Block Phone and PC Updates

Follow

madaliso

February 14, 2017 14:39

simply be able to block automatic updates

-2

• 

  rotblitz February 14, 2017 14:56

  Why do you raise this as an idea (proposal for improvement, feature request)?

  You "simply" add the related domains where the updates are loaded from to your "always block" list.  Case done!

  But never believe that this will prevent your devices from giving up loading updates.  To the contrary, you'll see much more DNS lookups for these domains than before, because the devices perform far more repetitions if they don't run to success.

  3

  Comment actions Permalink
• 

  mobeans November 30, 2017 19:57

  Updates don't always come from dedicated domains. I'd like to block mesu.apple.com which is the iPhone update site  without blocking the entire apple domain.  Host level or IP level blocking would be required for this.

  0

  Comment actions Permalink
• 

  rotblitz November 30, 2017 20:37

  Why not simply blocking mesu.apple.com?  You don't need to block apple.com.  Also, consider the CNAMEs:

  nslookup mesu.apple.com.
  Server:  local
  Address:  10.165.161.13
  
  Non-authoritative answer:
  Name:    mesu.g.aaplimg.com
  Addresses:  17.253.3.201
            17.253.3.203
  Aliases:  mesu.apple.com
            mesu-cdn.apple.com.akadns.net

   

  0

  Comment actions Permalink
• 

  mobeans November 30, 2017 21:05

  Oh OK, I thought you could only block domains in OpenDNS.  mesu.apple.com is a hostname. Or a CNAME reference to one. Didn't realize OpenDNS would accept it.  Thanks

  0

  Comment actions Permalink
• 

  jlefebre November 30, 2017 21:13

  That would be considered a subdomain :). 

   

  The lists will also accept further specified subdomains such as example.example.example.com

   

  You can also block a specific URL, but I believe you need to have SSL decryption enabled for that(don't recall offhand

  0

  Comment actions Permalink
• 

  mobeans November 30, 2017 21:16

  I learn something new every day

   

  0

  Comment actions Permalink
• 

  rotblitz November 30, 2017 21:19 (Edited November 30, 2017 21:25)

  mesu.apple.com is a subdomain, and apple.com is a zone name. All of them are host names and also domain names.

  1

  Comment actions Permalink
• 

  rotblitz November 30, 2017 21:20

  And no, you cannot block URLs with a DNS service.

  0

  Comment actions Permalink
• 

  jlefebre November 30, 2017 21:28

  Looks like URL blocking is only for insights package:
  
  https://docs.umbrella.com/product/umbrella/custom-url-destination-list-how-to/

  0

  Comment actions Permalink
• 

  rotblitz November 30, 2017 21:35 (Edited December 01, 2017 14:20)

  Insights is not only a DNS service but requires local software and virtual appliances and such.  You cannot really compare Umbrella Insights and Platform with a DNS service like OpenDNS.

  1

  Comment actions Permalink

Please sign in to leave a comment.