Resolve the Error "Not All DNS ok" when Configuring VA

Available Languages

Download Options

  • PDF     (178.3 KB)
    View with Adobe Reader on a variety of devices
Updated:September 18, 2025
Document ID:224958

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to resolve the "Not All DNS ok" when configuring virtual appliances (VA) in Cisco Umbrella.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on Cisco Umbrella.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Problem

    You successfully set up your Virtual Appliances and arranged your local DNS resolvers, and all seems operational. However, you then notice a yellow "Not All DNS ok" or a red "All DNS Fail" alert displayed in the Virtual Appliance console:

    Not All DNS Ok Error360002644046

    Solution

    1. Check to see which of the four Umbrella Resolvers are not being reached. Check your firewall to see if that IP address has been allowed.

    • If any are missing, add them and see if the error message goes away. If it does not go away, contact Umbrella Support.

    2. Check the Virtual Appliance Prerequisites and make sure that they are all being met.

    If you have checked all the prerequisites listed in the Umbrella documentation, added the missing IP addresses (if any), and you are still seeing this issue, please open the On Demand Support Tunnel on the VA in question and reach out to Umbrella Support.

    Cause

    "Not All DNS ok" is normally caused by something blocking the communication going from the VA to Umbrella. The block is often caused by a firewall or security appliance stopping the DNS query on Port 53 from getting to one of the four required IP addresses of Umbrella's resolvers:

    • 208.67.220.220
    • 208.67.222.222
    • 208.67.220.222
    • 208.67.222.220

    In order to see which of these is being blocked, tab over the error message. This opens the expanded message with additional details:

    Details Showing UDP Lookup on Port 53 Failed to Connect360002644066

    In this case, UDP lookup on port 53 failed to connect to 208.67.220.222 and 208.67.222.220. 

    Revision History

    Revision Publish Date Comments
    1.0
    18-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products