Cisco Catalyst SD-WAN Policy Groups Configuration Guide, Releases 26.x and Later

PDF

Verify DNS security configurations using CLI

Want to summarize with AI?

Log in

Guides users through CLI-based verification procedures for confirming DNS security configurations are correctly implemented and functioning as intended.


DNS security configuration example

The following is a sample configuration of the DNS security with Cisco Secure Access..


parameter-map type dns-defense global​
local-domain test   ​
dnscrypt​
api-key apikey​
orgid 1111111​
secret 6 ehB_GFUYBFN]SAJM]eQPdOiJGWfRTDDdJLLPQB]JHCa]HHNgIYLbbPOJKMTdUVWHRhVgF​
vrf 1​
dns-resolver umbrella​
match-local-domain-to-bypass​
vrf 2​
dns-resolver umbrella​
match-local-domain-to-bypass​

View VRFs registration

The show sdwan dns-defense info command displays how many VRFs requested registration, how many were successfully registered, and whether DNSCrypt is enabled.


Device# show sdwan dns-defense info

REGISTRATIONS REQUESTED         REGISTRATIONS COMPLETED         DNSCRYPT         LAST SUCCESS ATTEMPT
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
11                                     10                                   True                       10/25/25 21:12:01

View registration status

The show sdwan dns-defense device-registration command displays the device ID and the registration status, indicating whether registration was successful or failed for any reason. The response also provides information about the cause of any failure.


Device# show sdwan dns-defense device-registration

VRF ID                         RESP CODE             TAG                        DEVICE_ID                        DESCRIPTION
----------------------------------------------------------------------------------------------------------------------------------------------------------
1                             201 created           vpn1                       f3384af554cefba2           Device Id received successfully
2                             201 created           vpn2                       f3382ad2f8a37dc6           Device Id received successfully