browse
Cisco is releasing an emergency update to our Chromebook app. This release contains a change to the default DNS port from UDP 53 to UDP 443 due to an observed issue in ChromeOS 99 and 100 that prevents blocks from successfully applying with DNS over UDP 53. Without this update, Chromebooks could see Umbrella coverage not apply.
Update June 2022: The issue has been resolved on ChromeOS. Port 53 is once again able to be utilized normally. The Umbrella default will remain port 53. See below on how to return to UDP 53 by configuration.
Impact Statement:
With the change to 443, this may impact Chromebooks ability to resolve Umbrella DNS - causing what appears to be extreme latency on version 1.3.15. Ensure that UDP 443 is permitted to 208.67.222.222 or apply the mitigation steps below.
For users with ChromeOS 99 or higher on Umbrella 1.3.13 or lower, you may see coverage fail to apply.
This issue affects Umbrella by preventing UDP 53 DNS queries from being sent to DNS addresses that are not configured on the device or via DHCP.
Required change:
- Validate that UDP 443 to 208.67.222.222 is open on your network
or
- See below for alternative steps to retain UDP 53. Until a resolution is made available in ChromeOS, DoH config may be required to work around and still use UDP 53 for DNS to Umbrella.
To restore DNS on UDP 53, add the following to your Chromebook Umbrella configuration. Note that this may cause your Umbrella blocks to not apply for all Chromebooks version 98-100.
"resolverPortNumber": { "Value": 53 }
As an alternative if UDP 53 is required, you may configure Chromebook DoH to dns.umbrella.com in Google Workspace. This will allow the Umbrella Chromebook Client to continue to send DNS to the Umbrella resolvers for enforcement.