Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9792
Views
0
Helpful
7
Replies

ISE2.4 version. Getting DNS error even though Name server is configured.

Go to solution
techie21
Level 1
Level 1

‎11-29-2018 07:20 AM

ISE 2.4 version:

Identity Services Engine

Alarms: DNS Resolution Failure

Description
DNS Resolution Failure on node
Suggested Actions
Check if the dns server configured by the command " ip name-server" is reachable

Getting DNS error even though Name server is configured. Error "DNS resolution failed for the hostname CNNAME against the currently configured name servers."

 

 

4 people had this problem
Preview file
13 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pan
Cisco Employee
Cisco Employee
In response to techie21

‎11-29-2018 08:08 AM

ok the problem is ISE is not able to do nslookup for hostname.

 

Please note ISE should be able to do forward and reverse dns lookup for itself and for all other node in the deployment.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
pan
Cisco Employee
Cisco Employee

‎11-29-2018 07:25 AM

login to cli of node and do nslookup for the hostname of the ISE node for which you have alarm and check if nslookup is working?

0 Helpful

Go to solution
techie21
Level 1
Level 1
In response to pan

‎11-29-2018 08:06 AM

Here is the nslookup:

 


msscidcISE01/admin# nslookup msscidcISE01
Trying "msscidcISE01.mss.tiss"
Trying "msscidcISE01"
Host msscidcISE01 not found: 3(NXDOMAIN)
Received 105 bytes from 209.29.2.44#53 in 1 ms

0 Helpful

Go to solution
pan
Cisco Employee
Cisco Employee
In response to techie21

‎11-29-2018 08:08 AM

ok the problem is ISE is not able to do nslookup for hostname.

 

Please note ISE should be able to do forward and reverse dns lookup for itself and for all other node in the deployment.

0 Helpful

Go to solution
techie21
Level 1
Level 1
In response to pan

‎11-29-2018 08:14 AM

I checked the configuration. I am able to ping Name Server from ISE:

ip name-server 209.29.2.44 209.29.2.45

msscidcISE01/admin# ping 209.29.2.44
PING 209.29.2.44 (209.29.2.44) 56(84) bytes of data.
64 bytes from 209.29.2.44: icmp_seq=1 ttl=63 time=0.604 ms

msscidcISE01/admin# ping 209.29.2.45
PING 209.29.2.45 (209.29.2.45) 56(84) bytes of data.
64 bytes from 209.29.2.45: icmp_seq=1 ttl=63 time=1.01 ms

 

I don't know where is the issue then?

0 Helpful

Go to solution
pan
Cisco Employee
Cisco Employee
In response to techie21

‎11-29-2018 08:19 AM

as said before issue is while doing nslookup for hostname of ISE, connectivity is fine.

 

 

0 Helpful

Go to solution
techie21
Level 1
Level 1
In response to Jason Kunst

‎11-29-2018 08:19 AM

What is this then? I guess I have the same issue:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur14902/?rfs=iqvred

ISE DNS Resolution Failed for"hostname" from the ISE node "hostname"
CSCur14902
 
Description
Symptom:
The following alarm is generated during a dns failure:
DNS Resolution Failed for CNAME:"hostname" from the ISE node "hostname".

Even though the FQDN and the DNS response has the same FQDN

Conditions:
The behavior is consistent and does not impact any users.

Workaround:
Contact TAC to manually modify the alarm script

Further Problem Description:
Details
Last Modified:
Feb 13,2018
Status:
Fixed
Severity:
3 Moderate
Product:
(1)
Cisco Identity Services Engine
Support Cases:
9
0 Helpful
Customers Also Viewed These Support Documents