This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac & Sophos Central: Constant DNS Query Timeouts, going to wrong DNS Server

Does anyone else use Sophos Central (Endpoint Control + Web Control) with MacOS devices that are laptops? Our laptops go home with users everyday and when they come back, a portion of the devices continue to query "http.00.a.sophosxl.net" but receive a Timeout, thousands of times. When we investigate on our Firewall logs, we see each device is still trying to query either their local DNS at home (not routable) or their ISP's DNS server which is also not routable. 

  • Machine are set as DHCP, when on our network they get our DNS server, yet they still try and query the wrong DNS server.
  • There is no botnet, infection, malicious plugins, etc. These machines are clean as a whistle.
  • DNS Server Timeout examples:
    • 75.75.76.75
    • 75.75.76.76
    • 10.0.0.1
    • 192.168.1.1
    • 209.18.47.62 (dns-cac-lb-02.rr.com)

It seems like the Sophos client Caches the DNS server provided at a User's house. When they return to the network, they continue making failed queries to these servers. They are doing direct requests to DNS servers and timing out constantly.

Thanks.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    Your support team did absolutely nothing to resolve this issue and it is still happening. Why do you recommend contact support for this? They don't take the issue seriously and it's a waste of time. Just move on to another product.

  • Hi  

    I am extremely sorry for the inconvenience. I would request you to please PM me the case number you have registered and will check with the concerned team. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • I have seen this on my network and would like to know what steps you have tried?

    If you restart the computer does this still happen?

    Flush DNS cache?

    Are you certain the IP entries are held only by SOPHOS or is SOPHOS getting them from somewhere else?

     

    Just trying to save myself some time so if you could share I would appreciate it.

     

    Respectfully, 

     

    Badrobot