Programmatically change DNS Servers

We are currently developing a parental control software which is based on DNS Servers basically we are provising DNS servers for various age ranges. Here we need a way to setup the "correct" dns servers ip adresses for a given age.

Basically we use "networksetup -setdnsservers ... " seems to work fine on my dev box (which is running 10.14 Mojave). We are calling networksetup from within a c# app but WITHOUT sudo. The app running on Yosemite WILL ask to run elevated. But it will only work if sudo is added.


So the question is why networksetup is running without sudo on 10.14 and the same procedure is asking for the root password on 10.10 (although not running).


Maybe other ways (e.g. using the SystemConfiguration framework) might be an option here ?


Any ideas and help appreciated.


best


Carsten

Up vote post of hcarsten Down vote post of hcarsten
1.2k views
Posted by
hcarsten
Reply
Add a Comment

Replies

Maybe other ways (e.g. using the SystemConfiguration framework) might be an option here?

Yes. Using a command-line tool as an API is generally a bad idea, even more so when there’s a full-featured public API behind that tool.

As to why you’re seeing different behaviour with 

networksetup
, that’s a surprisingly complex issue. The tool calls SystemConfiguration framework, which uses Authorisation Services to authorise the operation (see the discussion around 
SCPreferencesCreateWithAuthorization
). Authorization Services is rather complex, but one of its features is the ability to use an existing credential to satisfy a new authorisation request. Back in the day I wrote a Q&A to explain the ins’n’outs of this (QA1277 Security Credentials) but to this day I’m not 100% sure I got it right.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment