Configure the DNS Tunneling VPN Security Category

Available Languages

Download Options

  • PDF     (69.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (124.9 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (123.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 8, 2025
Document ID:224816

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure the DNS tunneling VPN Security Category in Umbrella.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on Umbrella DNS.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Overview

    DNS tunneling VPN classifies servers associated with DNS tunneling VPN services under a security category that you can block or allow and report on. These services allow end-users to disguise outgoing traffic as DNS queries, potentially violating acceptable use, data loss prevention, or security policies. As a result, these services present a potential security threat and reduce overall visibility in your environment.  

    With this security category providing immediate visibility, you can reduce the risk of DNS tunneling and potential data loss. You can block this category outright, or just monitor the results in reports; this provides the flexibility to determine what is the right approach to tackling the problem, depending on your risk tolerance, acceptable use or HR policies.

    Turning on DNS Tunneling VPN

    This security category can be enabled like any other under Policies > Security Settings, then editing an existing security setting. Or, it can be done within the policy configuration wizard itself:

    115014823666115014823666

    DNS Tunneling can be filtered against through the Activity Search report:

    115015008983115015008983

    Revision History

    Revision Publish Date Comments
    1.0
    08-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products