This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac & Sophos Central: Constant DNS Query Timeouts, going to wrong DNS Server

Does anyone else use Sophos Central (Endpoint Control + Web Control) with MacOS devices that are laptops? Our laptops go home with users everyday and when they come back, a portion of the devices continue to query "http.00.a.sophosxl.net" but receive a Timeout, thousands of times. When we investigate on our Firewall logs, we see each device is still trying to query either their local DNS at home (not routable) or their ISP's DNS server which is also not routable. 

  • Machine are set as DHCP, when on our network they get our DNS server, yet they still try and query the wrong DNS server.
  • There is no botnet, infection, malicious plugins, etc. These machines are clean as a whistle.
  • DNS Server Timeout examples:
    • 75.75.76.75
    • 75.75.76.76
    • 10.0.0.1
    • 192.168.1.1
    • 209.18.47.62 (dns-cac-lb-02.rr.com)

It seems like the Sophos client Caches the DNS server provided at a User's house. When they return to the network, they continue making failed queries to these servers. They are doing direct requests to DNS servers and timing out constantly.

Thanks.



This thread was automatically locked due to age.
Parents Reply
  • I have seen this on my network and would like to know what steps you have tried?

    If you restart the computer does this still happen?

    Flush DNS cache?

    Are you certain the IP entries are held only by SOPHOS or is SOPHOS getting them from somewhere else?

     

    Just trying to save myself some time so if you could share I would appreciate it.

     

    Respectfully, 

     

    Badrobot

     

Children
No Data