The Cisco Umbrella roaming client performs relatively aggressive health checking to monitor for changes in network and DNS connectivity; this lets the Umbrella roaming client provide as seamless an experience as possible in dynamic network environments.
In router/firewall logs, you may notice a lot of packets being sent to debug.opendns.com. This is the domain used by the Umbrella roaming client to determine certain characteristics about DNS connectivity, and whether connectivity is possible over certain protocols and ports. See Roaming Client Prerequisites for more information.
These health checks are referred to as "probes".
The following number of probes are performed every 10 seconds:
- Virtual Appliance Probe (for each DNS server specified in active network adapters)
- Protected Network Probe (for each DNS server specified in active network adapters)
- Encrypted Probe
- Transparent Probe.
In a typical network, using two DNS servers supplied by DHCP, the Umbrella roaming client sends 2160 probes per hour.
Because the packets are so small and are using the UDP protocol, which has very low overhead, the traffic generated by the Umbrella roaming client probes is relatively insignificant; all in a day's work for UDP and DNS.
If you are running hundreds or thousands of Umbrella roaming clients on a single network, we recommend ensuring that the UDP timeout on your network is around 10-15 seconds. We have found that some networks employ a 30-60+ UDP timeout. This is much higher than typically expected between a host and destination for UDP packets
Please contact Support with further inquiries.