UltraDDR Agent Software for macOS

Introduction

UltraDDR (UltraDNS Detection and Response) is a cloud-based DNS-layer protection service that identifies and prevents attacks before they happen for devices inside and outside your network. UltraDDR detects compromises in real-time, blocking current and preventing future attacks from harming your users and network.

UltraDDR provides a Protective DNS solution that enables enterprises to get in front of threats by blocking communication before damage can occur. Protective DNS analyzes DNS queries and takes action to mitigate threats. Using years of historical domain data, UltraDDR delivers real-time observability of outbound network communication, allowing enterprises to detect and stop malware, ransomware, phishing, and supply chain attacks before they can do damage.

UltraDDR also provides comprehensive DNS firewall capabilities that allow administrators to choose categories of internet traffic—such as adult, gambling, gaming, social media and more—that are deemed risky or not acceptable under company policy, and block or flag this traffic to provide a simple, unobtrusive way of enforcing policy.

Users that are on your premises are automatically protected when UltraDDR is used as your organization’s recursive DNS solution. For users that are off your premises, or for hybrid scenarios in which users can be on-premises or off-premises at-will, UltraDDR agents can be installed onto your users’ devices to ensure UltraDDR policy is enforced.

macOS Monterey (version 12) and above

• Download the UltraDDR Agent for Macs User Guide.

Installing the UltraDDR Agent for macOS

1. Download the software installer from https://updates.ultraddr.com.

2. Locate the PKG file on your computer (check your Downloads folder) and open it by double-clicking on the file to launch the UltraDDR installer.

3. The UltraDDR installer is now running. Click Continue to proceed.

4. The installer will now prompt you for an install key.
   

Administrators: the install key can be found on the UltraDDR portal (https://ddr.ultradns.com) by clicking on the (gear) icon, and clicking Organization Settings. From the left-hand navigation menu select UltraDDR Agent, and then the Install heading.

 

Silent Install

To silently install the UltraDDR Agent for macOS, a temp file named .vercara.ultraddr.client.id must be created on the local filesystem at /tmp/ that contains your organization’s install key. The UltraDDR Agent for macOS software installer must then be run from the macOS terminal.

1. Download the software installer from https://updates.ultraddr.com. These instructions assume that the installer has already been downloaded to the current user’s Downloads folder         ($HOME/Downloads).

2. Create a text file at /tmp/.vercara.ultraddr.client.id. The content of the text file must contain your organization’s install key, and only the install key. The install key can be found on the UltraDDR portal (https://ddr.ultradns.com) by clicking on the icon, and then UltraDDR Agent, Install, and then Install Key.

3. Run the following command from a terminal window: sudo installer -store -pkg "$HOME/Downloads/UltraDDR-2.2.12.pkg" -target /

4. The following shell script can be used to automate this process. Update the "<install_file> with the current UltraDDR Agent version, and replace "<install-key>” with your organization’s install key.

install_key = "<install-key>"
install_dir="$HOME/Downloads"
install_file="UltraDDR-2.2.12.pkg"
echo "${install_key}" > /tmp/.vercara.ultraddr.client.id
install_path="${install_dir}/${install_file}"
sudo installer -store -pkg "${install_path}" -target

Starting the UltraDDR Status Application (Optional)

Once the UltraDDR Agent for macOS software has been installed, the UltraDDR status application can be launched by double-clicking the UltraDDR application icon from within the Applications folder. The UltraDDR status application provides easy access to protection status and UltraDDR application preferences. Once launched, the UltraDDR icon will now appear in the menu bar. Clicking on the UltraDDR icon in the menu bar will display protection status and provides access to UltraDDR application preferences.

 

 

The following settings are available by clicking Preferences.

 

• Start UI at Login – Enabling this setting will ensure that the UltraDDR status application is run upon user log in.

• Notifications – enabling this will allow UltraDDR status notifications appear at the top-right corner of the user’s screen. As with all macOS notifications, you can show and hide the macOS Notification Center by clicking the clock in the menu bar. Specific macOS system settings for UltraDDR notifications can be customized within the macOS System Settings at: macOS Apple Menu > System Settings… > Notifications > UltraDDR.

• Debug Mode – The Vercara support team may request that this setting be enabled when troubleshooting issues with UltraDDR or the UltraDDR Agent for macOS software.

Viewing the UltraDDR Agent for macOS Log File

The UltraDDR Agent for macOS software log file is located at /var/log/com.vercara.ultraddr/dnsproxy.log. To continuously monitor this file, run the following from a terminal window:

sudo tail -f /var/log/com.vercara.ultraddr/dnsproxy.log

Installing the UltraDDR Root CA

When a site is blocked under a specific category, UltraDDR presents a block page to the user. In order for the block page to be shown to the user for sites served over HTTPS without generating browser errors, the UltraDDR Root Certificate Authority (CA) must be installed on your users’ devices. Otherwise, if the UltraDDR Root CA is not installed on your users’ devices, their browsers may display a “This Connection is Untrusted” (or similar) error when attempting to display block pages for sites served over HTTPS.

The UltraDDR agent software installer from version 2.2.8 and later automatically installs the UltraDDR Root Certificate Authority (CA) on the device. If you would like to install the CA on your device manually, you can download and find instructions for installing the UltraDDR Root CA files on a variety of devices at https://ca.ultraddr.com.

Uninstalling the UltraDDR Agent for macOS

Details on how to uninstall the UltraDDR Agent for macOS is documented in the UltraDDR Agent Software for macOS Administrator’s Guide.

Microsoft Entra ID Support

The Microsoft Entra ID (formerly named Azure Active Directory) integration empowers organizations to achieve greater flexibility by allowing them to apply UltraDDR policies on a per-group basis within their organization. This empowers organizations to tailor to specific needs of each department or operational units (such as business units, teams, departments, etc.). The UltraDDR Agent Software for macOS or the UltraDDR Agent Software for Windows must be deployed for groups support.

Administrators: the agent software automatically obtains the information necessary to identify the device’s user from the operating system, to then determine group memberships. Please see the UltraDDR Microsoft Entra ID Administrator’s Guide for more information.

 

Split-Horizon DNS

Split-Horizon DNS or Split-Brain DNS, is a configuration where a DNS server provides different sets of DNS information based on the location or characteristics of the querying system. In a Split-Horizon setup, the DNS server resolves the same domain name to different IP addresses depending on whether the request originates from within the internal network (intranet) or from the external internet.

Split-horizon DNS empowers organizations to regulate access to internal resources by tailoring DNS responses depending on whether the query originates from within the organization's network or from external sources. This approach enhances security, boosts performance, and simplifies DNS management for improved network operations. UltraDDR administrators can define a list of domain names to “internal resources” names that should resolve locally instead of being sent externally. The UltraDDR Agent Software for Windows or the UltraDDR Agent Software for macOS must be deployed for Split-Horizon DNS support.

 

Administrators: the agent software can be configured to automatically determine if the device is presently on your organization’s internal network (intranet) or the external internet. Please see the UltraDDR Split-Horizon DNS Administrator’s Guide for more information.

Contacting Support

To contact our support team for assistance, your UltraDDR administrator should have received Vercara Support portal credentials. Using these credentials, your administrator can sign into the Vercara Support portal, which contains a knowledge base for finding solutions to various questions or configuration issues. Additionally, the portal includes Vercara's ticketing dashboard, which allows for easy submission and tracking of support requests through an optimized and streamlined ticket submission process.

You can contact support directly at ultraddrsupport@vercara.com. Additional Support Team contact details can also be found on our website at https://vercara.com/support.