browse
Introduction
You have deployed your Virtual Appliances, configured your local resolvers, and everything looks to be working. Then you see “Not All DNS Okay” in yellow or "All DNS Fail" in red in the VA console:
What does it mean?
"Not All DNS Okay" is normally caused by something blocking the communication going from the VA to Umbrella. Often, the block is caused by a firewall or security appliance stopping the DNS query on Port 53 from getting to one of the four required IP addresses of our resolvers:
- 208.67.220.220
- 208.67.222.222
- 208.67.220.222
- 208.67.222.220
In order to see which of these might be being blocked, tab over the error message. This will open the expanded message with additional details:
In this case, UDP lookup on port 53 failed to connect to 208.67.220.222 and 208.67.222.220.
How do I fix this?
- Check to see which of the 4 Umbrella Resolvers aren’t being reached. Check your Firewall to see if that IP address has been allowed.
- If any are missing, add them and see if the error message goes away. If it doesn’t contact Umbrella Support at umbrella-support@cisco.com
- Check the Virtual Appliance Prerequisites and make sure that they are all being met.
What should I do if it's still not working?
If you have checked all the prerequisites listed in our Documentation, added the missing IP addresses (if any), and you are still seeing this issue, please open the On Demand Support Tunnel on the VA in question and reach out to the Umbrella Support team (umbrella-support@cisco.com).