Skip to content
NextDNS Blocker

macOS

NextDNS Blocker has excellent support for macOS, using launchd for scheduling.

Installation

Section titled “Installation”
Section titled “Homebrew (Recommended)”
Terminal window
# Add tap
brew tap aristeoibarra/tap


# Install
brew install nextdns-blocker


# Verify
nextdns-blocker --version

pip

Section titled “pip”
Terminal window
pip3 install nextdns-blocker

pipx (Isolated)

Section titled “pipx (Isolated)”
Terminal window
pipx install nextdns-blocker

Setup

Section titled “Setup”
Terminal window
# Initialize configuration
nextdns-blocker init


# Configure domains
nextdns-blocker config edit


# Install watchdog
nextdns-blocker watchdog install

launchd Integration

Section titled “launchd Integration”

How It Works

Section titled “How It Works”

NextDNS Blocker creates launchd jobs for automatic syncing:

JobPurposeInterval
com.nextdns-blocker.syncRun syncEvery 2 minutes
com.nextdns-blocker.watchdogSelf-healEvery 5 minutes

Job Location

Section titled “Job Location”
~/Library/LaunchAgents/
├── com.nextdns-blocker.sync.plist
└── com.nextdns-blocker.watchdog.plist

Managing Jobs

Section titled “Managing Jobs”
Terminal window
# Check status
nextdns-blocker watchdog status


# View loaded jobs
launchctl list | grep nextdns


# Unload job manually
launchctl unload ~/Library/LaunchAgents/com.nextdns-blocker.sync.plist


# Load job manually
launchctl load ~/Library/LaunchAgents/com.nextdns-blocker.sync.plist

Job Contents

Section titled “Job Contents”

Example plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "...">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.nextdns-blocker.sync</string>
    <key>ProgramArguments</key>
    <array>
        <string>/opt/homebrew/bin/nextdns-blocker</string>
        <string>sync</string>
    </array>
    <key>StartInterval</key>
    <integer>120</integer>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardOutPath</key>
    <string>~/.local/share/nextdns-blocker/logs/cron.log</string>
    <key>StandardErrorPath</key>
    <string>~/.local/share/nextdns-blocker/logs/cron.log</string>
</dict>
</plist>

File Locations

Section titled “File Locations”
ComponentPath
Config~/.config/nextdns-blocker/config.json
Environment~/.config/nextdns-blocker/.env
Logs~/.local/share/nextdns-blocker/logs/
State~/.local/share/nextdns-blocker/
launchd jobs~/Library/LaunchAgents/

Timezone Detection

Section titled “Timezone Detection”

macOS timezone is detected from:

/var/db/timezone/zoneinfo/America/New_York
# System timezone link
readlink /etc/localtime

To verify:

Terminal window
nextdns-blocker config show | grep timezone

Homebrew Updates

Section titled “Homebrew Updates”
Terminal window
# Update formula
brew update


# Upgrade package
brew upgrade nextdns-blocker


# After upgrade, reinstall watchdog if needed
nextdns-blocker watchdog install

Permissions

Section titled “Permissions”

Full Disk Access

Section titled “Full Disk Access”

Some operations may require Full Disk Access:

  1. Open System PreferencesSecurity & Privacy
  2. Go to Privacy tab
  3. Select Full Disk Access
  4. Add Terminal (or your terminal app)

Gatekeeper

Section titled “Gatekeeper”

If blocked by Gatekeeper:

  1. Open System PreferencesSecurity & Privacy
  2. Click Open Anyway if prompted

DNS Cache

Section titled “DNS Cache”

Flush DNS cache after blocking changes:

Terminal window
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

Troubleshooting

Section titled “Troubleshooting”

launchd Jobs Not Running

Section titled “launchd Jobs Not Running”
Terminal window
# Check if loaded
launchctl list | grep nextdns


# Check for errors
cat ~/Library/LaunchAgents/com.nextdns-blocker.sync.plist


# Check logs
tail -50 ~/.local/share/nextdns-blocker/logs/cron.log

Command Not Found

Section titled “Command Not Found”
Terminal window
# Check PATH
echo $PATH


# Common Homebrew paths
# Apple Silicon: /opt/homebrew/bin
# Intel: /usr/local/bin


# Add to PATH if needed (in ~/.zshrc)
export PATH="/opt/homebrew/bin:$PATH"

Permissions Errors

Section titled “Permissions Errors”
Terminal window
# Fix config permissions
chmod 600 ~/.config/nextdns-blocker/.env
chmod 600 ~/.config/nextdns-blocker/config.json

Jobs Disappearing

Section titled “Jobs Disappearing”

If launchd jobs keep disappearing:

  1. Check for cleanup tools (CleanMyMac, etc.)
  2. Add exclusion for com.nextdns-blocker.*
  3. The watchdog job should auto-restore sync job

Python Not Found

Section titled “Python Not Found”
Terminal window
# Check Python version
python3 --version


# If using Homebrew Python
brew install python@3.11


# Link if needed
brew link python@3.11

Apple Silicon Notes

Section titled “Apple Silicon Notes”

Homebrew Path

Section titled “Homebrew Path”

Apple Silicon Macs use /opt/homebrew/bin:

/opt/homebrew/bin/nextdns-blocker
# Check path
which nextdns-blocker

Rosetta Not Required

Section titled “Rosetta Not Required”

NextDNS Blocker is pure Python and runs natively on Apple Silicon.

Uninstalling

Section titled “Uninstalling”
Terminal window
# Remove watchdog jobs
nextdns-blocker watchdog uninstall


# Remove via Homebrew
brew uninstall nextdns-blocker


# Remove configuration (optional)
rm -rf ~/.config/nextdns-blocker


# Remove data (optional)
rm -rf ~/.local/share/nextdns-blocker