06-07-2024 09:40 AM
While troubleshooting a failing GlobalProtect update on my own machine, I checked the DNS requests made by the Global Protect updater. And noticed that it's not making type A requests, but instead uses TYPE65 (aka HTTPS ordraft spec RFC 9460) requests. My internal DNS server don't have the option of hosting this type of record. The update fails as after two attempts per upstream DNS server the updater appears to give up.
Has anyone encountered anything like this?
TYPE65 is pre-standard but Apple has adopted this in MacOS. As for Global Protect (v6.2.2) I don't know if it or my OS is making it use a TYPE65 query. Fine if a system wants to try TYPE65 first, but for goodness sake, fall back to A/AAAA if it fails.
Another consequence of TYPE65 queries: https://discussions.apple.com/thread/252092927?sortBy=best
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
