Mac OS 26安装DoH描述文件报错

发表于 分类于

Mac OS 26安装DoH描述文件报错排查与解决

在Mac OS 26版本中配置DoH(DNS over HTTPS)描述文件时,不少用户会遇到安装失败的问题。本文以阿里DoH为例,详细说明报错现象、原因及解决方案,帮助大家快速解决该问题。

一、安装过程中的异常提示

安装DoH描述文件时,系统会先弹出权限请求提示:

  • 弹窗显示「Device Management/MDM」想要进行更改

确认权限后,随即出现安装失败提示:

  • 核心错误:安装描述文件失败
  • 具体原因:无法安装“VPN服务”负载,无法创建VPN服务

二、问题根源

从Mac OS 26.1版本开始,苹果对描述文件的权限控制逻辑进行了调整——DoH配置描述文件需要明确声明生效范围,否则系统会判定权限不足,进而触发“无法创建VPN服务”的报错。

三、解决方案(以阿里DoH为例)

1. 原报错描述文件

以下是未适配Mac OS 26.1权限规则的阿里DoH描述文件,核心缺失PayloadScope字段:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>DNSSettings</key>
        <dict>
          <key>DNSProtocol</key>
          <string>HTTPS</string>
          <key>ServerAddresses</key>
          <array>
            <string>2400:3200::1</string>
            <string>2400:3200:baba::1</string>
            <string>223.5.5.5</string>
            <string>223.6.6.6</string>
          </array>
          <key>ServerURL</key>
          <string>https://dns.alidns.com/dns-query</string>
        </dict>
        <key>PayloadDescription</key>
        <string>Configures device to use AliDNS Encrypted DNS over TLS</string>
        <key>PayloadDisplayName</key>
        <string>AliDNS DNS over HTTPS</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4</string>
        <key>PayloadType</key>
        <string>com.apple.dnsSettings.managed</string>
        <key>PayloadUUID</key>
        <string>35d5c8a0-afa6-4b36-a9fe-099a997b44ad</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>ProhibitDisablement</key>
        <false/>
      </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Adds the AliDNS to Big Sur and iOS 14 based systems</string>
    <key>PayloadDisplayName</key>
    <string>AliDNS over HTTPS</string>
    <key>PayloadIdentifier</key>
    <string>com.paulmillr.apple-dns</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>A4475135-633A-4F15-A79B-BE15093DC97A</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
  </dict>
</plist>

2. 修正后的描述文件

仅需在描述文件的<dict>根节点末尾添加PayloadScope字段,声明生效范围为「System」(系统级),即可解决权限问题:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>DNSSettings</key>
        <dict>
          <key>DNSProtocol</key>
          <string>HTTPS</string>
          <key>ServerAddresses</key>
          <array>
            <string>2400:3200::1</string>
            <string>2400:3200:baba::1</string>
            <string>223.5.5.5</string>
            <string>223.6.6.6</string>
          </array>
          <key>ServerURL</key>
          <string>https://dns.alidns.com/dns-query</string>
        </dict>
        <key>PayloadDescription</key>
        <string>Configures device to use AliDNS Encrypted DNS over TLS</string>
        <key>PayloadDisplayName</key>
        <string>AliDNS DNS over HTTPS</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.dnsSettings.managed.9d6e5fdf-e404-4f34-ae94-27ed2f636ac4</string>
        <key>PayloadType</key>
        <string>com.apple.dnsSettings.managed</string>
        <key>PayloadUUID</key>
        <string>35d5c8a0-afa6-4b36-a9fe-099a997b44ad</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>ProhibitDisablement</key>
        <false/>
      </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Adds the AliDNS to Big Sur and iOS 14 based systems</string>
    <key>PayloadDisplayName</key>
    <string>AliDNS over HTTPS</string>
    <key>PayloadIdentifier</key>
    <string>com.paulmillr.apple-dns</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>A4475135-633A-4F15-A79B-BE15093DC97A</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <!-- 新增生效范围声明,解决Mac OS 26.1权限报错 -->
    <key>PayloadScope</key>
    <string>System</string>
  </dict>
</plist>

四、关键总结

解决Mac OS 26安装DoH描述文件报错的核心操作:
在描述文件的根<dict>节点末尾添加以下代码,明确配置的系统级生效范围:

1
2
<key>PayloadScope</key>
<string>System</string>

实测添加该字段后,描述文件可正常安装,且DoH配置能生效。

补充说明

该方案适配Mac OS 26.1及以上版本,其他DoH服务商(如Cloudflare、Google DNS)的描述文件报错,均可通过添加PayloadScope字段解决。