DNS (Domain Name System)

DNS is the hierarchical naming system that translates human-readable domain names into IP addresses that computers use to identify network resources.

What to Know

DNS is foundational to all network connectivity, including MDM operations. Devices must resolve DNS queries for the MDM server URL, Apple’s APNs gateways, software update servers, App Store domains, and countless other services. DNS failures prevent enrollment, block command delivery, and disable software updates. Misconfigured DNS can cause intermittent connectivity issues that are difficult to diagnose, as failures may appear inconsistent depending on which DNS server responds to queries.

In corporate environments, DNS settings are typically deployed via configuration profiles to ensure devices use internal DNS servers capable of resolving both internal resources and external services. Split DNS configurations enable devices to access internal file servers while still reaching public internet services. DNS filtering and security services (like Cisco Umbrella or Cloudflare Gateway) are often enforced at the DNS layer to block malicious domains.

Common Scenarios

Enterprise IT: Corporate devices receive DNS settings via MDM profiles that direct queries to internal DNS servers. IT must ensure these servers can resolve both internal hostnames (file servers, print servers) and external domains (apple.com, MDM server URLs, cloud services). Split-horizon DNS configurations allow the same hostname to resolve differently inside vs. outside the corporate network. DNS troubleshooting is often the first step when devices cannot enroll or check in with MDM.

MSP: MSPs managing remote workforces must balance client DNS requirements with public DNS availability. Devices outside corporate networks may use public DNS (8.8.8.8, 1.1.1.1) while VPN-connected devices use client internal DNS. MSPs should monitor DNS resolution failures as a leading indicator of network or MDM connectivity issues, and document client-specific DNS dependencies for internal resources.

Education: School networks often implement aggressive DNS filtering to comply with CIPA requirements, blocking inappropriate content at the DNS layer. Education IT must ensure filtering policies don’t inadvertently block Apple services required for MDM, software updates, or classroom apps. Student devices on guest Wi-Fi or home networks bypass school DNS, requiring device-level content filtering rather than network-level DNS blocking.

In Addigy

Addigy allows admins to deploy DNS configuration profiles that specify custom DNS servers for managed devices. Addigy provides visibility into network configuration states, helping identify devices with DNS misconfigurations that may be preventing MDM check-ins. When troubleshooting enrollment or connectivity issues, Addigy support teams often recommend verifying DNS resolution for key domains as an early diagnostic step.

Administrators can configure DNS settings within network payloads and deploy them to specific device groups or policies, enabling different DNS configurations for office vs. remote devices. Addigy’s device facts collection includes network configuration details that can reveal DNS server assignments and aid in troubleshooting connectivity problems.