Preview Tool

Cisco Bug: CSCur20364 - iOS 8.x Apple#18099477 DNS no longer functions with .local domains

Last Modified

Jun 08, 2016

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases


Description (partial)

Due to a change in Apple iOS 8.x tracked under Apple ID#18099477, DNS will no longer work with .local domains which do not advertise a SOA record. This will affect AnyConnect VPN connection DNS resolution if not set up correctly.

Apple introduced a new requirement in iOS 8 that a DNS server must advertise a SOA record for the .local domain in order for iOS to resolve .local hostnames against the DNS server. 

Per Apple, if you are asserting ownership over the ".local" top-level-domain, then you must be advertising a start-of-authority record for that domain.  It is a mis-configuration not to have a SOA record.  In reality, the "local" top-level-domain is registered with IANA for Bonjour, so it should *not* be used by installations in this fashion.  Apple permits it with the "local" SOA for backward-compatibility with Active Directory.

VPN configuration with .local domain and Apple iOS 8.x
DNS server not set up with SOA record for .local domain
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.