After updating two of my iOS devices to iOS 17.1 I noticed some odd DNS queries coming from these devices in my local DNS resolver’s logs.
Oct 29 21:05:54 dnsmasq: query[A] basejumper.apple.com from 10.0.0.126 Oct 29 21:05:54 dnsmasq: cached basejumper.apple.com is NODATA-IPv4
The odd thing here is that basejumper.apple.com does not resolve to anything. All A/AAAA/HTTPS queries for the name return a NOERROR empty response. So what is this endpoint?
A quick search indicates this is a Apple developer tool meant for internal Apple use. My search brought up a README text file on opensource.apple.com indicates that it has something to do with “MobileAssets”.
* Basejumper - the internal server for hosting / testing MobileAssets. Users must be within the internal network and have a default set in order to reach Basejumper. To get internal devices to point to Basejumper do: asutil --set-asset-server-url https://basejumper.apple.com/assets/ --asset-type com.apple.MobileAsset.CertificatePinning
As the text indicates that particular endpoint is only supposed to be reachable from the internal (Apple) network and have a “default set” (no idea what that means!).
Another thing I noticed was a reference to “mesu”. Now this one I see in my DNS query logs all the time, anyone with Apple devices in their network will see this name being queried all the time – mesu.apple.com.
The README indicates that mesu is the production/public-facing host for “MobileAssets”. Okay there’s that term again, what the hell is “MobileAssets”? Thankfully since this endpoint is supposed to be public there is indeed publicly available information on it. Namely on the Apple support page “Use Apple products on enterprise networks“.
This page indicates that mesu.apple.com is used for hosting software update catalogs and is used on “iOS, iPadOS, tvOS, watchOS, and macOS”. With that information available we can infer what basejumper.apple.com is which is: a staging/developer version of mesu.apple.com.
So why is this happening? My best guess is that someone at Apple messed up and shipped a developer/non-final build with some bit of software referring to basejumper.apple.com instead of mesu.apple.com. Oops. As far as I can tell this particular mistake appears to be harmless and is not breaking anything in iOS.
P. S – the README file also mentions other internal tools called “Styx” and “Beatbox”. Always interesting to see what companies name their internal tools.