Cisco Catalyst SD-WAN Policy Groups Configuration Guide, Releases 26.x and Later

Feature history for DNS security

Updated: March 10, 2026

Want to summarize with AI?

Details the evolution of DNS security features, highlighting major enhancements and updates across software releases to inform users about new capabilities and functional improvements.

Table 1. Feature history
Feature Name	Release Information	Description
DNS Security with Cisco Secure Access	Cisco IOS XE Catalyst SD-WAN Release 26.1.1 Cisco Catalyst SD-WAN Manager Release 26.1.1.1	This feature monitors and controls the DNS requests by blocking access to unauthorized domains and applies consistent DNS-based security policies across devices. DNS security fallback ensures that DNS security policy routing is determined by device routing configurations. In the event of a failover where the NAT Direct Internet Access (DIA) route is unavailable, connectivity is maintained by service vpn routing, ensuring continued reachability.
Increase in Local Domain Bypass Scale	Cisco IOS XE Catalyst SD-WAN Release 26.1.1 Cisco Catalyst SD-WAN Manager Release 26.1.1.1	With this feature the local domain bypass entries are increased to 256.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.