cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2672
Views
0
Helpful
4
Replies

"DNS Resolution failure" in "Operations > Report > Audit > Operational Audit"

miarai
Cisco Employee
Cisco Employee

Hello team,

I configured two ISEs(ise-03.domain.local, and ise-04.domain.local) to make distributed deployment.

The deployment modes is redundant. ise-03(Primary PAN, Primary Mnt) and ise-04(Secondary PAN, Secondary MnT).

There is no DNS server in my setup, thus I configured IP address and hostame binding information using "ip host" command like;

[ise-03]

ip host 192.168.1.2 ise-04 ise-04.domain.local

[ise-04]

ip host 192.168.1.1 ise-03 ise-03.domain.local

Currently, everything works fine in my setup but for error message "DNS resolution failed for the hostname ise-04.domain.local#012domain.local against the currently configured name servers." is generated in "Operations > Report > Audit > Operational Audit".

I attached screenshot of the error.

20180403.png

It seems that this message would be generated if ISE deployment is configured without DNS server, and can be ignored if there is no DNS server in network.

Could you please let me know if my understanding is correct or not?

Best Regards,

4 Replies 4

miarai
Cisco Employee
Cisco Employee

Sorry I messed version information. This happens ISE2.2 patch 7.

hslai
Cisco Employee
Cisco Employee

The Context Visibility in ISE 2.1+ relies on the configured DNS server(s) able to resolve the forward and reserve records of the primary and the secondary PANs. Thus, please do get some DNS servers working for your deployments.

miarai
Cisco Employee
Cisco Employee

Hello hslai,

Thanks for your reply. I understand that Context Visibility feature in ISE2.1 or higher depends on DNS forward/reverse lookup. So can I ignore that message if the customer not use that feature( and there is no name server). Is this right?

Thanks & Regards,

--Michio

I am pretty sure you should configure dns properly for full support of ISE and will have unexpected results if you don’t regardless.

I would not recommend running without reverse lookups and don’t understand why you wouldn’t configure it

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: