Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
30979
Views
7
Helpful
8
Replies

CISCO ISE DNS CONFIGURATION

Go to solution
lilianamartinez
Level 1
Level 1

‎11-19-2021 01:57 PM

Hi ,  I was searching cisco documentation about dns configuration on ISE , I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one? Today DNS primary goes down and it lose AD conectivity because of that a lot of user could,t authenticate, so costumer was asking to add a 3rd DNS to avoid this issue again.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-30-2021 02:16 PM

3 DNS servers are supported:

 

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address 

 

View solution in original post

8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-19-2021 04:21 PM 

, I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one?

yes, i do, but when you configure you need to restart the ISE service to take effect of new DNS Settings ? has this been done?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html

 

When DNS Fails you can see the Logs in ISE, why it not able to resolve other DNS ? check the Logs ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-30-2021 02:16 PM

3 DNS servers are supported:

 

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address 

 

Go to solution
bkatrep
Level 1
Level 1
In response to thomas

‎04-12-2023 10:01 AM

 thomas. i removed the existing primary dns server ip on ise node and added a new one. i configured the old dns ip as the secondary and restarted the services on the node. But still seeing the DNS requests originating from the old server ip. any clue ? how to check a specific daemon 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to bkatrep

‎04-12-2023 08:46 PM

Hi @bkatrep ,

 please try to reload the Node.

Hope this helps !!!

0 Helpful

Go to solution
ajc
Level 7
Level 7
In response to Marcelo Morais

‎07-14-2023 02:07 PM

I added a 3rd entry to ISE CLI DNS configuration and now the Node is completely stuck. See attached picture. I did a reload of the node, it did not help. the difference is that this new DNS server is a new Windows 2019 compare to the original 2 entries that are 2012.

ISE32 STUCK.png

 

0 Helpful

Go to solution
fdasilvanascimento
Level 1
Level 1
In response to thomas

‎03-15-2024 09:50 AM

How Cisco ISE check the "ip host" ?

I set up the configuration below and Cisco ISE did not resolve the lab.company2 name.

ip name-server 192.168.100.30
!

ip host 10.10.200.10 lab.company2

Remarks: The name server 192.168.100.30 does not resolve lab.company2 due company business polices.


0 Helpful

Go to solution
manvik
Level 3
Level 3

‎03-12-2024 07:10 AM 

ise/admin# show running-config ip

this will give you domain-name, IP and DNS 

0 Helpful

Go to solution
dsobrinho
Level 9
Level 9
In response to manvik

‎08-05-2024 11:21 AM

Hi team,

One question, Should I reload the node after included 3 DNS? It is not clear for me 

Daniel Sobrinho
0 Helpful
Customers Also Viewed These Support Documents