The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Point Your DNS to Cisco Umbrella

Configuring your DNS directs traffic from your network to the Cisco Umbrella global network. When a request to resolve a hostname on the internet is made from a network pointed at our DNS addresses, Umbrella applies the security settings in line with your policy.

To switch to Umbrella, you need to explicitly change the DNS settings in your operating system or hardware firewall/router to use IP addresses of the Umbrella name servers and turn off the automatic DNS servers provided by your ISP.

The Umbrella IP addresses (IPv4) are:

  • 208.67.222.222
  • 208.67.220.220

Several systems allow you to specify multiple DNS servers. We recommend that you only use the Cisco Umbrella servers and do not include any other DNS servers in the list.

Note

We recommend that only users who have administrative access to the router, DNS server or their own computer attempt to use these instructions as you need this level of access in order to take complete steps.

Step 1 – Find out where your public DNS server addresses are configured

Determine which device or server on your network maintains the addresses of your public DNS servers—most often a router or DNS server. Typically, the device that provides an internal non-routable IP address (DHCP) or the device that serves as your default gateway is also where you configure public DNS servers.

Step 2 – Log into the server or router where DNS is configured

Once you’ve logged in, find the DNS settings for this device. If you're unsure of where these settings are, see Step 3 – Change your DNS server addresses for guidance on configuring a server or router. As well, try one of the following guides:

Step 3 – Change your DNS server addresses

Before you change your DNS settings to use Cisco Umbrella, be sure to record the current DNS server addresses or settings (for example, write them down on a piece of paper.) It's important that you keep these numbers for backup purposes—just in case you need to revert to them at a later date.

Note

Some ISPs hard-code their DNS servers into the equipment they provide. If you are using such a device, you will not be able to configure it to use Umbrella. Instead, you can configure each of your computers by installing the Umbrella roaming client or configuring the DNS server addresses on each computer. Instructions to configure a typical Windows or Macintosh computer can be found here here.

The process for changing your DNS settings varies according to operating system and version (Windows, Mac or Linux) or the device (DNS server, router, or mobile device). This procedure might not apply for your OS, router, or device. Please consult your vendor documentation for authoritative information.

To change your settings on a typical router:

  1. In your browser, enter the IP address to access the router's user interface and enter your password.
  2. Find the area of configuration in which DNS server settings are specified and replace those addresses with the Cisco Umbrella IP addresses:

    • 208.67.222.222
    • 208.67.220.220

    You can use either DNS address as your primary or secondary DNS server, but please use both numbers and not the same IP address twice. If your router requires a third or fourth DNS server setting, please use 208.67.220.222 and 208.67.222.220 as the third and fourth entry respectively.

    Before you change your DNS settings to use Umbrella, be sure to record the current DNS server addresses or settings (for example, write them down on a piece of paper.) It's important that you keep these numbers for backup purposes—just in case you need to revert to them at a later date.

  3. Save your changes and exit your router's user interface.

  4. Flush your DNS cache.
  5. Test that your setup is working correctly. See Step 4 – Test your new DNS settings.

Note: Don't forget to confirm that your DNS is set to be static.

Important

When you make changes to DNS, you may have cached results that affect service. Flush your DNS cache to be sure that you’re receiving only the latest DNS results. For information on how to flush your DNS cache, see Getting Started: Flushing your DNS Cache.

WARNING

Email servers have unique DNS configurations and we don't recommend pointing them to use Umbrella in most cases. For more information, see Umbrella and your email server.

Step 4 – Test your new DNS settings

Now that you’ve configured your DNS settings, browse to http://welcome.umbrella.com. If you've successfully pointed your DNS to the Cisco Umbrella servers, you'll see the following confirmation page:

Note

Savvy users may try to modify their DNS settings to circumvent Umbrella. You can prevent this with firewall rules. For more information, see Preventing Circumvention of Cisco Umbrella with Firewall Rules.

If you have trouble reaching the Cisco Umbrella Welcome page or getting web pages to load, try the following:

  1. From your browser, type in a fixed IP address in the address bar. Enter: http://18.62.0.96/ (which points to http://www.eecs.mit.edu/). If this works but you can't reach the Umbrella Welcome page, then there is a problem with your DNS configuration. Recheck the steps above to make sure you have configured everything correctly. If this fails, go to step 2.
  2. Roll back the DNS changes you made and run the tests again. If the tests still don't work, then there is a problem with your network settings or your ISP.
  3. Contact Support at umbrella-support@cisco.com or https://support.umbrella.com/tickets/new.

Next, we'll customize your protection and filtering by creating a unique Umbrella policy.


Protect Your Network < Point Your DNS to Cisco Umbrella > Create and Apply Policies

Point Your DNS to Cisco Umbrella