cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3979
Views
5
Helpful
3
Replies

DNAC - DNS requirement for initial setup

Platypus88
Level 1
Level 1

Hi Expert, 

I'm planning to bring up DNAC on cluster setup. understand DNS address is required for initial setup. I have few query regarding this DNS :

 

1. what is the function of DNS address on DNAC? is it only for internet ? because without internet, for initial setup still required DNS address.

2. if we don't want to connect our DNAC to production DNS, can we use the staging DNS server/ use any router and configure as temp DNS server ?

3. for initial setup , the DNS server should work or is only requirement for DNAC to have DNS address ?

4. DNS on DNAC will communicate using which port ? I assume is enterprise port.

5. when we setup cloud port, do we use the same DNS address?

 

Thank you

3 Replies 3

Preston Chilcote
Cisco Employee
Cisco Employee

I think the most important reason for DNS is so that your appliance knows how to get to all the services in the Cisco Cloud, such as software releases, security advisories, licensing, smart accounts, and advanced Assurance features.  

 

When the appliance needs to reach any IP address, DNS included, it simply checks the routing table, so if the route to DNS is exiting the Enterprise Port, then that's the port it will use.

 

I don't know exactly how thoroughly the install script tests DNS before letting you complete initial setup.  It could just be a ping, or it could be an actual lookup.

AdamF1
Level 1
Level 1

I can not answer all your questions but hopefully I can provide some assistance with my experience.
I would recommend opening a TAC case to get the answers you are requesting. DNS is used to resolve things in your network as well as the ability to resolve DNAC GUI. It is also used in the certificate binding that is used for assurance. If you were to enable assurance on your WLC's it uses a dns name.

Tomas de Leon
Cisco Employee
Cisco Employee

NOTE:
I am making the assumption that this is a new install of a Cisco DNA Center from manufacturing. If this is the case, this is 'not' an Airgap deployment. Taking this assumption in consideration, the Cisco DNA Center will attempt to reach out to the internet regardless of where you install it and it's access to the internet.

Please refer to the following:

 

Required Internet URLs and Fully Qualified Domain Names
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-3/install_guide/2ndgen/b_cisco_dna_center_install_guide_2_2_3_2ndGen/m_plan_deployment_2_2_3_2ndgen.html#concept_z4t_cd3_sfb

 

Required IP Addresses and Subnets
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-3/install_guide/2ndgen/b_cisco_dna_center_install_guide_2_2_3_2ndGen/m_plan_deployment_2_2_3_2ndgen.html#concept_t3c_dbj_sfb

 

DNS Server IP Addresses: The IP address for one or more of your network's preferred Domain Name System (DNS) servers. During configuration, you can specify multiple DNS server IP addresses by entering them as a space-separated list.

 

With this in mind, here are some answers to your questions:

 

1. DNS is used for resolution for "Required Internet URLs and Fully Qualified Domain Names" listed on the enclosed URL. In addition, the Cisco DNA Center using DNS for internal operations within the platform itself and with the devices & applications configured for your Cisco DNA environment.

 

2. You can use a staging or lab DNS for testing purposes. This is not an issue. But ther are some caveats that may cause issues depending on the release that you are running and some known issues. Some tips to avoid these possible caveats and issues is make sure the DNS IP address is not the same IP address as your NTP server or your default gateway (which is typically a switch or router)

 

3. For the initial setup and for successful operations, the DNS ip address should be a valid ip address and reachable. Otherwise, there is a strong possiblilty the install will fail.

 

4. & 5. DNS is configured for the entire controller. So in theory, you only need to configure DNS on one interface. Since Enterprise & Cluster interfaces are "required". I would suggest using the Enterprise interface for the DNS configuration. Then, as mentioned, the Cisco DNA Center will use it's default route or specific routing to forward the DNS requests.

 

Review Cisco Networking for a $25 gift card