uncategorized blocking well known domains, including sophos

Hi James,

Thanks for reporting this issue. I can reproduce it here so we will investigate. It seems to happen when the domain requested initially resolves to a CNAME alias which is in a domain that is itself not categorized. This shouldn't be the case.

Can you confirm that you are still able to get to www.sophos.com, and central.sophos.com. These do not use the same CNAMEs as the community site.

If you can provide any other specific domain/hostnames for other sites that are experiencing this issue, I'd be grateful. Feel free to contact me via DM if you'd prefer.

Regards

Rich

The domain used as a CNAME alias for community.sophos.com has now been recategorized. It should now be fine with your policy.

Were you using a local resolver for your network? We have seen this kind of issue in the past where a domain uses a CNAME and the CNAME alias has a different categorization to the principal domain. Sometimes a local DNS server will cache the CNAME response to the primary domain and only lookup the CNAME alias. If the primary domain is 'Allowed' but the CNAME alias is blocked, this can result in the local DNS server returning a blockpage IP address for the primary domain.

Please let us know any specific other domains that are being blocked.

I'm pointing my clients to my sophos firewall which is using the dns protection resolvers. 

fyi...after turning uncategorized back to block, I'm seeing darkcubed.net (for celerium's network defender WAN protection), SharePoint (sharepoint.com.dual-spo-0005.spo-msedge.net), and some of my own domains still (one of which I listed in my private message).