Guides users through CLI-based verification procedures for confirming DNS security configurations are correctly implemented and functioning as intended.
DNS security configuration example
The following is a sample configuration of the DNS security with Cisco Secure Access..
parameter-map type dns-defense global
local-domain test
dnscrypt
api-key apikey
orgid 1111111
secret 6 ehB_GFUYBFN]SAJM]eQPdOiJGWfRTDDdJLLPQB]JHCa]HHNgIYLbbPOJKMTdUVWHRhVgF
vrf 1
dns-resolver umbrella
match-local-domain-to-bypass
vrf 2
dns-resolver umbrella
match-local-domain-to-bypass
View VRFs registration
The show sdwan dns-defense info command displays how many VRFs requested registration, how many were successfully registered, and whether DNSCrypt is enabled.
Device# show sdwan dns-defense info
REGISTRATIONS REQUESTED REGISTRATIONS COMPLETED DNSCRYPT LAST SUCCESS ATTEMPT
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
11 10 True 10/25/25 21:12:01
View registration status
The show sdwan dns-defense device-registration command displays the device ID and the registration status, indicating whether registration was successful or failed for any reason. The response also provides information about the cause of any failure.
Device# show sdwan dns-defense device-registration
VRF ID RESP CODE TAG DEVICE_ID DESCRIPTION
----------------------------------------------------------------------------------------------------------------------------------------------------------
1 201 created vpn1 f3384af554cefba2 Device Id received successfully
2 201 created vpn2 f3382ad2f8a37dc6 Device Id received successfully