The TCPWave DNS appliances can be used as an Authoritative DNS appliance for internal DNS zones and the recursive DNS queries can be forwarded to Cisco Umbrella using the virtual appliances.
The Cisco Umbrella virtual appliances can be downloaded by logging
in to the Cisco Umbrella. Here are the instructions to download and
install the virtual appliances:
https://docs.umbrella.com/deployment-umbrella/docs/3-deploy-the-vas
The virtual appliances should have the DNS configured for
forwarding the internal DNS queries.
https://docs.umbrella.com/deployment-umbrella/docs/5-configuring-the-vas
From Virtual appliance terminal, add the TCPWave DNS
appliances using the following command:
config va
localdns <TCPWave DNS server1 > < TCPWave DNS server2 >
<TCPWave DNS server3 >
The TCPWave DNS appliance can be configured as DNS Authoritative appliance and the virtual appliances deployed can forward the internal DNS queries to TCPWave DNS appliance. The Cisco Umbrella "Domain Management" must be configured with the internal zones. These zones will be updated by the Cisco Umbrella to the virtual appliances, then the internal queries which are received by the virtual appliances will be forwarded to the TCPWave appliance which are configured on the virtual appliances.
The TCPWave appliances can be configured to forward the DNS queries to the virtual appliances and having all the clients first reach the TCPWave appliance. This will provide more insights into the DNS queries with TCPWave reporting.
When the TCPWave DNS appliance is set to forward the queries to the virtual appliances, the reporting data at Cisco Umbrella will not show the internal IP addresses of each client which queried the DNS instead you can see the TCPWave DNS appliance IP as Internal IP for all the queries forwarded to the Cisco Umbrella in the report.
Also, this method of forwarding the queries to the virtual appliances will not allow applying the policies based on "internal networks" when the TCPWave DNS appliance is configured to serve multiple internal networks.
Note: TCPWave configuration is not required when forwarding the queries to the virtual appliances.
In the TCPWave application, under the DNS option templates, select Only under Forward field, and enter the Forwarders.
Note: The above configuration is only required when forwarding queries to the virtual appliance. This configuration is not required when the DNS clients are pointed directly to the virtual appliances. The Virtual appliance will forward the internal zone queries to the TCPWave which are configured in the "Domain Management".
The virtual appliances are configured on the Cisco Umbrella under "Sites and Active Directory".
The public IP addresses on each site configured on the Cisco Umbrella helps in providing the geo locationbased response to the clients and apply policies for each location.
The internal zones configured in the TCPWave appliances are configured on this "Domain Management" which will be sent to the virtual appliances.
The below image displays the Cisco Umbrella reports showing the internal and external IP addresses when the DNS queries are pointed to the virtual appliances.
The Internal IP addresses will be same as the TCPWave DNS appliance for all the queries if the DNS queries are first pointed to the TCPWave DNS and then the TCPWave is set to forward the queries to the virtual appliance.
TCPWave has the expertise and the experience necessary to ensure the seamless transition of your legacy network infrastructure into the modern world of DDI automation.
Contact us today to learn more about how TCPWave IPAM can move your network forward.
