakes or issues. We are able to install the app, activate extension and start it through NEDNSProxyManager programmatically from the app, without interaction with the user at all. But it would be good to be able to start the extension automatically and pass some values from MDM

Thanks in advance for your help and happy New Year!

Dima

Replies  3
Boosts  0
Views  856
Participants  2
Systems Engineer OP
Apple
Dec ’21

The question #1: should the MacOS activate and start DNS proxy automatically as iOS does. Or in this case we need to start the DNS proxy from the app programatically only. I mean using OSSystemExtensionRequest.activationRequest and NEDNSProxyManager.

The startup process in macOS does work a lot differently that iOS. As mentioned, iOS installs the network configuration, and then once the user allows configuration it is up and running. Once the app is installed on macOS, the activationRequest has to run to install the Network System extension and that prompt needs to be allowed by the user, and then the Network Configuration prompt also needs to be allowed by the user. The Network System Extension prompt can be auto-allowed with MDM, but the Network Configuration prompt cannot on macOS.

Regarding:

The question #2: does MacOS support the DNS proxy provider configuration (Vendor specific configuration values) ? is there another way to pass some values from MDM to MacOS app and/or extension ?

Yeah, in Apple Configurator 2 checkout the Provider configuration field where you can add the Vendor Specified Configuration.

Regarding:

It looks like there is no reason to believe that signing, notarization or MDM profile has some kind of mistakes or issues.

I suspect you are right and just need to run the activationRequest from container to install and start the proxy provider.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
dmytrofromukrainka OP
Dec ’21

Hi, @meaton. Thanks for the reply.

The Network System Extension prompt can be auto-allowed with MDM, but the Network Configuration prompt cannot on macOS.

Does it mean that it is impossible to make DNS proxy workable without user interaction, even if the user's Mac is enrolled to MDM ?

0
Systems Engineer OP
Apple
Dec ’21

Does it mean that it is impossible to make DNS proxy workable without user interaction, even if the user's Mac is enrolled to MDM ?

On macOS, yes. Only a Content Filter Provider on macOS can have the Network System Extension and the Network Configuration prompts auto-allowed. For a NEDNSProxyProvider, the user will still need to allow the Network Configuration.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
MacOS: DNS proxy extension does not start automatically.
First post date Last post date
 
 
Q