Some customers may find that Umbrella isn't working as expected even though they are pointing their DNS to Umbrella's resolvers.
Many Internet service providers (ISPs) can use a type of DNS hijacking to take control over a user's DNS requests. The reasons for this can vary, but it's often for collecting statistics and to return ads when users access an unknown domain and sometimes for content filtering reasons. Some governments use DNS hijacking for censorship, redirecting users to government-authorized sites.
Depending on your ISP or your router/modem configuration, you may find that your DNS requests are not reaching the Umbrella due to this DNS hijacking. This article will help you check to see if you are affected by this and what to do next to resolve it.
How to check if your DNS requests are reaching Umbrella
- First, check to see that your endpoint device is configured to point to the Umbrella resolvers (126.96.36.199 and 188.8.131.52).
- If you are pointing your DNS to your internal DNS servers, please ensure that the forwarder settings of your DNS servers are configured to point to Umbrella.
- To test your computer to see if it's using Umbrella, navigate to: https://welcome.umbrella.com/. If you do not see a successful message, it's possible that your ISP could be intercepting your DNS traffic.
- Use the following tool and run the "Extended Test" to check which DNS revolvers you are using: https://www.dnsleaktest.com/.
- This is an example of a 'good', working scenario where DNS is reaching Umbrella / OpenDNS.
As you an see, every hop is showing as Cisco OpenDNS. There are no other 3rd party DNS servers showing here. This means that Cisco Umbrella is handling the DNS request every step along the way.
- This following is an example of a 'bad', non-working scenario where DNS is being hijacked / intercepted by the ISP.
As outlined by the Red box, you can see that in this scenario, the ISP by the name of 'Internet Rimon' is answering the DNS request. This shows that Umbrella is not answering the final DNS query, but instead, the ISP is hijacking this DNS traffic.
If you find that your ISP is hijacking your DNS queries, please reach out to the ISPs technical support team who will be able to assist you further with disabling any DNS redirection on your router/modem. As the DNS redirection is happening before the request reaches Umbrella, this falls outside of our support scope.
Please also note that Comcast offers a feature called 'Comcast Business SecurityEdge', which is a DNS filtering service that overrides anything set at the client level. If an organization is behind a Comcast Business Gateway modem with SecurityEdge enabled, all DNS queries will be redirected to NetActuate or Comcast DNS servers. If you are using Comcast but aren't sure if you are using their "SecurityEdge" feature, please check with Comcast support team.
You can verify your router’s DNS settings by following the instructions found here: https://support.opendns.com/forums/21618374.
Your can verify your computer’s DNS settings by following the instructions found here: https://support.opendns.com/forums/21618384.
After you have resolved this with your ISP, you can visit https://welcome.umbrella.com/ again to test whether or not you are using Umbrella. If you are still facing issues after speaking with your ISP, please reach out to our support team who will be able to assist further.