Configuring DNS Suffix Allow List

When the noAutoSuffix setting in the configuration file is set to NO, all entries in the DNS Search Domains are added to the allow list. This makes it difficult for the system to differentiate between user-added and iOS-added suffixes. To address this issue, the IgnoreDomains key in the configuration file can be used to selectively approve the necessary suffixes, even when noAutoSuffix is set to NO.

For example: The local Wi-Fi network router adds the sample_suffix.com at the router level, which is necessary for the proper operation of all devices using your Wi-Fi network. However, if someone places a domain that is otherwise "blocked" in this DNS suffix list, it allows the domain to be bypassed, resulting in undesired behavior.

Table of Contents

• Prerequisites
• Procedure

Prerequisites

• For devices running iOS 16 or later, you must install the Cisco Security Connector for iOS version 1.7 or higher.

Procedure

1. Open the iOS configuration profile in your preferred code editor.
   XML

   <key>ignoreDomains</key>
   <array>
   <string>sample_suffix.com</string>
   <string>contoso.network.local</string>
   </array>
   

2. Add domain names as multiple string entries in the array.

Note: After you save the changes, the iOS configuration profile deploys automatically to the iOS device.

Configure Cellular and Wifi Domains < Configure DNS Suffix Allow List