Solved: Re: CISCO ISE DNS CONFIGURATION

lilianamartinez · ‎11-19-2021

Hi , I was searching cisco documentation about dns configuration on ISE , I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one? Today DNS primary goes down and it lose AD conectivity because of that a lot of user could,t authenticate, so costumer was asking to add a 3rd DNS to avoid this issue again.

thomas · ‎11-30-2021

3 DNS servers are supported:

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address

View solution in original post

balaji.bandi · ‎11-19-2021

, I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one?

yes, i do, but when you configure you need to restart the ISE service to take effect of new DNS Settings ? has this been done?

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html

When DNS Fails you can see the Logs in ISE, why it not able to resolve other DNS ? check the Logs ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thomas · ‎11-30-2021

3 DNS servers are supported:

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address

bkatrep · ‎04-12-2023

thomas. i removed the existing primary dns server ip on ise node and added a new one. i configured the old dns ip as the secondary and restarted the services on the node. But still seeing the DNS requests originating from the old server ip. any clue ? how to check a specific daemon

Marcelo Morais · ‎04-12-2023

Hi @bkatrep ,

please try to reload the Node.

Hope this helps !!!

ajc · ‎07-14-2023

I added a 3rd entry to ISE CLI DNS configuration and now the Node is completely stuck. See attached picture. I did a reload of the node, it did not help. the difference is that this new DNS server is a new Windows 2019 compare to the original 2 entries that are 2012.

fdasilvanascimento · ‎03-15-2024

How Cisco ISE check the "ip host" ?

I set up the configuration below and Cisco ISE did not resolve the lab.company2 name.

ip name-server 192.168.100.30
!

ip host 10.10.200.10 lab.company2

Remarks: The name server 192.168.100.30 does not resolve lab.company2 due company business polices.

MSJ1 · ‎10-04-2024

@thomas How to find the DNS settings from GUI Interafce of ISE ?

manvik · ‎03-12-2024

ise/admin# show running-config ip

this will give you domain-name, IP and DNS

dsobrinho · ‎08-05-2024

Hi team,

One question, Should I reload the node after included 3 DNS? It is not clear for me

Daniel Sobrinho