Watchdog

The watchdog ensures your blocking rules are enforced automatically, even if something tries to disable it.

What is the Watchdog?

The watchdog is a background process that:

Runs config push every 2 minutes - Enforces your schedules
Self-heals - Restores itself if deleted
Uses native schedulers - launchd, cron, Task Scheduler
Logs activity - Track what’s happening

How It Works

┌─────────────────────────────────────────────────────────────┐
│                     Platform Scheduler                       │
│              (launchd / cron / Task Scheduler)              │
└─────────────────────────────────────────────────────────────┘
                    │                    │
                    ▼                    ▼
         ┌─────────────────┐   ┌─────────────────┐
         │    Sync Job     │   │  Watchdog Job   │
         │  (every 2 min)  │   │  (every 5 min)  │
         └─────────────────┘   └─────────────────┘
                    │                    │
                    ▼                    ▼
         ┌─────────────────┐   ┌─────────────────┐
         │ nextdns-blocker │   │  Check if sync  │
         │   config push   │   │   job exists    │
         └─────────────────┘   └─────────────────┘
                                        │
                                        ▼
                               ┌─────────────────┐
                               │  Restore sync   │
                               │  job if missing │
                               └─────────────────┘

Two Jobs

Sync Job: Runs nextdns-blocker config push every 2 minutes
Watchdog Job: Checks sync job exists every 5 minutes, restores if missing

Installing Watchdog

nextdns-blocker watchdog install

Output:

Installing watchdog jobs...

Platform: macOS (launchd)

Creating jobs:
  ✓ NextDNS-Blocker-Sync (every 2 minutes)
  ✓ NextDNS-Blocker-Watchdog (every 5 minutes)

Jobs installed successfully

Checking Status

nextdns-blocker watchdog status

Output:

Watchdog Status
━━━━━━━━━━━━━━━

Platform: macOS (launchd)
Status: Active ✓

Jobs:
  NextDNS-Blocker-Sync
    Schedule: Every 2 minutes
    Last run: 2024-01-15 14:28:00
    Next run: 2024-01-15 14:30:00

  NextDNS-Blocker-Watchdog
    Schedule: Every 5 minutes
    Purpose: Ensures sync job exists

Platform-Specific Details

macOS (launchd)

Jobs created as plist files:

Location: ~/Library/LaunchAgents/

Files:

com.nextdns-blocker.sync.plist
com.nextdns-blocker.watchdog.plist

Commands:

# View jobs
ls ~/Library/LaunchAgents/com.nextdns-blocker.*

# Check status
launchctl list | grep nextdns

# Manual load/unload
launchctl load ~/Library/LaunchAgents/com.nextdns-blocker.sync.plist
launchctl unload ~/Library/LaunchAgents/com.nextdns-blocker.sync.plist

Linux (cron)

Jobs added to user crontab:

View:

crontab -l

Expected entries:

*/2 * * * * /path/to/nextdns-blocker config push >> ~/.local/share/nextdns-blocker/logs/cron.log 2>&1
*/5 * * * * /path/to/nextdns-blocker watchdog check >> ~/.local/share/nextdns-blocker/logs/wd.log 2>&1

Check cron service:

systemctl status cron
# or
systemctl status crond

Windows (Task Scheduler)

Tasks created in Task Scheduler:

View:

# Command line
schtasks /query /tn "NextDNS-Blocker-Sync"
schtasks /query /tn "NextDNS-Blocker-Watchdog"

# GUI
taskschd.msc

Manual run:

schtasks /run /tn "NextDNS-Blocker-Sync"

Disabling Temporarily

Need to pause automatic syncing:

# Disable for 1 hour
nextdns-blocker watchdog disable 1

# Disable for 4 hours
nextdns-blocker watchdog disable 4

# Disable permanently (until re-enabled)
nextdns-blocker watchdog disable

Re-enabling

nextdns-blocker watchdog enable

Uninstalling

Remove all watchdog jobs:

nextdns-blocker watchdog uninstall

Use before:

Uninstalling NextDNS Blocker
Switching to Docker deployment
Debugging issues

Log Files

Sync Log

Output from sync executions:

tail -f ~/.local/share/nextdns-blocker/logs/cron.log

Watchdog Log

Watchdog events (job restoration):

tail -f ~/.local/share/nextdns-blocker/logs/wd.log

Log Locations

Platform	Path
macOS/Linux	`~/.local/share/nextdns-blocker/logs/`
Windows	`%LOCALAPPDATA%\nextdns-blocker\logs\`

Self-Healing

How It Works

Watchdog job runs every 5 minutes
Checks if sync job exists
If missing, recreates it
Logs recovery event

Why Self-Healing?

Prevents circumvention:

Manual deletion of cron jobs
Accidental removal
System cleanup tools
Other users on shared systems

Recovery Log

2024-01-15 14:35:00 - Sync job missing, restoring...
2024-01-15 14:35:01 - Sync job restored successfully

Troubleshooting

Watchdog not running

Check status:
Terminal window
```
nextdns-blocker watchdog status
```

Reinstall:

nextdns-blocker watchdog uninstall
nextdns-blocker watchdog install

Check scheduler service:

# Linux
systemctl status cron

# macOS
launchctl list | grep nextdns

Sync not executing

Check logs:

tail -20 ~/.local/share/nextdns-blocker/logs/cron.log

Test manually:
Terminal window
```
nextdns-blocker config push --verbose
```
Check executable path:
Terminal window
```
which nextdns-blocker
```

Permission issues

macOS:

Grant Full Disk Access to Terminal (System Preferences → Security)

Linux:

Check crontab ownership
Verify executable permissions

Windows:

Run PowerShell as Administrator for initial setup
Check Task Scheduler permissions

Jobs keep disappearing

Both jobs disappearing indicates system-level issue:

Check antivirus/security software
Verify user has scheduler access
Check for system cleanup tools
Review system logs for errors

Best Practices

Always install watchdog - Manual sync is unreliable
Check status weekly - Verify it’s running
Monitor logs - Catch issues early
Don’t disable long-term - Re-enable after debugging
Test after system updates - May need reinstall