Hey all, during the last couple weeks our security center on the Meraki Dashboard has been blowing up with suspicious .null DNS queries, all going to our Polycom phones. I'm talking upwards of 14,000 hits a day. Upon further research, all the traffic seems to be coming from San Francisco, home of the Cisco Umbrella DNS that Meraki recently integrated with their systems. There doesn't seem to be any noticeable drop in QoS, but does anybody know the solution for stopping all the .null queries if we don't plan on incorporating Umbrella?
I did a round of packet captures and the security threats are originating from the Polycom phones reaching out to their primary and secondary DNS servers. I spoke with Vonage tech support and it seems that our MX devices typically don't support Polycom. We had a firmware update on all our MX devices a month and a half ago, but our phones are currently up to date.I've created a firewall rule to allow the outbound communication but I'm still receiving the same number of security threats per day.