Configuring DNS Suffix Whitelisting
When the noAutoSuffix setting in the configuration file is set to NO, all entries in the DNS Search Domains are added to the whitelist. This makes it difficult for the system to differentiate between user-added and iOS-added suffixes. To address this issue, the IgnoreDomains key in the configuration file can be used to selectively approve the necessary suffixes, even when noAutoSuffix is set to NO.
For example: The local Wi-Fi network router adds the sample_suffix.com at the router level, which is necessary for the proper operation of all devices using your Wi-Fi network. However, if someone places a domain that is otherwise "blocked" in this DNS suffix list, it allows the domain to be bypassed, resulting in undesired behavior.
Prerequisites for Configuration
- Ensure Cisco Security Connector for iOS version 1.7 or higher is installed on devices running iOS 16 or later.
Procedure
- Open the iOS configuration profile in your preferred code editor.
<key>ignoreDomains</key>
<array>
<string>sample_suffix.com</string>
<string>contoso.network.local</string>
</array>
- Add domain names as multiple string entries in the array.
- The configuration is automatically deployed to the device.
Configure Cellular and Wifi Domains < Configuring DNS Suffix Whitelisting
Updated 3 days ago