Solved: DNS profile settings

roysm · ‎08-17-2016

Okay, so I'm setting up a dns profile on the APIC and what should be very simple is now a nightmare.

I set the "default" dns profile with the oob management EPG, DNS servers and DNS domain. I then add the dns labels in the oob vrf. I now see 2 types of fault logged

Ctx Configuration failed for uni/tn-mgmt/ctx-oob due to dns-policy-not-present

AND

Failed to form relation to MO uni/fabric/dnsp-cumbria.gov of class dnsProfile

I found this article https://supportforums.cisco.com/document/12268641/configuring-dns-cisco-aci-fabric-solution but getting confused with some of the CLI steps. How current is this document? I am running v.2.0.1p. Is this document for an older version?

In the CLI steps some of the folder layouts are different in the document compared to what I see on my controller. e.g at task3.2 it shows to go to /aci/tenants/mgmt/networking/private-networks/oob/dns-profile-labels/default, except that this does not exist. What I see under "dns-profile-labels" is a folder for my domain name. If I go in to this folder I can then run the cat summary command.

I just wonder if the difference in the folder layout on my system compared to the document is the reason for the faults being logged and is there any way of getting around this? Do you have to use the default dns profile or how do you apply a custom dns profile?

Many thanks in advance

Roy

Tomas de Leon · ‎08-18-2016

Your DNS Label name used in Tenant Common is "cumbria.gov". You do NOT have DNS setup in Tenant MGMT for VRF OOB or INB.

The DNS Policy in the fabric is typically for use with FABRIC devices. Clients and Hosts DNS settings should be set manually or via DHCP, etc.

Try remioving "cumbria.gov" and adding "default" and then adding the DNS Label to Tenant MGMT VRF OOB & INB.

Cheers!

T.

View solution in original post

roysm · ‎08-18-2016

Tomas

That's done the trick. I must have thought DNS label referred to the domain, which now I think about it, doesn't make sense. Still getting my head around the way ACI does things and it's terminology.

Thanks for the help

Roy

View solution in original post

Tomas de Leon · ‎08-17-2016

Roy,

Yes the document that you reference is from a previous version and from a period before the NXOS like CLI commands for ACI:

Please try:

apic1# show dns-address
apic1# show dns-domain
apic1# show running-config dns

ie.

fab1-p1-apic1# show dns-address
Address Preferred
------------------------------ ---------
191.44.124.122 no
192.37.87.157 no
193.102.6.247 yes
194.70.168.183 no

fab1-p1-apic1# show dns-domain
Name Default
------------------------------ -------
cisco.com yes
deadbeef.local no

fab1-p1-apic1# show running-config dns
# Command: show running-config dns
# Time: Wed Aug 17 09:55:10 2016
dns
address 191.44.124.122
address 192.37.87.157
address 193.102.6.247 preferred
address 194.70.168.183
domain cisco.com default
domain deadbeef.local
use-vrf oob-default
exit

Tomas de Leon · ‎08-17-2016

also you can the older method also if you go into bash mode.

# cat /aci/fabric/fabric-policies/global-policies/dns-profiles/default/summary

fab1-p1-apic1# bash
admin@fab1-p1-apic1:~>

admin@fab1-p1-apic1:default> cat /aci/fabric/fabric-policies/global-policies/dns-profiles/default/summary
# dns-profile
name : default
description : ACI Fabric 1 DEFAULT DNS Profile
ownerkey :
ownertag :
management-epg : tenants/mgmt/node-management-epgs/default/out-of-band/default

dns-providers:
address preferred
-------------- ---------
191.44.124.122 no
192.70.168.183 no
193.37.87.157 no
194.102.6.247 yes

dns-domains:
name default description
------------- ------- ---------------
cisco.com yes domain server 1
deadbeef.local no domain server 2

roysm · ‎08-17-2016

Tomas

Thanks for the confirmation that the document refers to an older version, which answers that question.

I can also confirm that if I run the commands on the APICs I see the correct DNS settings. However, I still don't understand why I see the faults mentioned before. Is there another step, that is missed from the old documents, that I should have follwed?

Roy

Tomas de Leon · ‎08-17-2016

It appears the you created a DNS policy and then maybe deleted it but the fault remains. The is a known issue with this.

What ACI Version are you running?

CSCuw85183 - Not able to clear dns-policy-not-present fault after deleting dns profile

Please provide the output from the following CLI command on the APIC.

apic1# moquery -c dnsLbl

Thanks

T.

roysm · ‎08-18-2016

Tomas

I did create a new dns policy, then removed. After trying to use the default policy, I did delete the default and recreated it again with the name default.

I am running v.2.0.1p

The output from moquery -c dnsLbl is

Total Objects shown: 1

# dns.Lbl
name : cumbria.gov
childAction :
descr :
dn : uni/tn-mgmt/ctx-oob/dnslbl-cumbria.gov
lcOwn : local
modTs : 2016-08-17T11:28:46.531+00:00
monPolDn : uni/tn-common/monepg-default
ownerKey :
ownerTag :
rn : dnslbl-cumbria.gov
status :
tag : yellow-green
uid : 15374

Tomas de Leon · ‎08-18-2016

Your DNS Label name used in Tenant Common is "cumbria.gov". You do NOT have DNS setup in Tenant MGMT for VRF OOB or INB.

The DNS Policy in the fabric is typically for use with FABRIC devices. Clients and Hosts DNS settings should be set manually or via DHCP, etc.

Try remioving "cumbria.gov" and adding "default" and then adding the DNS Label to Tenant MGMT VRF OOB & INB.

Cheers!

T.

roysm · ‎08-18-2016

Tomas

That's done the trick. I must have thought DNS label referred to the domain, which now I think about it, doesn't make sense. Still getting my head around the way ACI does things and it's terminology.

Thanks for the help

Roy