Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


DNS Security - Apple Products detected as suspicious

strivastriva Newbie ✭
edited April 2021 in Entry Level Firewalls

Hello together

I configured DNS security on my private network yesterday. 

Device: TZ570


  • DNS Sinkhole
  • DNS Tunell Detection

Today I noticed that all Apple products are detected as Suspect. Temporarily I have unblocked them again. 

Does anyone have experience with DNS tunelling detection and Apple products. (ios, mac os etc.)?


Category: Entry Level Firewalls


  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    Have you identified what DNS traffic is marked as suspicious (other than it being from Apple products) via packet capture? Is it mDNS / Bonjour? Is it just a large amount of DNS traffic? Do you allow DNS traffic out from any client?

  • Options
    SaravananSaravanan Moderator

    Hi @STRIVA,

    Thank you for visiting SonicWall Community.

    As per my research, I dont see any sort of such issues reported with us. Please perform a packet capture on the SonicWall for Apple and Non-Apple devices separately to identify the packet handling by SonicWall. You should do the packet capture based on the Source IP address of the devices.


    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Options
    AjishlalAjishlal Community Legend ✭✭✭✭✭

    Hi @striva

    I suspect the Safari browser in the iPhone & iPad. Safari browser have ads and trackers and DNS sinkhole will block if the ads / trackers contain black listed domain.

Sign In or Register to comment.