Apple Intelligence is now available on iPhone, iPad, and Mac!

⏺ Join the discussion

⏺ Press release 

⏺ Learn more

⏺ Watch the video

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

📢 Newsroom Update

The new iPad mini is available today. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: cschultz0000
cschultz0000 Author
User level: Level 1
14 points

iPad making unusual DNS requests

I am seeing odd DNS requests being sourced from my iPad. It was brought to my attention when I deployed a new security product in my network. I have many apple devices but it appears it is only coming from my iPad. It has also maintained through IOS upgrades as well as full factory reset and maintained setup as a new device. This looks like DGA requests which normally would suggest malware of some sort. These requests will happen as often as once every couple of minutes.


Sample Queries;

ikfn358vcj99jha72q4vhzcz5.ji455p5lbmpiauhwx858.com
y83ljxw-s7r.2o9shl31x6l-j5nw7s05p3n.com
6gpnvst09v.r9yus4t9p-q9bao-l72.com
5h6hqbnhxkhhy24x.b5au4fsdkg9t543aik3xml27q1.com
w3tpdccwxnow0vn.trujqsi3s3w8ox-308ql4d0692p.com
otsoyy3y2j1ty86ouopyum0ati.b05lniw1-g7a.com
323eu6pa0mpe6yxle6w.h04loe-fml-kvpl1.com
8ostm4td-cu2.4-qccy2kvu2j555em1q3sawywi.com
363fygtoyc6-x1mzzoi66yppftb.zm6teh9pwtq4m3j6jgm6ifvf.com
bmbnwtwsjw.josnwdlcjjk3wmqaw86z-to.com
hjq3bdxfpd2psrgpqznz14v0hj.jt0wq6cmk.com
6ns-b-n0top1mjpnre30garr.3cp42v77f9ff2b3na9gzzw.com
c3lrgoq2qr.j21fc6qb3q2nldvbfqz1rx48.com
uqe5ht3p-2-wf-k5nexl0.4tl-or40xg9m9n0e1n6hlqsb185.com

iPad Pro Wi-Fi, iOS 11.0.3

Posted on Oct 19, 2017 10:26 AM

Reply
Question marked as Top-ranking reply
User profile for user: cschultz0000
cschultz0000 Author
User level: Level 1
14 points

Posted on Oct 19, 2017 11:57 AM

I do have a corporate profile on the device which I also have on my iphone. However, my iphone does not exhibit this issue. I have powered the device, done a software upgrade 11.0.2 to 11.0.3, and done a full device reset and rebuilt it from scratch. I have tried closing apps one at a time, shutting off background app updates etc. when I reboot the device it may take hours before it starts again or start right away. When I recently rebuilt the device I put only apps I needed for work on it - and are all well know apps. I have done numerous searches which have given me some ideas and led me to try removing the chrome browser which did not affect the issue. I have also researched several of the domains maybe about 30-40 of the 1700 I have collected thus far all our unregistered. I have tried keeping lists of the apps I am using and when to try and determine the issue but that proved not to be beneficial. Lastly I am at a point where I am slowly deleting one app at a time to see if I can find a culprit. However, as all of the apps are extremely well known and most of them are duplicated on either my other ipad or iphone - i'm not sure it will prove beneficial.


Thanks!

View in context
4 replies
Question marked as Top-ranking reply
User profile for user: cschultz0000
cschultz0000 Author
User level: Level 1
14 points

Oct 19, 2017 11:57 AM in response to Diana.McCall

I do have a corporate profile on the device which I also have on my iphone. However, my iphone does not exhibit this issue. I have powered the device, done a software upgrade 11.0.2 to 11.0.3, and done a full device reset and rebuilt it from scratch. I have tried closing apps one at a time, shutting off background app updates etc. when I reboot the device it may take hours before it starts again or start right away. When I recently rebuilt the device I put only apps I needed for work on it - and are all well know apps. I have done numerous searches which have given me some ideas and led me to try removing the chrome browser which did not affect the issue. I have also researched several of the domains maybe about 30-40 of the 1700 I have collected thus far all our unregistered. I have tried keeping lists of the apps I am using and when to try and determine the issue but that proved not to be beneficial. Lastly I am at a point where I am slowly deleting one app at a time to see if I can find a culprit. However, as all of the apps are extremely well known and most of them are duplicated on either my other ipad or iphone - i'm not sure it will prove beneficial.


Thanks!

Reply
User profile for user: Diana.McCall
Diana.McCall
User level: Level 7
21,279 points

Oct 19, 2017 12:18 PM in response to cschultz0000

OK. Obviously, I was looking for a rogue Profile that might be messing with routing.

What about WiFi? No strange DNS or Proxy settings?

Any ad blockers?

Are you using a VPN?

Is this correlated with any particular usage, like web browsing, email, messages?

I tend to agree that it's not likely to be an app, given what you've already done. So that leaves aspects of configuration that might produce this.

Reply
User profile for user: cschultz0000
cschultz0000 Author
User level: Level 1
14 points

Oct 19, 2017 12:41 PM in response to Diana.McCall

Definitely - No rogue Profiles and even the corporate ones were wiped out and had to be resetup when I wiped the device.

Wifi - DHCP is providing ip/dns info - All is valid for my internal servers; I did force a change in the ipaddress buy creating a lease to a different ip - Same issues occur. I will try and place it on a different wifi I can monitor later today to see if it has any relation to the ssid.

I was using Crystal ad blocker but did not reinstall it since the wipe

I do have a vpn, Same as on my iphone, vpn is off and rarely used - I am playing with paramaters and it is on the list to attempt removal in the future.

Not correlated to any usage - device could have all apps closed, background app updates all off and sitting on my desk all night and I will see 50 new dns entries that look like the above in the morning.

Very odd and has been driving me nuts since I first discovered it...


Thanks

Reply

iPad making unusual DNS requests

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up