Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS upgrades don't respect user choice

madmin

madmin

macrumors 6502a
Original poster
Jun 14, 2012
825
5,992
I run Mojave where I have the choice and Catalina on my 16". Catalina upgrades have been a PITA for me because Apple doesn't respect my configuration choices. For example, surely it should be up to me what DNS servers I use on my mac. However, Catalina upgrades wipe out my whole network setup every time. I got so fed up with this I spent considerable effort writing a bunch of bash functions that my login script can call to check and repair my network config whenever I login. This was great for a couple of releases until today when I allowed my nagging MBP to run it's latest Catalina upgrade. Well what d'ya know, Apple have decided that the networksetup terminal commands that control these things suddenly requires super user privilege just to put back my chosen DNS services. So my login scripts are unable to restore my chosen configuration that Apple just deleted. WTF Apple, respect user choice and stop causing people to lose time and money with your constant disruptions, goal post moving and nagging !

Sorry for the rant but this is getting too much.
 
Last edited:
  • Like
Reactions: motulist
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,118
3,030
networksetup -setdnsservers Ethernet 8.8.8.8 8.8.4.4 works for me without sudo on 10.15.5 with supplemental update.
 
madmin

madmin

macrumors 6502a
Original poster
Jun 14, 2012
825
5,992
bogdanw said:
networksetup -setdnsservers Ethernet 8.8.8.8 8.8.4.4 works for me without sudo on 10.15.5 with supplemental update.
Click to expand...

Hey bogdanw, thanks for looking at that. I'll have to investigate why mine is different, perhaps my HP ethernet to usbc adapter is treated differently to a builtin ethernet port (if that's what your using ?).

(edit) scratch that, it did the same with the builtin Wi-Fi network service. This 16" has factory installed macOS, plus normal macOS upgrades...

In any case my contention remains that Apple shouldn't be clobbering user defined configs with their frequent os updates. This being only one example of that.
 
  • Like
Reactions: motulist
fisherking

fisherking

macrumors G4
Jul 16, 2010
11,252
5,563
ny somewhere
madmin said:
Hey bogdanw, thanks for looking at that. I'll have to investigate why mine is different, perhaps my HP ethernet to usbc adapter is treated differently to a builtin ethernet port (if that's what your using ?).

In any case my contention remains that Apple shouldn't be clobbering user defined configs with their frequent os updates. This being only one example of that.
Click to expand...

yes, but not everyone is having this happen (am fine here on both my macs). so... might be worth investigating why you specifically are having this issue... something between your router and the mac? or the particular dns settings you're using?
 
madmin

madmin

macrumors 6502a
Original poster
Jun 14, 2012
825
5,992
fisherking said:
yes, but not everyone is having this happen (am fine here on both my macs). so... might be worth investigating why you specifically are having this issue... something between your router and the mac? or the particular dns settings you're using?
Click to expand...

Yeah maybe, who knows. I use privacy enabled DNS-over-TLS service (stubby) running on the loopback interface (127.0.0.1). The first time this happened I didn't even notice for a few days during which I had no DNS privacy thanks to the macOS upgrade, hence automating the check...

If like many people you use the default DHCP supplied DNS service from your local router you wouldn't even notice this problem since it's the default and apparantly Apple preferred option.
 
H

Honza1

macrumors 6502a
Nov 30, 2013
940
441
US
madmin said:
Yeah maybe, who knows. I use privacy enabled DNS-over-TLS service (stubby) running on the loopback interface (127.0.0.1). The first time this happened I didn't even notice for a few days during which I had no DNS privacy thanks to the macOS upgrade, hence automating the check...

If like many people you use the default DHCP supplied DNS service from your local router you wouldn't even notice this problem since it's the default and apparantly Apple preferred option.
Click to expand...
Here you are running into conflict between Apple philosophy of "we will make it work for you" and your philosophy "I want something special". I think that users like you - running highly customized setup - would really be happier with some version of Linux. May be on Apple hardware, may be something cheaper from Windows side.
MacOS upgrades seem to reset special configurations when they are installing new upgrades for that system area. Network is critical component today and, for 99.9% of people, default settings are working fine. Well, mostly they are working fine, there are exceptions...
Apple chooses to impose its "walled garden" approach and resets customizations so new configuration they push in works. Makes sense and if I was doing it, I would do the same thing. It must work after upgrade or people will be screaming that "Apple upgrade broke it".
This is saying nothing negative about your needs and configurations - and nothing negative about Apple approach. But keep in mind, that you are not the real target Apple customer, you are outlier and, to be fair, they do not care about you too much. They care about those thousands of non-expert users, whose apple devices "just work" (well, mostly...), like my daughter. Her computer maintenance is go to Genius bar and hand them the computer with "ain't working right". Those are their real customers.
Your choice is live with Apple walled garden somehow or change system. Again, nothing wrong on either side of that - it is as it is.
For me, I impose all of these network security things on highly customizable wifi router. It is the right place for such configuration changes. And I do not tinker with my macOS and iOS settings, they work just fine for years. This way they also work inside my workplace (with aggressive IT). And if needed, I run vpn through home when outside.
 
  • Like
Reactions: Fawkesguyy, Daverich4, artfossil and 2 others
madmin

madmin

macrumors 6502a
Original poster
Jun 14, 2012
825
5,992
Honza1 said:
Here you are running into conflict between Apple philosophy of "we will make it work for you" and your philosophy "I want something special". (snip)
Click to expand...

Hey Honza1, thanks for taking the time to write this long and considered response, you make some good points.

Call me old fashioned but I happen to believe that a macOS user should be able to choose which DNS server to use. My setup allows me to use my particular DNS service no matter what network I connect to. Apple's forcing people to use the DHCP supplied DNS service from whatever router their mac connects to, which often enables pervasive monitoring of internet activity. Don't Apple care about user privacy ? You can't have privacy unless you protect your DNS queries.
 
R

Ritsuka

Cancelled
Sep 3, 2006
1,464
969
I have custom dns set and they aren't wiped out each update. There must be some bug somewhere yet again.
 
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,118
3,030
madmin said:
Yeah maybe, who knows. I use privacy enabled DNS-over-TLS service (stubby)
Click to expand...
I use Stubby too (Stubby GUI for macOS), but I have a different set up. I have no DNS for Ethernet (networksetup -setdnsservers Ethernet Empty) and let Tunnelblick set it to 127.0.0.1 after it has connected to my VPN.
What DNS servers are you using with Stubby? I use Google and Cloudflare, but I find it a little bit annoying that I have to renew the Google key every week.
 
  • Like
Reactions: madmin
madmin

madmin

macrumors 6502a
Original poster
Jun 14, 2012
825
5,992
bogdanw said:
I use Stubby too (Stubby GUI for macOS), but I have a different set up. I have no DNS for Ethernet (networksetup -setdnsservers Ethernet Empty) and let Tunnelblick set it to 127.0.0.1 after it has connected to my VPN.
What DNS servers are you using with Stubby? I use Google and Cloudflare, but I find it a little bit annoying that I have to renew the Google key every week.
Click to expand...

The choice of DNS server to use with stubby depends a lot on location. I did a lot of testing but this was a while back now. I wouldn't use google but I tried various other quad services like cloudfare and Quad9 but they don't work well enough. I can't remember if it was more to do with multicasting or keepalive or out of order query support but none of them were reliable enough for me. I don't know about elsewhere but here in europe we have other options that work better. You should probably try to find privacy enabled recursive dns servers (what a mouthful!) that support out of order queries and tcp keep alive. Those running on bind rather than knot or powerdns seem to work best for me. Being behind a haproxy or nginx load balancer isn't an issue afaict.

I almost forgot to mention, I don't use the stubby gui - I just use a launchd daemon to run it.
 
Last edited:
  • Like
Reactions: bogdanw
B

Bandaman

Cancelled
Aug 28, 2019
2,005
4,091
ProTruckDriver said:
I must not be too smart since I'm not having any problems. ROFL :)
Click to expand...
You and me both.

tenor.gif
 
  • Like
Reactions: ProTruckDriver
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,118
3,030
madmin said:
I almost forgot to mention, I don't use the stubby gui - I just use a launchd daemon to run it.
Click to expand...
The GUI just offers a simpler way to install and edit the configuration file. org.getdns.stubby.plist is placed in /Library/LaunchDaemons and stubby.yml is kept inside the Stubby app along with the executable.
I previously tested and used for a while cloudflared and dnscrypt proxy. These are my installation scripts https://github.com/b0gdanw/cloudflared-macos
https://github.com/b0gdanw/dnscrypt-proxy-macos
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom