Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17328
Views
7
Helpful
5
Replies

CISCO ISE DNS CONFIGURATION

Go to solution
lilianamartinez
Beginner
Beginner

‎11-19-2021 01:57 PM

Hi ,  I was searching cisco documentation about dns configuration on ISE , I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one? Today DNS primary goes down and it lose AD conectivity because of that a lot of user could,t authenticate, so costumer was asking to add a 3rd DNS to avoid this issue again.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-30-2021 02:16 PM

3 DNS servers are supported:

 

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address 

 

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

‎11-19-2021 04:21 PM 

, I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one?

yes, i do, but when you configure you need to restart the ISE service to take effect of new DNS Settings ? has this been done?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html

 

When DNS Fails you can see the Logs in ISE, why it not able to resolve other DNS ? check the Logs ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-30-2021 02:16 PM

3 DNS servers are supported:

 

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address 

 

Go to solution
bkatrep
Beginner
Beginner
In response to thomas

‎04-12-2023 10:01 AM

 thomas. i removed the existing primary dns server ip on ise node and added a new one. i configured the old dns ip as the secondary and restarted the services on the node. But still seeing the DNS requests originating from the old server ip. any clue ? how to check a specific daemon 

0 Helpful

Go to solution
Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor
In response to bkatrep

‎04-12-2023 08:46 PM

Hi @bkatrep ,

 please try to reload the Node.

Hope this helps !!!

0 Helpful

Go to solution
ajc
Rising star
Rising star
In response to Marcelo Morais

‎07-14-2023 02:07 PM

I added a 3rd entry to ISE CLI DNS configuration and now the Node is completely stuck. See attached picture. I did a reload of the node, it did not help. the difference is that this new DNS server is a new Windows 2019 compare to the original 2 entries that are 2012.

ISE32 STUCK.png

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents