Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
49380
Views
17
Helpful
13
Replies

CISCO ISE DNS CONFIGURATION

Go to solution
lilianamartinez
Level 1
Level 1

‎11-19-2021 01:57 PM

Hi ,  I was searching cisco documentation about dns configuration on ISE , I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one? Today DNS primary goes down and it lose AD conectivity because of that a lot of user could,t authenticate, so costumer was asking to add a 3rd DNS to avoid this issue again.

2 people had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-30-2021 02:16 PM

3 DNS servers are supported:

 

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address 

 

View solution in original post

13 Replies 13

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-19-2021 04:21 PM 

, I was wondering if we can configure up to 3 DNS on ISE and primary DNS goes down , should ISE try to resolve by the secondary one?

yes, i do, but when you configure you need to restart the ISE service to take effect of new DNS Settings ? has this been done?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html

 

When DNS Fails you can see the Logs in ISE, why it not able to resolve other DNS ? check the Logs ?

 

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-30-2021 02:16 PM

3 DNS servers are supported:

 

ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# ip name-server ?
<A.B.C.D>|<valid IPv6 format> Primary DNS server address
<A.B.C.D>|<valid IPv6 format> DNS server 2 IP address
<A.B.C.D>|<valid IPv6 format> DNS server 3 IP address 

 

Go to solution
bkatrep
Level 1
Level 1
In response to thomas

‎04-12-2023 10:01 AM

 thomas. i removed the existing primary dns server ip on ise node and added a new one. i configured the old dns ip as the secondary and restarted the services on the node. But still seeing the DNS requests originating from the old server ip. any clue ? how to check a specific daemon 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to bkatrep

‎04-12-2023 08:46 PM

Hi @bkatrep ,

 please try to reload the Node.

Hope this helps !!!

Go to solution
ajc
Level 7
Level 7
In response to Marcelo Morais

‎07-14-2023 02:07 PM

I added a 3rd entry to ISE CLI DNS configuration and now the Node is completely stuck. See attached picture. I did a reload of the node, it did not help. the difference is that this new DNS server is a new Windows 2019 compare to the original 2 entries that are 2012.

ISE32 STUCK.png

 

0 Helpful

Go to solution
fdasilvanascimento
Level 1
Level 1
In response to thomas

‎03-15-2024 09:50 AM

How Cisco ISE check the "ip host" ?

I set up the configuration below and Cisco ISE did not resolve the lab.company2 name.

ip name-server 192.168.100.30
!

ip host 10.10.200.10 lab.company2

Remarks: The name server 192.168.100.30 does not resolve lab.company2 due company business polices.


0 Helpful

Go to solution
MSJ1
Level 1
Level 1
In response to thomas

‎10-04-2024 07:35 AM

@thomas How to find the DNS settings from GUI Interafce of ISE ?

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to MSJ1

‎12-30-2024 09:29 AM

Hi @MSJ1 ,

 please take a look at ISE - What we need to know about DNS Server.

 

Hope this helps !!!

Go to solution
seyyedmhashemian
Level 1
Level 1
In response to thomas

‎04-06-2025 06:27 AM - edited ‎04-06-2025 06:29 AM

Hi, Thanks. for example :

ise/admin(config)# ip name-server 192.168.1.2 192.168.1.3 192.168.1.200

Go to solution
manvik
Level 3
Level 3

‎03-12-2024 07:10 AM 

ise/admin# show running-config ip

this will give you domain-name, IP and DNS 

Go to solution
dsobrinho
Level 9
Level 9
In response to manvik

‎08-05-2024 11:21 AM

Hi team,

One question, Should I reload the node after included 3 DNS? It is not clear for me 

Daniel Sobrinho
0 Helpful

Go to solution
CoMFPedreira
Level 1
Level 1

‎11-07-2025 09:23 AM

I just performed this operation now as suggested and noticed that it will only work if you reboot the server after each change. In my case I had to remove an old DNS server using no ip name-server x.x.x.x. Perform a reboot when prompted. Then add a new address ip name-server x.x.x.x. Perform another reboot. Then the settings get applied.

Previously I had tried to change both entries with a single reboot and only the second entry would get changed.

Hope this helps someone

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to CoMFPedreira

‎11-07-2025 01:09 PM

Hi @CoMFPedreira ,

 please take a look at: ISE - What we need to know about DNS Server, special attention to:

" ... Each change (addition or deletion) using the ip name-server command causes the ISE Service to restart ... "

" ... the reset-config command (a command that can ONLY be run on the Console Portreset the ADE-OS settings, such as HostnameIP AddrMaskDef. GatewayDomain NameDNS ServerNTP Server and Timezone (parameters requested during Cisco ISE Setup), and can be used to reconfigure several parameters with just a single restart of the ISE Service. This command does not request the CLI Admin password, nor does it "resetCisco ISE Configuration or Operation Data (performed by the application reset-config command) ... "

 

Hope this helps !

 

0 Helpful
Customers Also Viewed These Support Documents