Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
For devices configured to use Umbrella for DoH and DoT:
An issue has been reported where Umbrella may close the connection for devices sending multiple DoH/DoT requests over a single TCP connection. While only some DoH/DoT client implementations are ...
Ran across this edge-case when trying to deploy BlueCat + Cisco Umbrella integration. This bug does modify the ARCOUNT, but more importantly, it modifies it without updating the UDP checksum. Packets are rejected as soon as they arrive at a DNS serve...
Hi GUNBUNS,
A couple things worth checking from Edge and your phone; visit https://www.dnsleaktest.com/ (Warning: Third-party site) and run the basic test, see if you're getting DNS from anyone other than Cisco OpenDNS.
If you see anyone other than O...
Indeed this technique is a bit old-hat, we have material from six years ago specifically mentioning fast flux as a concern for DNS security for the federal government: https://blogs.cisco.com/government/securing-government-it-all-starts-at-the-dns-la...
Correct, the "myip" parameter is not required when calling this API endpoint.
Clients really only need to query for their own IP address in order to know if it's been recently changed by their ISP, so they know when to send a new update to the API. T...
Oh, that makes sense.I can't think of any quick fixes for this, the client is more capable of "excluding" than "including" traffic. If joined to an Active Directory domain, the machine will always wildcard that as an Internal Domains exception. For o...
CGNAT is an unfortunate trade-off due to the limited address space in IPv4, and it affects all services that rely on tracking/identifying the source IP of traffic to a single subscriber. We're making multiple improvements that are meant to identify a...
