Guest

Preview Tool

Cisco Bug: CSCur20364 - iOS 8.x Apple#18099477 DNS no longer functions with .local domains

Last Modified

Jun 08, 2016

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

3.0(12119)

Description (partial)

Symptom:
Due to a change in Apple iOS 8.x tracked under Apple ID#18099477, DNS will no longer work with .local domains which do not advertise a SOA record. This will affect AnyConnect VPN connection DNS resolution if not set up correctly.

Apple introduced a new requirement in iOS 8 that a DNS server must advertise a SOA record for the .local domain in order for iOS to resolve .local hostnames against the DNS server. 

Per Apple, if you are asserting ownership over the ".local" top-level-domain, then you must be advertising a start-of-authority record for that domain.  It is a mis-configuration not to have a SOA record.  In reality, the "local" top-level-domain is registered with IANA for Bonjour, so it should *not* be used by installations in this fashion.  Apple permits it with the "local" SOA for backward-compatibility with Active Directory.

Conditions:
VPN configuration with .local domain and Apple iOS 8.x
DNS server not set up with SOA record for .local domain
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.