Cisco umbrella blocking encrypted dns Doh.dns.apple.com

speakerfritz
A model citizen

Cisco umbrella blocking encrypted dns Doh.dns.apple.com

Anyone know why Cisco umbrella (optional security key) is blocking encrypted dns Doh.dns.apple.com

 

there are a handful of related encrypted dns blocks to  Apple

 

for now, I created a yellow rule to allow.

 

 

3 REPLIES 3
JeremyLaurenson
Just browsing

What steps did you take, exactly, to create a yellow rule?

I just added it to the excluded url in settings

 

it can also be done while viewing the details of the block 

JeremyLaurenson
Just browsing

DNS over Http (DOH) and DNS Over Https (DoT) could bypass Umbrella's view into DNS requests.... so in general blocking this on an umbrella network would be good.

Apple is using this for their anonymous VPN functionality in iOS (Private iCloud Relay) but is using those same servers for other content too such as HomeKit.

 

So, what would be ideal is to enable DoH/DoT just to apple/icloud domains....