Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2986
Views
6
Helpful
2
Replies

Add server IP addresses to SRV responses

Go to solution
victguti
Level 1
Level 1

‎06-22-2017 08:05 AM

Hello,

I have an ISE full distributed deployment 2.0.1.130. All the nodes properly enrolled with MS AD and when I run the diagnostic tool all the tests are successful except one warning for the test "DNS SRV record query". The result and remedy specifies: "SRV Record Found. Not all SRV Records have IP, will need to run additional query for get IP."


I believe this warning is related with the recommendation of including IP addresses into SRV responses:


http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_01101.html?bookSearch=true#reference_EA017E71F25145C9A1374373ABFA102E


I have been trying to find the way to include the IP in SRV response in MS Servers and Infoblox and it seems not to be possible. Could you give me any tip or help to apply this recommendation?


Thanks,


Víctor.

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-22-2017 10:36 AM

I have no experience with Infobox but I believe this is up to the DNS server implementation whether its responses to SRV queries include the A record(s) of the resources. In some cases, it could be the sizes too big to return in the responses.

It's more efficient if it does, because no need to make more queries to get the IP resolutions of the recourses. The AD integration might still work ok.

View solution in original post

2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-22-2017 10:36 AM

I have no experience with Infobox but I believe this is up to the DNS server implementation whether its responses to SRV queries include the A record(s) of the resources. In some cases, it could be the sizes too big to return in the responses.

It's more efficient if it does, because no need to make more queries to get the IP resolutions of the recourses. The AD integration might still work ok.

Customers Also Viewed These Support Documents