Meraki

Community

Cisco umbrella blocking encrypted dns Doh.dns.apple.com

speakerfritz
A model citizen
‎Dec 15 2022 12:59 AM
‎Dec 15 2022 12:59 AM

Cisco umbrella blocking encrypted dns Doh.dns.apple.com

Anyone know why Cisco umbrella (optional security key) is blocking encrypted dns Doh.dns.apple.com

 

there are a handful of related encrypted dns blocks to  Apple

 

for now, I created a yellow rule to allow.

 

 

0 Kudos
3 Replies 3
JeremyLaurenson
Just browsing
‎Feb 4 2023 8:49 AM
‎Feb 4 2023 8:49 AM

What steps did you take, exactly, to create a yellow rule?

0 Kudos
In response to JeremyLaurenson
speakerfritz
A model citizen
‎Feb 4 2023 9:14 AM
‎Feb 4 2023 9:14 AM

I just added it to the excluded url in settings

 

it can also be done while viewing the details of the block 

0 Kudos
JeremyLaurenson
Just browsing
‎Feb 4 2023 9:03 AM
‎Feb 4 2023 9:03 AM

DNS over Http (DOH) and DNS Over Https (DoT) could bypass Umbrella's view into DNS requests.... so in general blocking this on an umbrella network would be good.

Apple is using this for their anonymous VPN functionality in iOS (Private iCloud Relay) but is using those same servers for other content too such as HomeKit.

 

So, what would be ideal is to enable DoH/DoT just to apple/icloud domains....

 

0 Kudos
Get notified when there are additional replies to this discussion.
© 2024 Cisco Systems, Inc.