04-04-2023 09:04 AM - edited 04-04-2023 09:27 AM
Hello. R610 AP on Unleashed 200.13.6.1.319.
TLDR: Unleashed doing DNS lookups and outbound HTTP to Apple (and others), part of Internet Checking functionality, can be disabled in limited fashion, but prefer to completely disable.
Logging devices in same environment have been recording excessive DNS lookups and outbound HTTP to captive.apple.com from the AP. After some topic searching here and elsewhere it appears to be a function of the Internet Connectivity checking with Unleashed. I see outbound traffic every 65 seconds initially caught in Suricata IDS logs (outbound HTTP, curl User-Agent), but also seen in Unbound DNS logs.
Using the Internet-check CLI command via SSH I managed to disable the checks. The functionality appears to contact captive.apple.com, but falls back to www.microsoft.com and then support.ruckuswireless.com if unable to reach first. All three were disabled, but now every 35 seconds I'm seeing DNS lookups to www.apple.com , along with IPv4 and IPv6 Reverse DNS lookups for same domain. Obviously the prior attempt to disable the Internet Checking is limited and actually creates more log spam than before.
Are there possibly any undocumented CLI commands to disable the remaining attempts?
While this is not a large issue by any means, I prefer to not have the AP reach out if not necessary and create log spam. For the time being, I left support.ruckwireless.com check enabled reducing lookups to 65 seconds and have a host override in Unbound to blackhole the request. Still creates some log spam which can't be filtered, though I can purge ever so often when needed. Thanks.
CLI command reference:
Previous mention of issue within this forum:
Solved! Go to Solution.
04-07-2023 08:05 PM
Hi @ctay
The command is as below from CLI :
ruckus> en
ruckus# config
You have all rights in this mode.
ruckus(config)# system
ruckus(config-sys)# show internet-check
Internet Check:
Company = apple, Enable = 1
Internet Check:
Company = microsoft, Enable = 1
Internet Check:
Company = ruckus, Enable = 1
Now to disable this use the below command:
ruckus(config-sys)# no internet-check all
The internet check settings have been updated.
ruckus(config-sys)# end
Your changes have been saved.
To cross check:
ruckus(config)# system
ruckus(config-sys)# show internet-check
Internet Check:
Company = apple, Enable = 0
Internet Check:
Company = microsoft, Enable = 0
Internet Check:
Company = ruckus, Enable = 0
I would recommend using this function in 200.14, which is about to release in next week.
04-20-2023 04:36 AM
I can confirm the fix appears to be working in this update. After upgrade to 200.14 and resetting Internet Checking, the AP would start its cycle of 65 sec DNS lookups to captive.apple.com, but after disabling Internet Checking via CLI, all further DNS traffic ceased. Thanks Sanjay.
04-19-2023 06:20 AM
Thanks, I'm aware of the release, have the download and related documents in my possession, but need to schedule a time for upgrade. I did note there was no mention within the 200.14 Release Notes of anything related to a bug and subsequent fix in Internet-Check behavior.
04-19-2023 08:33 PM
Hi @ctay
As it was a last minute update, the document was not updated but I tested myself on this and it is working.
04-20-2023 04:36 AM
I can confirm the fix appears to be working in this update. After upgrade to 200.14 and resetting Internet Checking, the AP would start its cycle of 65 sec DNS lookups to captive.apple.com, but after disabling Internet Checking via CLI, all further DNS traffic ceased. Thanks Sanjay.
04-20-2023 07:41 PM
Hi @ctay
Thank you for the update and I'm glad to hear that the issue is resolved.
It would be great if you can mark my response (On 04-07-2023) as "Solution" so that other can review it directly for complete steps and information.