Cisco Umbrella: Recursive DNS Services
Your Recursive DNS Service Solution
Recursive DNS Services
If you haven't already signed up for Umbrella's recursive DNS services, you're missing out! Cisco Umbrella provides fast, reliable internet connectivity, and you can even sign up for our basic DNS monitoring services for free - no strings attached.
Additional security
If you’re interested in getting more extensive security protections for your organization, you can sign up for a variety of Cisco Umbrella packages to meet your needs. Get features like web filtering, threat intelligence, and added security from malware, botnets, command-and-control callbacks, cryptomining, and other threats.
It's all about the DNS
To start with Cisco Umbrella, you’ll need to configure your recursive DNS to use Umbrella’s DNS servers. This will direct traffic from your network to the Cisco Umbrella global network. When a request to resolve a hostname on the internet is made from a network pointed at our DNS addresses, Umbrella applies the selected security settings connected with the policies in your account.
Cisco Umbrella supports both IPv4 and IPv6 addresses.
Our IPv4 addresses are:
208.67.222.222
208.67.220.220
Our IPv6 addresses are:
2620:119:35::35
2620:119:53::53
How to point your recursive DNS to Cisco Umbrella
First, you need to explicitly point the DNS settings in your operating system or hardware firewall/router to Umbrella’s nameserver IP addresses, and turn off the automatic DNS servers provided by your ISP.
Some systems allow you to specify multiple DNS servers. We recommend that you only use the Cisco Umbrella servers and do not include any other DNS servers in your list.
Note: We recommend that only users with administrative access to the router, DNS server, or their own computer attempt to use these instructions, since you need this level of access to complete these steps.
Setting up your recursive DNS
Step 1 - Find out where your public DNS server addresses are configured
Determine which device or server on your network maintains the addresses of your public DNS servers - most often, this will be a router or a DNS server.
Typically, the device that provides an internal non-routable IP address (DHCP) or the device that serves as your default gateway is also where you configure public DNS servers.
Step 2 - Log into the server or router where DNS is configured
Log into the device using administrator credentials. Once you’ve logged in, find the DNS settings for this device. If you’re unsure of where these settings are, check the documentation for your specific device, or try one of the following guides:
Step 3 - Change your DNS server addresses
Before you change your DNS settings to use Cisco Umbrella, be sure to record the current DNS server addresses or settings (for example, by writing them down on a piece of paper). It’s important that you keep these numbers for backup purposes - just in case you need to revert to them later.
Note: Some ISPs will hard-code their DNS servers into the equipment they provide. If you are using such a device, you will not be able to configure it to use Umbrella. Instead, you can configure each of your computers by installing the Umbrella roaming client, or by configuring the DNS server addresses on each computer. Instructions to configure a typical Windows or Mac computer can be found here.
The process for changing your DNS settings varies according to the operating system and version (Windows, Mac, or Linux) or the device (DNS server, router, or mobile device). This procedure might not apply for your OS, router, or device. For authoritative information, refer to your equipment vendor documentation.
To change your settings on a typical router:
- In your browser, enter the IP address to access the router’s user interface and enter your password.
- Find the area of configuration in which DNS server settings are specified and replace those addresses with the Cisco Umbrella IP addresses
- Save your changes and exit your router’s configuration interface.
- Flush your DNS cache.
You can use either the IPV4 or IPv6 DNS addresses as your primary and secondary DNS servers. However, you must use both numbers in the set, instead of using the same IP address twice for primary and secondary.
If your router requires a third or fourth DNS server setting, please use 208.67.220.222 and 208.67.222.220 (for IPv4) or 2620:119:35::35 and 2620:119:53::53 (for IPv6) as the third and fourth entries, respectively
Note: Don’t forget to confirm that your DNS is set to be static.
Important: when you make changes to DNS, you may have cached results that affect service. Flush your DNS cache to be sure that you’re receiving only the latest DNS results.
Step 4 - Test your new DNS settings
Now that you’ve configured your DNS settings, browse to http://welcome.umbrella.co.il. If you’ve successfully pointed your DNS to the Cisco Umbrella servers, you will see an Umbrella welcome page.
Note: Savvy users may try to modify their DNS settings to circumvent Umbrella. You can prevent this behavior with firewall rules.
Get help when you need it
If you have trouble reaching the Cisco Umbrella welcome page or getting web pages to load after following these steps, try the following steps to troubleshoot.
- From your browser, type in a fixed IP address in the address bar. If this works but you can’t reach the Umbrella welcome page, there is a problem with your DNS configuration. Recheck the steps above to make sure you have configured everything correctly. If this fails, go to step 2.
- Roll back the DNS changes you made and run the tests again (remember those addresses you wrote down on the piece of paper?) If the tests still don’t work, there is a problem with your network settings or your ISP.
- Contact our Support team for assistance.
Explore at your pace
Not ready to try Umbrella just yet? Learn how you can protect your users from threats in our self-guided demo environment.
Note: Chrome or Firefox browser is required and you will be asked to install a third-party plug-in, WalkMe.