The OpenDNS Hardware Integrations Developer Hub

Welcome to the OpenDNS Hardware Integrations developer hub. You'll find comprehensive guides and documentation to help you start working with OpenDNS Hardware Integrations as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Meraki Cloud-Managed Networks and Umbrella

As the administrator of a Meraki Device, you are able to connect to the Cisco Umbrella global network DNS services. This offers you visibility into all internet traffic originating from your Meraki device and results in a faster internet experience for your users. You can add an additional layer of DNS security to your Meraki device, through an easy-to-establish connection to Umbrella.

New: Integrating Meraki and Umbrella

The MR26.1 firmware version is now available. This firmware enables you to apply Umbrella security policies within the Meraki dashboard. Alternatively, you can still configure your Meraki devices to use Cisco Umbrella regardless of their firmware versions.

For assistance with Meraki firmware versions, contact Meraki Support.

Integrate Meraki with Cisco Umbrella

Integrating the Meraki Dashboard and Umbrella DNS allows clients connected to Meraki Access Points to have their DNS traffic filtered through Cisco's Umbrella DNS service. Umbrella DNS filtering can also be configured to apply to wireless clients that have been assigned to a Group Policy from the Meraki dashboard.

This integration allows Administrators to easily apply and modify DNS-based filtering rules to multiple groups of clients on their network by simply assigning a filtering policy to a specific SSID or Group Policy. Once assigned, all DNS requests from clients under that policy will be automatically redirected to Cisco's Umbrella DNS service where it will be checked against the appropriate policy configured for the Network Device (Meraki SSID or Group Policy) in the Umbrella dashboard.

Note

This feature requires the MR26.1+ firmware version. For more information about integrating Umbrella with Meraki MR Networks, see Integrating Cisco Umbrella with Meraki Networks. Contact Meraki Support for assistance with firmware versions and enabling this feature.

Configure Meraki to Use Cisco Umbrella

The following procedures are for customers who do not have the MR26.0 firmware enabled.

This section describes how to configure the Meraki network to use the Umbrella IP addresses of 208.67.222.222 and 208.67.220.220.

Additionally, if you are using a DNS forwarder as the primary DNS server for your network, this document covers how to update Windows 2003 Server, Windows 2008 Server, Windows 2012 Server or BIND Server to use Umbrella.

Once you’ve configured your Meraki infrastructure to point to Umbrella, you can sign up for either a free premium DNS account or a free 14-day trial of Umbrella.

Set Up Umbrella for a Meraki Network

There are two ways in which you can configure your Meraki networks to use Umbrella. The first is to use DHCP to distribute the Umbrella server IP information directly to clients. This is available on all Meraki platforms. The second method, available only on MX Security Appliances and Z1 Teleworker Gateways, is to configure the MX itself to use the Umbrella servers and to proxy client DNS requests to those same servers.

How to Configure Umbrella for Clients

For MX Security Appliances

  1. From your cloud dashboard, select Security Appliance > Configure > DHCP.
  2. Under the DHCP scope you wish to configure, choose Use OpenDNS from the DNS nameservers drop-down list. DHCP must be enabled for the desired subnet for this option to appear.

For MS Switches

  1. From your cloud dashboard, select Switch > Configure > Routing and DHCP.
  2. Select the route you wish to modify the DHCP service for, and choose Use OpenDNS from the DNS nameservers drop-down list under DHCP Settings.
    DHCP must be enabled for the desired subnet for this option to appear.
    For more information on how to configure the DHCP server for MX Security Appliances and MS Switches, see Configuring DHCP Services on the MX and MS.

For MR Access Points (NAT Mode SSIDs only)

  1. From your cloud dashboard, select Wireless > Configure > Access Control.
  2. Select the SSID you wish to configure, and select Custom DNS from the Content filtering drop-down under Addressing and Traffic.
  3. Enter in the Umbrella server IP addresses: 208.67.222.222 and 208.67.220.220.

How to Configure Your Meraki Network to Proxy DNS to Umbrella

(MX Security Appliance and Z1 Teleworker Gateway only)

Note: Static IP configuration for the MX and Z1 devices must be performed locally and cannot be done through the cloud dashboard. Once logged into the local status page, browse to the Uplink Configuration page and configure the DNS settings to use 208.67.222.222 and 208.67.220.220 under IP Assignment. This method can only be used with Static IP addressing.
For more information on how to access the local configuration, see
Using the Cisco Meraki Device Local Status Page.

  1. From your cloud dashboard, select Security Appliance > Configure > DHCP.
  2. Under DNS nameservers, select Proxy to upstream DNS.

Configure your DNS Forwarder for Umbrella

Even with a Cisco or Meraki device in place at the gateway or egress, DNS for networks is often handled by DNS forwarders installed on DNS servers within the network environment. A DNS forwarder is a DNS server on a network that forwards DNS queries for external domain names to the Umbrella servers. A DNS server on a network is designated as a forwarder when the other DNS servers in the network are configured to forward the queries that they cannot resolve
locally to that DNS server.
The following instructions cover how to configure your DNS forwarder to use the Umbrella public DNS servers for BIND and Windows Server 2003, 2008 and 2012.

Windows Server 2003 and 2003 R2

  1. From the Start menu, navigate to Administrative Tools > DNS.
  2. Choose the DNS server you want to edit.
  3. Select Forwarders.
  4. Select All Other DNS domains in the DNS domains list.
  5. Add Umbrella's addresses to the selected server’s forwarder IP address list.
    Write down your current DNS settings before switching to Umbrella. This will help you if you ever need to return to your old settings.
    Umbrella’s addresses are 208.67.222.222 and 208.67.220.220.
  1. Click OK to confirm the changes.
    We recommend that you flush the DNS resolver cache of the server and the DNS caches of the clients/users using the DNS server to ensure that your new DNS configuration settings take
    immediate effect.

Windows Server 2008 and 2008 R2

  1. From the Start menu, navigate to Administrative Tools > DNS.
  2. Choose the DNS server you want to edit.
  3. Select Forwarders.
  4. Click Edit.
  5. Add Umbrella addresses in the selected server’s forwarder IP address list.
    Write down your current DNS settings before switching to Umbrella. This will help you if you ever need to return to your old settings.
    Umbrella’s addresses are 208.67.222.222 and 208.67.220.220.
  1. Click OK.
  2. Click OK again to confirm the changes.

We recommend that you flush the DNS resolver cache of the server and the DNS caches of the clients/users using the DNS server to ensure that your new DNS configuration settings take immediate effect.

Windows Server 2012 and 2012 R2

  1. In the Start menu, type DNS into Search.
  2. Select DNS from the search results.
  3. Choose the DNS server you want to edit.
  4. Select Forwarders.
  5. Click Edit.
  6. Add Umbrella's addresses to the selected server’s forwarder IP address list.
    Write down your current DNS settings before switching to Umbrella. This will help you if you ever need to return to your old settings.
    Umbrella’s addresses are 208.67.222.222 and 208.67.220.220.
  1. Click OK.
  2. Click OK again to confirm the changes

BIND-based DNS server: Configure BIND to use Umbrella through the shell and Webmin

To point your BIND-based DNS server to use Umbrella resolvers for external resolution you need to modify the file named.conf.options and add the Umbrella resolvers as forwarders. This can be done in one of two ways:

  • Through the command line, Shell\SSH
  • Through a GUI if you have Webmin installed on your BIND server

Shell\SSH Instructions

  1. Connect directly to your server or SSH to it.
  2. Go into /etc/bind.
    Note: This is the default location, so you may need to change this based on your configuration.
  3. Edit named.conf.options in your favorite text editor.
  4. Click Edit.
  5. In named.conf.options, look for a line that starts with forwarders {
    If the forwarders are already configured then just change the current resolver IPs to Umbrella's IP addresses, which are 208.67.222.222 and 208.67.220.220. If the line starting with "forwarders {" isn’t there, you can add it right above the last };
forwarders {
208.67.222.222;
208.67.220.220;
};
  1. Save the file to confirm your changes.

Webmin Instructions

These steps produce a result that is the exact same as the above, except that the Webmin GUI modifies the file named.conf.options for you.

  1. Log into Webmin and navigate to Servers > BIND DNS Server.
  1. Choose Forwarding and Transfers.
  1. Add Umbrella's IP addresses—208.67.222.222 and 208.67.220.220—under the Servers to forward queries to section.
  1. Click Save to confirm the changes.

Integration for ISR G2 – Solution Guide for Umbrella < Meraki Cloud-Managed Networks – Solution Guide for Umbrella > Mobility Express Integration

Meraki Cloud-Managed Networks and Umbrella


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.