Configure DNS Forwarder for Umbrella

Even with a Cisco or Meraki device in place at the gateway or egress, DNS for networks is often handled by DNS forwarders installed on DNS servers within the network environment. A DNS forwarder is a DNS server on a network that forwards DNS queries for external domain names to the Umbrella servers. A DNS server on a network is designated as a forwarder when the other DNS servers in the network are configured to forward the queries that they cannot resolve locally to that DNS server.

The following instructions cover how to configure your DNS forwarder to use the Umbrella public DNS servers for BIND and Windows Server 2003, 2008 and 2012.

Table of Contents

• Prerequisites
• Windows Server 2003 and 2003 R2
• WIndows Server 2008 and 2008 R2
• Windows Server 2012 and 2012 R2
• Configure BIND to use Umbrella DNS
  • Shell or SSH Instructions
  • Webmin Instructions

Prerequisites

• The MR26.1+ firmware version. For more information, see Manually Integrating Cisco Umbrella with Meraki Networks.

Windows Server 2003 and 2003 R2

1. From the Start menu, navigate to Administrative Tools > DNS.
2. Choose the DNS server you want to edit.
3. Select Forwarders.
4. Select All Other DNS domains in the DNS domains list.
5. Add Umbrella's addresses to the selected server’s forwarder IP address list.
   Write down your current DNS settings before switching to Umbrella. This will help you if you ever need to return to your old settings.
   Umbrella’s addresses are 208.67.222.222 and 208.67.220.220.

6. Click OK to confirm the changes.
   We recommend that you flush the DNS resolver cache of the server and the DNS caches of the clients or users using the DNS server to ensure that your new DNS configuration settings take immediate effect.

Windows Server 2008 and 2008 R2

1. From the Start menu, navigate to Administrative Tools > DNS.
2. Choose the DNS server you want to edit.
3. Select Forwarders.
4. Click Edit.
5. Add Umbrella addresses in the selected server’s forwarder IP address list.
   Write down your current DNS settings before switching to Umbrella. This will help you if you ever need to return to your old settings.
   Umbrella’s addresses are 208.67.222.222 and 208.67.220.220.

6. Click OK.
7. Click OK again to confirm the changes.

We recommend that you flush the DNS resolver cache of the server and the DNS caches of the clients or users using the DNS server to ensure that your new DNS configuration settings take immediate effect.

Windows Server 2012 and 2012 R2

1. In the Start menu, search DNS.
2. Select DNS from the search results.
3. Choose the DNS server you want to edit.
4. Select Forwarders.
5. Click Edit.
6. Add Umbrella's addresses to the selected server’s forwarder IP address list.
   Write down your current DNS settings before switching to Umbrella. This will help you if you ever need to return to your old settings.
   Umbrella’s addresses are 208.67.222.222 and 208.67.220.220.

7. Click OK.
8. Click OK again to confirm the changes

Configure BIND to use Umbrella DNS

To point your BIND-based DNS server to use Umbrella resolvers for external resolution, you need to modify the file named.conf.options and add the Umbrella resolvers as forwarders. This can be done in one of two ways:

• Through the command line (shell or SSH)
• Through a GUI if you have Webmin installed on your BIND server

Shell or SSH Instructions

1. Connect directly to your server or SSH to it.
2. Navigate into the directory: /etc/bind.
   Note: This is the default location, so you may need to change this based on your configuration.
3. Edit the named.conf.options file in your favorite text editor.
4. Click Edit.
5. In named.conf.options, look for a line that starts with "forwarders {".
   If the forwarders are already configured, just change the current resolver IPs to Umbrella's IP addresses. The Umbrella IP addresses are: 208.67.222.222 and 208.67.220.220. If the file does not contain the line starting with "forwarders {", you can add it right above the last "};".

forwarders {
208.67.222.222;
208.67.220.220;
};

6. Save the file to confirm your changes.

Webmin Instructions

The following steps produce a result that is equivalent to the previous steps, except that the Webmin GUI modifies the file named.conf.options for you.

1. Log into Webmin and navigate to Servers > BIND DNS Server.

2. Choose Forwarding and Transfers.

3. Add Umbrella's IP addresses—208.67.222.222 and 208.67.220.220—under the Servers to forward queries to section.

4. Click Save to confirm the changes.

Set Up Umbrella for a Meraki Network < Configure DNS Forwarder for Umbrella > Mobility Express Integration