Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
846
Views
1
Helpful
2
Replies

Umbrella questions

Go to solution
PatrickCavell85782
Level 1
Level 1

‎12-01-2022 02:04 PM

Assume a customer is running Umbrella VA's on premise.

Question 1: If the DNS query is for a host outside of the organization the VA's forward the query to Umbrella DNS servers using DNSCrypt. Assuming the Umbrella DNS servers don't have the answer do they act as recursive DNS resolvers and thus iteratively query the root, TLD, and authoritative DNS servers and then return the answer to the customer? I assume the VA's do NOT act as the recursive resolvers.

Question 2: If the first answer to the question above is the Umbrella DNS servers do in fact act as recursive resolvers, do they use DNSSec when forwarding queries to other DNS servers (root, TLD, etc)?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎12-01-2022 02:33 PM

Hi Patrick,

The answer to both your question is Yes.
Question 1: VA acts as a forwarder only, and Umbrella DNS acts as recursive DNS resolver.
Question 2: Yes, Umbrella DNS acts as fully RFC compliant security aware resolvers by performing DNSSEC validation on queries to authoritative nameservers for signed zones

Hope that helps.

View solution in original post

2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎12-01-2022 02:33 PM

Hi Patrick,

The answer to both your question is Yes.
Question 1: VA acts as a forwarder only, and Umbrella DNS acts as recursive DNS resolver.
Question 2: Yes, Umbrella DNS acts as fully RFC compliant security aware resolvers by performing DNSSEC validation on queries to authoritative nameservers for signed zones

Hope that helps.

Go to solution
PatrickCavell85782
Level 1
Level 1

‎12-01-2022 06:00 PM

Thanks Jennifer. That was very helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents