cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2796
Views
0
Helpful
3
Replies
stanislav.pilat
Beginner

Umbrella Roaming Client nslookup

Hey guys,

I'm testing the Umbrella with 14 days trial and noticed that nslookup feature on windows machine shows my local DNS server as the source of DNS answer even for external domains - I thought that DNS requests to external domains are directly forwarded to Umbrella DNS through the AnyConnect roaming module, which I actually use.

But, in the Umbrella dashboard I can see the requests for external domains (and that's correct), so probably it is working properly and I'm just confused with the result of nslookup.

Could you please clear it up for me?

Thanks in advance.

SP.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Shinpei Kono
Cisco Employee

 

AnyConnect does not override DNS setting which is assigned statically or via DHCP when DNS protection via roaming module is enabled, and it is still looked up for local search domains and whitelist. Nslookup command without name server option then just directly reaches the DNS server configured there instead of redirecting the request to AnyConnect(and OpenDNS public resolvers). The Umbrella dashboard result might have come from name resolutions through browser or pinging etc and probably your setting was working properly.

 

View solution in original post

Tao Yang
Cisco Employee

It is actually the expected behaviour. The DNS forward of Cisco Anyconnectr Umbrella roaming module is running at kernel level and it doesn't need to change the local DNS settings like the standalone Umbrella roaming client. Please refer to the following KB for more details.

 

https://support.umbrella.com/hc/en-us/articles/360000429306-Standalone-Roaming-Client-vs-AnyConnect-Roaming-Module

View solution in original post

3 REPLIES 3
Shinpei Kono
Cisco Employee

 

AnyConnect does not override DNS setting which is assigned statically or via DHCP when DNS protection via roaming module is enabled, and it is still looked up for local search domains and whitelist. Nslookup command without name server option then just directly reaches the DNS server configured there instead of redirecting the request to AnyConnect(and OpenDNS public resolvers). The Umbrella dashboard result might have come from name resolutions through browser or pinging etc and probably your setting was working properly.

 

View solution in original post

Tao Yang
Cisco Employee

It is actually the expected behaviour. The DNS forward of Cisco Anyconnectr Umbrella roaming module is running at kernel level and it doesn't need to change the local DNS settings like the standalone Umbrella roaming client. Please refer to the following KB for more details.

 

https://support.umbrella.com/hc/en-us/articles/360000429306-Standalone-Roaming-Client-vs-AnyConnect-Roaming-Module

View solution in original post

stanislav.pilat
Beginner

Thanks guys for your explanation. ;) 

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad