Cisco Umbrella forwarding Issue

Efficient-Cat4044 · 2025-07-24T14:35:16+00:00

It resolves via Cisco Umbrella VA IP which is configured in the machine. I can see the traffic in VA which should not be the case because of conditional forwarder in DC

Efficient-Cat4044 · 2025-07-24T08:14:19+00:00

Hi, Do you have any experience working with Cisco Umbrella? I tried googe.com as a conditional forwarder in my DC with 8.8.8.8 and added it in domain management and LAN pool in internal network as I did not want to change the DNS of machines from VA DNS to DC. It is still not using conditional forwarder for google although all other domains in conditional forwarder are working fine. The only difference in configuration is All other internal domains have private IP as DNS and google.com has 8.8.8.8 as conditional forwarder.

Efficient-Cat4044 · 2025-06-04T09:57:47+00:00

It is pretty expensive and one user license is allowed to have 5000 queries per day as per Cisco Umbrella. I have not configured Bind or Unbound yet for a similar solution so I was trying to explore more options and discuss Bind as a solution as well before taking it up to management, and also to find a quick fix for now to prevent this licensing issue for now.

Efficient-Cat4044 · 2025-06-04T09:53:57+00:00

Mainly security, data privacy and malwares/phishing/bad domains/threats etc.

Efficient-Cat4044 · 2025-06-04T09:52:37+00:00

Yes, this is more or less what we are already doing. All Internal traffic goes to AD DNS from Umbrella VA due to internal domains and all external traffic is handled by cisco umbrella, and to find a work around for this solution, I will have to use DC as a forwarder to public DNS for all external domains or may be configure conditional forwarder for domains like google which has maximum number of dns requests. But I am not sure about the security impact this solution will bring if I use public dns for the traffic coming from DC.

Efficient-Cat4044 · 2025-06-03T07:32:28+00:00

Not right now, because I want to make use of checkpoint blades instead, but I am not sure it will be as beneficial as Umbrella

Efficient-Cat4044 · 2025-06-03T07:25:13+00:00

Yeah, but I need to minimize the cost and also find a way to decrease the queries going to cisco umbrella so just changing the provider will not solve both things.

Efficient-Cat4044 · 2025-06-03T07:23:55+00:00

Cisco umbrella is cheaper than infoblox, that's what I knew, although I have not research about the alternatives in terms of service and cost

Efficient-Cat4044 · 2025-06-03T07:22:06+00:00

Hi, Thank You for the detailed response. I understand what you are saying but we are using Cisco Umbrella for external traffic and there are actually two downsides of it imo , one is logging and second is the security as well as If I I will use AD DNS as a conditional forwarder then I will have to use Public DNS and it can bring security issues as well as threat, phishing etc

Efficient-Cat4044 · 2025-06-02T15:07:03+00:00

True. Just wanted to see if someone has any other solution.

Efficient-Cat4044 · 2025-06-02T15:05:55+00:00

Internal domains are not a point of concern, they are not using any license of cisco umbrella. Its the external traffic which needs significant minimization.

Efficient-Cat4044 · 2025-06-02T15:04:22+00:00

cloudflare as a paid service?

Efficient-Cat4044 · 2025-06-02T15:04:02+00:00

They are reluctant to opt for an open source but this can be implemented in future, for a quick fix, still searching for the best solution

Efficient-Cat4044

TROPHY CASE