DNS Entries Required for DNA Center

pinglis · ‎03-24-2021

Cisco DNA Center hostname (FQDN) set during Cisco DNA Center configuration through the config wizard (in the input field "Cluster's hostname").

Cisco DNA Center currently supports only one hostname (FQDN) for all interfaces. You must configure the GeoDNS policy to resolve to the management IP/virtual IP and enterprise IP/virtual IP for the Cisco DNA Center hostname (FQDN) based on the network from which the DNS query is received.

balaji.bandi · ‎03-24-2021

it is advised to have DNS all the time, any deployment, even when you configuring ISE, you need DNS names, instead of using IP address, that is the prefered way to move forward.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pinglis · ‎03-25-2021

For sure DNS is the right approach. It seems most of my actual question has been cut off.

What I was asking is what DNS entries are required for DNA Center?

And

What is mean by the statement referring to GeoDNS?

It what situations would I need to resolve the FQDN to the Enterprise port address?

e.g.

Does ISE use this port and need to resolve the name to he Enterprise port address?

Do the managed devices use this name and need to resolve it to the Enterprise port?

rasmus.elmholt · ‎04-07-2021

For a DNA Cluster i would create 5 DNS entries for the enterprise ports. VIP, 3 nodes and PNP:

VIP: dnaccluster.domain.com

Node1: dnac01.domain.com

Node2: dnac02.domain.com

Node3: dnac03.domain.com

PNP: pnpserver.domain.com -> dnaccluser.domain.com

If you are using the GUI port then that one needs a DNS as well for certificates.

Make sure you create the certificates for the DNS and IP you use: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html