
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2020 05:21 PM
I have a Cisco Umbrella environment in a multi-site environment that spans across multiple subnets. We have workstations configured that simply use the Umbrella software to enforce DNS to connect to internal appliances with the following type of network:
10.10.0.1/24 with the DNS appliances running on 10.10.0.10 and 10.10.0.11
For the first site that is on this subnet it works fine and it is able to understand that 10.10.0.x is a local subnet so it does not send DNS requests out to 208.67.222.222 and instead hits a local resolver. This seems to be configured as an "internal network" on the Cisco Umbrella site.
My issue and what I am trying to determine best practices for is that we now have a set of servers on our 10.10.10.1/24 network but all users are unable to access it since it thinks that sending the request out to the public resolvers and it is unable to reach these servers. This makes sense since how will it know that is a local network. I can create a second local network but that seems to be paired in a 1-to-1 relationship to the site name so a workstation in the Default Site can only have 1 internal network for this to work correctly.
How then, do I set this up correctly? Is there a way to add multiple networks somewhere else so it can route properly? Or should I be expanding my subnet and creating an internal network of "10.10.0.0/20" since this would include all internal subnets we use.
Solved! Go to Solution.
- Labels:
-
Routing Protocols
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2020 06:32 PM
I believe I was thinking of this the wrong way in terms of what the local subnets would be. I was able to add the domain itself to Umbrella as an internal domain. This requires me to ensure all necessary A records were created on the local DNS resolvers and is now correctly bypassing the Umbrella public DNS and using the local ones.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2020 06:32 PM
I believe I was thinking of this the wrong way in terms of what the local subnets would be. I was able to add the domain itself to Umbrella as an internal domain. This requires me to ensure all necessary A records were created on the local DNS resolvers and is now correctly bypassing the Umbrella public DNS and using the local ones.
