cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9711
Views
0
Helpful
7
Replies

ISE2.4 version. Getting DNS error even though Name server is configured.

techie21
Level 1
Level 1

ISE 2.4 version:

Identity Services Engine

Alarms: DNS Resolution Failure

Description
DNS Resolution Failure on node
Suggested Actions
Check if the dns server configured by the command " ip name-server" is reachable

Getting DNS error even though Name server is configured. Error "DNS resolution failed for the hostname CNNAME against the currently configured name servers."

 

 

1 Accepted Solution

Accepted Solutions

pan
Cisco Employee
Cisco Employee

ok the problem is ISE is not able to do nslookup for hostname.

 

Please note ISE should be able to do forward and reverse dns lookup for itself and for all other node in the deployment.

View solution in original post

7 Replies 7

pan
Cisco Employee
Cisco Employee

login to cli of node and do nslookup for the hostname of the ISE node for which you have alarm and check if nslookup is working?

Here is the nslookup:

 


msscidcISE01/admin# nslookup msscidcISE01
Trying "msscidcISE01.mss.tiss"
Trying "msscidcISE01"
Host msscidcISE01 not found: 3(NXDOMAIN)
Received 105 bytes from 209.29.2.44#53 in 1 ms

pan
Cisco Employee
Cisco Employee

ok the problem is ISE is not able to do nslookup for hostname.

 

Please note ISE should be able to do forward and reverse dns lookup for itself and for all other node in the deployment.

I checked the configuration. I am able to ping Name Server from ISE:

ip name-server 209.29.2.44 209.29.2.45

msscidcISE01/admin# ping 209.29.2.44
PING 209.29.2.44 (209.29.2.44) 56(84) bytes of data.
64 bytes from 209.29.2.44: icmp_seq=1 ttl=63 time=0.604 ms

msscidcISE01/admin# ping 209.29.2.45
PING 209.29.2.45 (209.29.2.45) 56(84) bytes of data.
64 bytes from 209.29.2.45: icmp_seq=1 ttl=63 time=1.01 ms

 

I don't know where is the issue then?

pan
Cisco Employee
Cisco Employee

as said before issue is while doing nslookup for hostname of ISE, connectivity is fine.

 

 

What is this then? I guess I have the same issue:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur14902/?rfs=iqvred

ISE DNS Resolution Failed for"hostname" from the ISE node "hostname"
CSCur14902
 
Description
Symptom:
The following alarm is generated during a dns failure:
DNS Resolution Failed for CNAME:"hostname" from the ISE node "hostname".

Even though the FQDN and the DNS response has the same FQDN

Conditions:
The behavior is consistent and does not impact any users.

Workaround:
Contact TAC to manually modify the alarm script

Further Problem Description:
Details
Last Modified:
Feb 13,2018
Status:
Fixed
Severity:
3 Moderate
Product:
(1)
Cisco Identity Services Engine
Support Cases:
9