search

objective-see / DNSMonitor

A DNS Monitor, leveraging Apple's NEDNSProxyProvider/Network Extension Framework
GNU General Public License v3.0
167 stars 20 forks source link

block functionality not working #6

Closed web-xyz closed 7 months ago

web-xyz commented 1 year ago

Apparently the block functionality doesn't work using DNSMonitor 1.0.0 on MacOS Ventura 13.6.1, see below.

% cat /tmp/blocklist.json                                                         
[
  "google.com",
  "172.217.175.46"
]
% /Applications/DNSMonitor.app/Contents/MacOS/DNSMonitor -block /tmp/blocklist.json
2023-10-31 20:09:26.821 DNSMonitor[48444:1184356] Started com.objective-see.dnsmonitor (pid: 48444, parent: com.apple.Terminal) 
2023-10-31 20:09:26.822 DNSMonitor[48444:1184356] toggling System Extension (action: 1)
2023-10-31 20:09:26.822 DNSMonitor[48444:1184356] creating 'OSSystemExtensionRequest' activation request
2023-10-31 20:09:26.822 DNSMonitor[48444:1184356] submitting request...
2023-10-31 20:09:26.919 DNSMonitor[48444:1184360] method '-[Extension requestNeedsUserApproval:]' invoked with <OSSystemExtensionActivationRequest: 0x600000d52190>
2023-10-31 20:09:30.562 DNSMonitor[48444:1184360] method '-[Extension request:didFinishWithResult:]' invoked with <OSSystemExtensionActivationRequest: 0x600000d52190>, 0
2023-10-31 20:09:30.562 DNSMonitor[48444:1184360] starting network extension...
2023-10-31 20:09:30.564 DNSMonitor[48444:1184356] activating network extension...
2023-10-31 20:09:32.623 DNSMonitor[48444:1184360] enabled extension ('startSystemExtensionMode' was called)
2023-10-31 20:09:32.636 DNSMonitor[48444:1184360] method '-[DNSProxyProvider startProxyWithOptions:completionHandler:]' invoked

...

2023-10-31 20:09:39.943 DNSMonitor[48444:1184360] PROCESS:
{
    name = nslookup;
    path = "/usr/bin/nslookup";
    pid = 48451;
    "signing ID" = "com.apple.nslookup";
}
2023-10-31 20:09:39.943 DNSMonitor[48444:1184360] PACKET:
Xid: 3922
QR: Query
Server: -nil-
Opcode: Standard
AA: Non-Authoritative
TC: Non-Truncated
RD: Recursion desired
RA: No recursion available 
Rcode: No error
Question (1):
google.com IN A    
Answer (0):
Authority (0):
Additional records (0):
2023-10-31 20:09:39.958 DNSMonitor[48444:1184360] PROCESS:
{
    name = nslookup;
    path = "/usr/bin/nslookup";
    pid = 48451;
    "signing ID" = "com.apple.nslookup";
}
2023-10-31 20:09:39.958 DNSMonitor[48444:1184360] PACKET:
Xid: 3922
QR: Reply
Server: -nil-
Opcode: Standard
AA: Non-Authoritative
TC: Non-Truncated
RD: Recursion desired
RA: Recursion available
Rcode: No error
Question (1):
google.com IN A    
Answer (1):
google.com IN A     157 216.58.204.142
Authority (0):
Additional records (0):

...
% /usr/bin/nslookup google.com      
Server:     192.168.178.1
Address:    192.168.178.1#53

Non-authoritative answer:
Name:   google.com
Address: 216.58.204.142