Friday, September 11, 2020

Strange OpenDNS/Cisco Umbrella behavior

Hey all, wondering if anyone else has ran into this. Quick background: MSP for local businesses. We have about 40 networks that we manage. We like to use Cisco Umbrella for their primary DNS.

Last night, got a ticket in that one of our clients' internet was down. No down notification from our SNMP server. Strange, I see traffic flowing, SIP is working, but our remote desking software shows all machines offline. Ok, reboot the firewall to see if it solves. It doesn't. I make the trip down there.

On a local machine now, can ping external addresses, but dns lookup failing. Take a test machine, swap DNS on local interface from Cisco to Google, DNS is now responding and can load pages. Ok, set the firewall to start handing out Google DNS and rebooted. All machines are back in business.

No other clients were affected. Has anyone ever had Cisco Umbrella seemingly deny service from specific client sites?

As I was typing this out, another client called in with similar symptoms. Now I'm just trying to get their Windows server to start handing out Google DNS which is not quite as easy as a network that has the firewall manage DHCP and DNS :/



No comments:

Post a Comment