DNS Configuration in ACI

In this tutorial we’ll be going over DNS configuration for your ACI fabric.

* Fabric discovery completed
* In-Band/Out-of-Band connectivity for your APIC(s) and fabric switches to your DNS server
* Static node management addresses configured for your APICs and fabric switches under the default mgmt tenant

My other tutorial Configuring Out-of-Band Management Connectivity in ACI will assist with configuring the necessary Out-of-Band Management prerequisites (static node management addresses)

My Setup:
* ACI fabric running 3.2(6i)

The first step in setting up DNS in ACI is to create the necessary DNS Fabric Policies. To do so, navigate to the following APIC web GUI path:
Fabric -> Fabric Policies -> Policies -> Global -> DNS Profiles
Screen Shot 2019-06-02 at 10.08.49 PM.png

Out of the box ACI will ship with a default DNS Profile where you can define the DNS servers you want to use:
Screen Shot 2019-06-02 at 10.20.54 PM.png

You do not need to use this default policy and can create your own from scratch if you like.

Note: Creating and using a custom DNS Profile will not apply DNS Profile configuration to your APICs. If you want your APICs to have DNS configuration you must use the default DNS Profile

Considering the limitation mentioned above, for our purposes we’ll use the default DNS Profile. If for some reason you do not have the default DNS Profile, you can right click DNS Profiles in the policy folder structure and select Create DNS Profile with the name of default.

After selecting our default DNS Profile we can assign our preferred Management EPG and choose whether or not we want to add a DNS Domain. For our purposes we’ll skip adding a DNS Domain and just add our DNS Provider. You can add multiple DNS Providers and mark one of them as preferred. For our purposes we only have one DNS Provider,
Screen Shot 2019-06-04 at 8.44.43 PM.png

Click Submit to apply your changes

At this point in the configuration can you verify the DNS Provider(s) programmed on your APICs and fabric switches using the below command:
cat /etc/resolv.conf

On our APIC we can see the DNS Provider we defined in our default DNS Provider configuration:
Screen Shot 2019-06-04 at 8.47.11 PM.png

Additionally we can verify that DNS resolution is working by performing an nslookup from our APIC:
Screen Shot 2019-06-04 at 8.51.49 PM.png

However, running the cat /etc/resolv.conf command on one of our leaf switches results in no output:
Screen Shot 2019-06-04 at 8.48.56 PM.png

This is due to missing configuration under the mgmt tenant. So let’s take a look at what we need to configure there now.

To get to the mgmt tenant navigate to the following APIC web GUI path:
Tenants -> ALL TENANTS -> mgmt

Once in the mgmt tenant navigate to your oob VRF by using the following APIC web GUI path:
Tenants -> mgmt -> Networking -> VRFs
Screen Shot 2019-06-04 at 9.03.12 PM.png

Locate and left click your oob VRF. Once you’ve clicked the oob VRF select the Policy tab and scroll down until you see a field named DNS Labels:
Screen Shot 2019-06-04 at 9.06.04 PM.png

In this DNS Labels text field we are going to put in the name of our DNS Profile, default. This will tie our default DNS Profile to the oob VRF:
Screen Shot 2019-06-04 at 9.16.56 PM.png

Click Submit to apply your changes

After applying our configuration we can verify from the leaf switch that our DNS Provider is programmed and our leaf switch can resolve DNS:
Screen Shot 2019-06-04 at 9.14.53 PM.png

This concludes all the necessary ACI DNS configuration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s