kajer :notverified:Had to push firewall policy today stating that mask.apple-dns.net is NOT spyware, and to exclude that domain from the threat logs and to NOT drop that traffic.
:(
B05H@bosh when ELT comes over with "this has been happening for a while, but now I'm sick of dealing with it"
@bosh Palo Alto was right to block apple dns, and apple doesn't have a robust mechanism to deal with dns timeouts so safari and firefox fail to load pages on the first attempt.
Meanwhile chrome using DoH by default be going through.