How to use DNS to block iOS 7, and other updates too

No votes yet

[updated 6:16 PM EDT]

iOS 7 is arriving tomorrow. Those of you with many devices and little bandwidth (I'm looking at you, education) may be worried about those multiple 1GB+ downloads. Apple's caching server (currently in beta) isn't going to help yet — iOS 6 doesn't know how to use it. So here is something that may help.

iOS devices check for new versions by polling the server mesu.apple.com. This is done via HTTP, port 80. Specifically, the URL is:

If you block or redirect mesu.apple.com, you will inhibit the check for software updates. If you are really ambitIous, you could redirect the query to a cached copy of the XML, but I haven't tried that. Please remove the block soon; you wouldn't want to prevent those security updates, would you?

Good luck. For the rest of you, happy updating tomorrow! We be here with plenty of news.

Share your ideas

thomrburg's picture

thomrburg

Joined: Apr 16, 2014
WWW

No brainer

Your rating: None

At 650MB a pop and 18k devices, we would've been killed today with this update. We setup a content filtering rule to block during school hours. After school, proxied traffic (all of our devices are using iOS Global Proxy) accounted for 90% of all bandwidth. We'll definitely be taking advantage of Mavericks' Caching Server 2 when released, but this was a great little workaround for the time being.

Thanks!

-T

--
Thomas Burgess
@thomrburg | www.thomrburg.tk

Top
ahauerwas's picture

ahauerwas

Joined: Oct 1, 2013
WWW

Similar technique to block AppleTV updates

Your rating: None

I don't know if this is the right place to post this, but I use a similar technique to block AppleTV updates in my enterprise. We have rolled them out to classrooms to support AirPlay (using Aruba's AirGroup to manage Bonjour traffic), and I was concerned that AppleTV's would "halt" when they realized an update was available. (If they detect an update, they ask if you want to adopt it and you have to answer the question with a remote before you can proceed!)

I used SourceForge's DualServer (http://dhcp-dns-server.sourceforge.net/) on a virtual machine exclusively as a DNS server, where I created static entries for mesu.apple.com as well as applednld.apple.com. Those "fake" entries point to 127.0.0.1, and then I override my AppleTV's DNS settings to my "cache-poisoned" DNS server. Voila! No updates for AppleTV's.

One issue is that the AppleTV's are still getting any "over-the-air" updates where they periodically update the channel providers. They are unable to receive iOS updates because of blocking Apple's servers, but I'm wondering if it's possible to block the OTA updates?

Any pointers would be appreciated -- and thanks for the site! I'm a newbie, but there's a wealth of information here.

- Adam

Top

About This Site

  • Enterprise iOS is a community for administrators of the iPad, iPhone, and related devices. All content is available to browse. We encourage you to create an account to submit stories, edit wiki pages, and post to our forum.

Recent Activity