Meraki

Community

DoH and DoT: dns google - Being Block by Cisco Umbrella

CHaywood
Here to help
‎Oct 10 2023 12:30 PM
‎Oct 10 2023 12:30 PM

DoH and DoT: dns google - Being Block by Cisco Umbrella

Hi everyone,

 

I recently added the security subscription to my Meraki GO setup. Very happy I have the added protection.

 

However, I'm receiving a ton of notifications for "DoH and DoT: dns google" being blocked.

 

When I searched google it appears these are used for encrypted DNS traffic. I'm curious why they are being blocked if that's accurate. Could anyone explain?

0 Kudos
3 Replies 3
jesseb514
Here to help
‎Jan 8 2024 1:53 PM
‎Jan 8 2024 1:53 PM

Hi @CHaywood - I had the same question initially! From my experience, this is intentional as the device blocks known encrypted DNS traffic endpoints so that the content filter/security subscription cannot be circumvented. Without this block, users could still open whatever they content they like as the encrypted DNS traffic cannot be inspected by the device.

0 Kudos
In response to jesseb514
speakerfritz
A model citizen
‎Jan 21 2024 5:00 PM
‎Jan 21 2024 5:00 PM

You can exclude those

 

IMG_1822.png

0 Kudos
In response to jesseb514
hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Jan 22 2024 11:03 AM
‎Jan 22 2024 11:03 AM

Greetings @CHaywood 

 

@jesseb514  nailed it. If the DNS queries are encrypted, the security service is unable to see what the query is and take action based on the query.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.