Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    unable to resolve mask.icloud.com

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 420 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by michmoor

      As the title states i cannot resolve mask.icloud.com therefore features such as apple private relay do not work.

      What i have done.

      1. Check pfSense resolution
        81107c8c-0adc-44ff-8a7d-b6159c49c5e9-image.png

      2. Checked that using the DNS forwarders configured, Quad9 , i can resolve
        5ef0197e-3556-4bc0-9e4a-3cebbf583476-image.png

      3. Disabled DNS Forwarder and still the domain comes up as NXDOMAIN

      4. Restarted unbound service.

      DNS overall is functioning fine on the LAN. So its specific domains such as the one above that just cannot be resolved.

      2b6440f8-df84-41ab-8e9e-61b8c95523b6-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance
        last edited by

        Old forum post led me in the right direction.
        I have forgotten that in pfBlocker there is an option in SafeSearch to block DoH/DoT.
        Unchecked apples relay names and reloaded. Everything works.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.