Point Your DNS to Cisco Umbrella

Configure DNS to direct traffic from your network to the Cisco Umbrella global network. When a request to resolve a hostname on the internet is made from a network pointed at our DNS addresses, Umbrella applies the security settings in line with your policy.

To use Umbrella, you need to explicitly point the DNS settings in your operating system or hardware firewall/router to Umbrella's name server IP addresses and turn off the automatic DNS servers provided by your ISP. Umbrella supports both IPv4 and IPv6 addresses.

The Umbrella IPv4 addresses are:


The Umbrella IPv6 addresses are:

  • 2620:119:35::35
  • 2620:119:53::53

Several systems allow you to specify multiple DNS servers. We recommend that you only use the Cisco Umbrella servers and do not include any other DNS servers.

Anycast IP Addresses

These are the Anycast IP addresses for Umbrella:

IPv4IPv6Description only Primary (see below) only Secondary (see below) Primary (see below) Secondary (see below)


USA-only DNS resolvers guarantee only that DNS queries are resolved by a USA-based Umbrella data center. Block pages and the selective proxy still use global Anycast and may go to any data center, including one located outside of the USA.

DNS64 (RFC 6147) is meant for single-stack IPv6 networks. This is to help with IPv4 to IPv6 transitions. If you are using Umbrella DNS on devices without IPv4 access, these resolvers will synthesize records that can reach those destinations through a NAT64 gateway using the Well-Known Prefix. More details available in DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers.

Note: We recommend that only users who have administrative access to the router, DNS server, or their own computer attempt to use these instructions as you need this level of access to complete these steps.

Step 1 – Find out where your public DNS server addresses are configured

Determine which device or server on your network maintains the addresses of your public DNS servers—most often a router or DNS server. Typically, the device that provides an internal non-routable IP address (DHCP) or the device that serves as your default gateway is also where you configure public DNS servers.

Step 2 – Log into the server or router where DNS is configured

Once you’ve logged in, find the DNS settings for this device. If you're unsure of where these settings are and require guidance on configuring a server or router, see Step 3 – Change your DNS server addresses.

Step 3 – Change your DNS server addresses



Before you change your DNS settings to use Umbrella, record the current DNS server addresses or settings (for example, write them down on a piece of paper.) It's important that you keep these numbers for backup purposes—just in case you need to revert to them at a later date.

Note: Some ISPs hard-code their DNS servers into the equipment they provide. If you are using such a device, you will not be able to configure it to use Umbrella. Instead, you can configure each of your computers by installing the Umbrella roaming client or configuring the DNS server addresses on each computer. For more information and instructions to configure a typical Windows or Macintosh computer, see Computer Configuration.

The process for changing your DNS settings varies according to the operating system and version (Windows, Mac, or Linux) or the device (DNS server, router, or mobile device). This procedure might not apply for your OS, router, or device. For authoritative information, see the vendor documentation.

To change your settings on a typical router:

  1. In your browser, enter the IP address to access the router's user interface and enter your password.
  2. Find the area of configuration in which DNS server settings are specified and replace those addresses with the Cisco Umbrella IP addresses.

You can use either IPV4 or IPv6 DNS address as your primary or secondary DNS server. You must use both numbers and not the same IP address twice. If your router requires a third or fourth DNS server setting, please use and or 2620:119:35::35 and 2620:119:53::53 as the third and fourth entry respectively.

  1. Save your changes and exit your router's user interface.
  2. Flush your DNS cache.
  3. Confirm that your DNS is set as static.
  4. Test that your setup is working correctly. See Step 4 – Test your new DNS settings.



When you make changes to DNS, you may have cached results that affect service. Flush your DNS cache to be sure that you’re receiving only the latest DNS results. For information on how to flush your DNS cache, see Getting Started: Flushing your DNS Cache.

Email servers have unique DNS configurations. We don't recommend that you configure your email servers to point to Umbrella DNS. For more information, see Umbrella and your email server.

Step 4 – Test Your New DNS Settings

Now that you’ve configured your DNS settings, browse to If you've successfully pointed your DNS to the Cisco Umbrella servers, an Umbrella Welcome page appears.


Note: Savvy users may try to modify their DNS settings to circumvent Umbrella. You can prevent this with firewall rules. For more information, see Preventing Circumvention of Cisco Umbrella with Firewall Rules.

If you have trouble reaching the Cisco Umbrella Welcome page or getting web pages to load, try the following:

  1. From your browser, type in a fixed IP address in the address bar. If you can reach a fixed IP address but you can't reach the Umbrella Welcome page, recheck the steps to point your DNS to Umbrella. If this fails, go to step 2.
  2. Roll back the DNS configuration changes that you made and run the tests again. If the tests still don't work, there is a problem with your network settings or your ISP.
  3. Contact Support at [email protected] or

Set Up DNS-Layer Security < Point Your DNS to Cisco Umbrella > Set Up Web Security