Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DNS Security - Apple Products detected as suspicious

strivastriva Newbie ✭
edited April 7 in Entry Level Firewalls

Hello together

I configured DNS security on my private network yesterday. 

Device: TZ570

Services:

  • DNS Sinkhole
  • DNS Tunell Detection

Today I noticed that all Apple products are detected as Suspect. Temporarily I have unblocked them again. 

Does anyone have experience with DNS tunelling detection and Apple products. (ios, mac os etc.)?

Thanks 

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Have you identified what DNS traffic is marked as suspicious (other than it being from Apple products) via packet capture? Is it mDNS / Bonjour? Is it just a large amount of DNS traffic? Do you allow DNS traffic out from any client?

  • SaravananSaravanan Moderator

    Hi @STRIVA,

    Thank you for visiting SonicWall Community.

    As per my research, I dont see any sort of such issues reported with us. Please perform a packet capture on the SonicWall for Apple and Non-Apple devices separately to identify the packet handling by SonicWall. You should do the packet capture based on the Source IP address of the devices.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @striva

    I suspect the Safari browser in the iPhone & iPad. Safari browser have ads and trackers and DNS sinkhole will block if the ads / trackers contain black listed domain.

Sign In or Register to comment.