Solved: Using DNS to resolve switch hostnames for NTP

TSJoe · ‎09-20-2024

Hey all,

I'm pretty new to all of this, I just passed the CCNA in June, and have been working as a jr. Net Eng/Admin of my company for about 8 months now.

I was asked to configure our core switches at our main office as NTP for the rest of our network. We use CATO as an SD-WAN to connect sites, and our sites are located all across the USA. The end goal is to have our New Jersey office, and our Nevada office to support NTP for the rest of the network. The rest of the network is pretty basic from what it looks like, 15+ small sites each with 1 maybe 2 switches, a WLC, a couple AP's all connected via CATO. There is not a single router in my network, we rely on L3 switching for anything needing to be routed inside the site, and CATO to route to another site, or to the internet. I have the core here in NJ configured already, and the two access switches in NJ are set to look to the core for the time. I am using the cores management IP as the pointer the access switches use to get the time from the core.

My concern is if that IP ever goes away (upgrades, catastrophic events, etc.) or it needs to be changed in the future for whatever reason I will have to go back and re-configure the rest of my network to point to the new IP for NTP. So I want to use the core switches hostname as the pointer instead of the management IP. Is it possible to use my current DC which has DNS configured on it to be able to resolve the switch hostname to use that instead of the IP I have configured already? I've been trying to follow how to make the switch I have the DNS, but I think I'm missing something.

I've been working on this for two days so far, and I've added "ip domain-name{my domain}" command, added "ip domain-lookup", and added ip name-server{ip of my DC} to the core and added "ip domain-lookup" to the other two switches, but I still cant resolve a ping with the cores hostname from switch 3/4.

I know i'm missing something, but I can't seem to find it.

Can I even use a DC as DNS, and if I can will be be able to span multiple sites like I want to set it to?

I did see something about needing to add the hostnames/ip's to the switch as a DNS record, but if I do that i'm still going to have to change something in the future somewhere if the IP's get changed for any reasons.

Thanks for reading

Giuseppe Larosa · ‎09-21-2024

Hello @TSJoe ,

it is possible to use names or FQDN to configure an NTP server but you shoud note the following:

each device performs a DNS lookup to solve the DNS name to an IP address in order to send out actual NTP packets to the server. But this is done once not every few hours. At least is done one time at each device reload.

In your case you can configure the NTP source on the core switch to be a loopback address this provides stability over time.

So there is no real advantage on using a DNS name instead of a loopback address for the ntp server function in your scenario.

The use of an URL is interesting on the core switches themselves if you want to take their primary clock source from the internet by using a so called NTP pool URL this is solved by DNS servers to different public IP addresses and this can provide to your core switches the capability to get their primary clock source from two different servers.

Adding an ntp peer relationship between them provides the desired redundancy so that if one the public NTP server fails the affected core switch can automatically use the other core switch as its new reference clock.

note: in order to be able to synchronize the clock has to be near to exact there is a tolerance value in NTP version 3 in the order of 128 seconds or something more .

see the following document NTP Best Practices

https://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html#toc-hId--2098725230

NTP synchronization can take some time to complete.

Hope to help

Giuseppe

View solution in original post

marce1000 · ‎09-20-2024

- You can't use FQDN's in ntp server configure (configuring) commands , actually that is a security precaution , to only have a valid NTP server used as specified ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TSJoe · ‎09-20-2024

Yeah, I configured the NTP servers my core uses to gather time with IP's, not FQDN's. I would like the switches in my network to be able to reach my core via hostname to get time from the core.

David Ruess · ‎09-20-2024

Hello,

You cna definitely configure NTP servers to have a hostname instead of IP.

ntp server <name>

As far as DNS you should just need to point the switch to the DNS server to be able to resolve the Name/IP.

Configure DNS on Routers - Cisco

I havent tested DNS with NTP but have tested it with OSPF neighbors and it works very well, as in instead of OSPF using RID's itll us hostname in the OSPF database.

Do you have IP connectivity to your DC from all sites?

-David

TSJoe · ‎09-20-2024

Great, so now I can ping windows devices on my network by hostname from the switch CLI. Now I want to be able to ping other switches from my core by hostname, do I need to add the other switches as entries in the DNS?

Richard Burts · ‎09-20-2024

You ask "do I need to add the other switches as entries in the DNS?". Perhaps I am missing something in the question but it seems quite straightforward to me, that if you want to be able to access any device (switch or whatever) by name then there needs to be an entry in DNS for that device. If there are not already entries in DNS for those switches then you will need to enter them in DNS.

HTH

Rick

Giuseppe Larosa · ‎09-21-2024