====== Cisco Umbrella ======

From Cisco's page [[https://support.umbrella.com/hc/en-us/articles/232252848-Common-DNS-Request-Types|here]] and [[https://community.cisco.com/t5/multicloud-management/why-does-cisco-umbrella-not-block-soa-ns-mx-queries-records/td-p/4433276|here]].

Cisco Umbrella has a [[https://docs.umbrella.com/deployment-umbrella/docs/monthly-dns-query-average|Monthly DNS Query Average]] - [[https://docs.umbrella.com/deployment-umbrella/docs/limitations-and-range-limits|more data]]. More info in [[https://www.cisco.com/c/dam/en_us/about/doing_business/legal/OfferDescriptions/cisco_umbrella_product_description.pdf|product description]]

With regards to blocked security domains, please note that Cisco Umbrella blocks A, AAAA, ANY, CNAME, PTR, SRV, PRIVATE, SPF/DNS, NULL, SIG, and TXT records, so queries for other record types (MX, SOA, and NS) will be allowed, even though the category is blocked.  However, requests for MX records of domains that have been categorized as "DNS Tunneling VPN" will be refused.

Cisco Umbrella won't block TXT records for "content filtering" but will for "threat filtering". This makes sense as content filtering is for web page access which is A/AAAA/HTTPS records and not TXT.

===== Cisco Umbrella DNS Servers =====
^Provider ^ IPv4 A ^ IPV4 B ^ IPv6 A ^ IPv6 B ^ Notes ^ DoH ^ DoT ^ DoQ ^
| OpenDNS| 208.67.222.222| 208.67.220.220| | | | | | |
| OpenDNS| 208.67.220.222| 208.67.222.220| | | | | | |
| OpenDNS Family Shield| 208.67.222.123| 208.67.220.123| | | adult | | | |


===== Test Domains =====

  * ''examplebotnetdomain.com''
  * ''examplemalwaredomain.com''
  * ''www.exampleadultsite.com''
  * ''www.examplebotnetdomain.com''
  * ''www.examplemalwaredomain.com''
  * ''www.internetbadgirls.com''
  * ''www.internetbadguys.com''

===== Umbrella Block Page IP Addresses =====
You will see these IP addresses in responses when Umbrella is blocking the connection
^ Name ^ IPv4 Address ^ IPv6 Address ^ Example ^
| Domain List Block Page | 146.112.61.104 | ::ffff:146.112.61.104 |  |
| Command and Control Callback Block Page | 146.112.61.105 | ::ffff:146.112.61.105 |  |
| Content Category Block Page | 146.112.61.106 | ::ffff:146.112.61.106 | www.exampleadultsite.com |
| Malware Block Page | 146.112.61.107 | ::ffff:146.112.61.107 |  |
| Phishing Block Page | 146.112.61.108 | ::ffff:146.112.61.108 | www.internetbadguys.com |
| Suspicious Response Block Page | 146.112.61.109 | ::ffff:146.112.61.109 |  |
| Security Integrations Block Page | 146.112.61.110 | ::ffff:146.112.61.110 |  |