Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5273
Views
0
Helpful
3
Replies

Umbrella Roaming Client nslookup

Go to solution
stanislav.pilat
Level 1
Level 1

‎07-17-2018 12:15 AM

Hey guys,

I'm testing the Umbrella with 14 days trial and noticed that nslookup feature on windows machine shows my local DNS server as the source of DNS answer even for external domains - I thought that DNS requests to external domains are directly forwarded to Umbrella DNS through the AnyConnect roaming module, which I actually use.

But, in the Umbrella dashboard I can see the requests for external domains (and that's correct), so probably it is working properly and I'm just confused with the result of nslookup.

Could you please clear it up for me?

Thanks in advance.

SP.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Shinpei Kono
Cisco Employee
Cisco Employee

‎08-03-2018 09:17 PM - edited ‎08-03-2018 09:18 PM

 

AnyConnect does not override DNS setting which is assigned statically or via DHCP when DNS protection via roaming module is enabled, and it is still looked up for local search domains and whitelist. Nslookup command without name server option then just directly reaches the DNS server configured there instead of redirecting the request to AnyConnect(and OpenDNS public resolvers). The Umbrella dashboard result might have come from name resolutions through browser or pinging etc and probably your setting was working properly.

 

View solution in original post

0 Helpful

Go to solution
Tao Yang
Cisco Employee
Cisco Employee

‎08-10-2018 12:07 AM - edited ‎08-10-2018 12:08 AM

It is actually the expected behaviour. The DNS forward of Cisco Anyconnectr Umbrella roaming module is running at kernel level and it doesn't need to change the local DNS settings like the standalone Umbrella roaming client. Please refer to the following KB for more details.

 

https://support.umbrella.com/hc/en-us/articles/360000429306-Standalone-Roaming-Client-vs-AnyConnect-Roaming-Module

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Shinpei Kono
Cisco Employee
Cisco Employee

‎08-03-2018 09:17 PM - edited ‎08-03-2018 09:18 PM

 

AnyConnect does not override DNS setting which is assigned statically or via DHCP when DNS protection via roaming module is enabled, and it is still looked up for local search domains and whitelist. Nslookup command without name server option then just directly reaches the DNS server configured there instead of redirecting the request to AnyConnect(and OpenDNS public resolvers). The Umbrella dashboard result might have come from name resolutions through browser or pinging etc and probably your setting was working properly.

 

0 Helpful

Go to solution
Tao Yang
Cisco Employee
Cisco Employee

‎08-10-2018 12:07 AM - edited ‎08-10-2018 12:08 AM

It is actually the expected behaviour. The DNS forward of Cisco Anyconnectr Umbrella roaming module is running at kernel level and it doesn't need to change the local DNS settings like the standalone Umbrella roaming client. Please refer to the following KB for more details.

 

https://support.umbrella.com/hc/en-us/articles/360000429306-Standalone-Roaming-Client-vs-AnyConnect-Roaming-Module

0 Helpful

Go to solution
stanislav.pilat
Level 1
Level 1

‎08-15-2018 05:57 AM

Thanks guys for your explanation. ;) 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents