iCloud Private Relay: SEB and macOS problem with Dns Over HTTPS #503
Replies: 3 comments 1 reply
-
|
This never happened to us (but I think our university doesn't use IP restrictions) and we didn't get a similar report until now. SEB itself shouldn't connect to any external sites, also not to Apple servers. I assume that some macOS or WebKit feature causes this. As Safari caused the same issue but Chrome didn't, it's likely the WebKit browser engine or a macOS network subsystem which Chrome circumvents causing the issue. Did you record which Apple site was contacted? This could help identifying what causes this. The only two weird networking issues we are aware of which affected apps using the AAC Assessment Mode was related to DNS resolving being blocked while AAC was active (solved in macOS 12.1). And another issue was related to the DHCP lease being renewed during an exam because of short timeouts in Wi-Fi hotspots. In older macOS versions AAC blocked the daemon responsible for this DHCP lease renewal, so internet connectivity was lost until AAC was ended. But these don't seem to be related to what you observed I guess. Just to clarify, are you using the standard SEB lockdown (kiosk) mode or the optional AAC Assessment Mode? |
Beta Was this translation helpful? Give feedback.
-
|
Hi Daniel, The IP address it connects to, is 17.248.201.70 port 443, our firewall recognize as service DNS_DOH_DOT. We use SEB in kiosk mode. Thank you very much for your response. Regards, |
Beta Was this translation helpful? Give feedback.
-
|
Searching for this IP address, Google shows it might be related to iCloud Private Relay: The IP address "17.248.201.70" likely belongs to Apple and is used for various iCloud services. It could be an internal IP address used within Apple's infrastructure. If you're seeing this IP address, it could relate to iCloud Private Relay or other iCloud services. https://support.apple.com/guide/iphone/protect-web-browsing-icloud-private-relay-iph499d287c2/ios |
Beta Was this translation helpful? Give feedback.
-
|
Thank you very much, Daniel, We are continuing our investigation, and everything indicates that it's a name resolution issue, along with the TTL of the DNS records. So, we’re still investigating why this started happening. Thank you very much and best regards. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
When conducting a quiz with Moodle, using IP restriction to a private subnet and SEB, we began to experience an issue where students using Macs would start the quiz without any problems, but suddenly Moodle would display a message indicating they were accessing from an unauthorized IP address.
We verified that the computer had not changed networks and still had an IP address within the allowed range for the quiz.
However, upon reviewing the Moodle course logs, we noticed that at a certain point, the IP address from which the user's connection originated changed from a private IP to a public one (which belongs to the institution). For this reason, Moodle displayed the message and did not allow the student to continue the quiz.
After investigating the incident further, we found that at a certain moment, the computer makes a DoH (DNS over HTTPS) request to an Apple site. Since this is an external site, it resolves using the external IP, which is why the public IP is logged.
For some unknown reason, the system stops querying the internal DNS server and instead uses DoH to query another DNS server.
This only happens with macOS, not with Windows.
The issues occurred with macOS 15.4.5 and SEB 3.5.
Moodle 4.1.
As an additional test, if we disable SEB but keep the IP restriction in the quiz, accessing via Chrome does not trigger the DoH request, so the quiz can be completed. However, with Safari, the DoH request is made, and the previously described issue occurs.
Has this happened to you?
Do you have any idea why this happens and how it can be resolved?
Thank you very much.
Andrés
Beta Was this translation helpful? Give feedback.
All reactions