Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2171
Views
0
Helpful
2
Replies

Cisco Umbrella - Virtual Appliance "DNS queries from this VA ... are not encrypted"

Beacon Bits
Level 1
Level 1

‎07-31-2019 02:51 AM

Hello Everyone,

 

Scenario:

I have installed VA cluster (two Virtual Appliances). They are fully active.

 

Issue:

One of them is showing GREEN status: (Healthy) and other is showing ORANGE status: (Warning) with the message

" DNS queries forwarded by this VA to Umbrella are not encrypted. For more information, and steps to resolve, please visit: https://support.umbrella.com/hc/en-us/articles/230902388#dnscrypt-disabled". 

This document does not tell much.... Thanks Cisco!

 

I am confused that this is how VA cluster works or there's a config miss that I have.

Please advise on this?

 

Resolution:

??

 

Regards,

B

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎07-31-2019 03:17 AM

Hi,
Does the 2nd VA appliance route traffic through the same firewall as the 1st VA? It could be that encrypted DNS packets are blocked on the firewall for traffic from the 2nd VA.

HTH
0 Helpful

Beacon Bits
Level 1
Level 1
In response to Rob Ingram

‎07-31-2019 04:34 AM

Thanks @Rob Ingram . 

 

My firewall was picking this NDS traffic in the https inspection blade.

I have added the exception to allow the DNS packet out of that source and now both are working fine.

 

Thanks @Rob Ingram for pointing to firewall!

0 Helpful
Customers Also Viewed These Support Documents