Global Protect on MacOS (TYPE65 dns queries)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect on MacOS (TYPE65 dns queries)

L1 Bithead

While troubleshooting a failing GlobalProtect update on my own machine, I checked the DNS requests made by the Global Protect updater. And noticed that it's not making type A requests, but instead uses TYPE65 (aka HTTPS ordraft spec RFC 9460) requests. My internal DNS server don't have the option of hosting this type of record. The update fails as after two attempts per upstream DNS server the updater appears to give up.

 

Has anyone encountered anything like this?

 

TYPE65 is pre-standard but Apple has adopted this in MacOS. As for Global Protect (v6.2.2) I don't know if it or my OS is making it use a TYPE65 query. Fine if a system wants to try TYPE65 first, but for goodness sake, fall back to A/AAAA if it fails.

 

Another consequence of TYPE65 queries: https://discussions.apple.com/thread/252092927?sortBy=best

0 REPLIES 0
  • 478 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!