Re: ISE DNS

tachyon05 · ‎11-07-2025

I have ISE deployment on prem, but we continue to move Active Directory and other servers to AWS. It looks like when on prem AD / DNS servers are offline, we start to see some ISE authentication issues. Do we need to add AWS DNS servers to ISE? Where do I add them?

Rob Ingram · ‎11-07-2025

@tachyon05 ISE will need DNS to communicate with AD, so if the on-prem DNS servers are offline you would need to configure to use the AWS DNS servers.

To set the Domain Name Server (DNS) for use during a DNS query, use the ip name-server command in configuration mode from the CLI of the ISE nodes. You can configure one to three DNS servers.

ip name-server ip-address {ip-address *}

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/cli_guide/b_ise_CLI_Reference_Guide_33/b_ise_CLIReferenceGuide_33_chapter_011.html

Aref Alsouqi · ‎11-10-2025

The only thing I would add to what @Rob Ingram mentioned is that when you issue the command "ip name-server ..." on ISE CLI that command doesn't remove the previously configured DNS servers. For instance let's say you already have 192.168.0.1 and 192.168.10.1 configured as your DNS servers, and then you go and issue the command "ip name-server 172.16.0.1". This will not remove the 192.168.0.1 and 192.168.10.1, rather it will add the 172.16.0.1 to the previously configured servers and it will be the last in order I think. So, if you want to remove the old servers you have to use the command "no ip name-server ..." and leave the new ones only.