Skip to main content

 

 

Cisco Defense Orchestrator

DNS Group Objects

  1. Last updated
  2. Save as PDF

Domain Name System (DNS) groups define a list of DNS servers and some associated attributes. DNS servers are needed to resolve fully-qualified domain names (FQDN), such as www.example.com, to IP addresses. You can configure different DNS group objects for management and data interfaces. 

FTD devices must have a DNS server configured prior to creating a new DNS Group Object. You can either add a DNS Server to the Firepower Threat Defense Device Settings in CDO or create a DNS server in FDM and then sync the FDM configuration to CDO. To create or modify the DNS server settings in FDM, see Configuring DNS for Data and Management Interfaces in the Cisco Firepower Device Manager Configuration Guide, Version 6.4. or later.

 

Create a DNS Group Object

Use the following procedure to create a new DNS group object in CDO:

  1. In the CDO navigation bar on the left, click Objects
  2. Click the blue plus button blue_cross_button.png to create an object.
  3. Click FTD > DNS Group.
  4. Enter an Object Name
  5. (Optional) Add a description.
  6. Enter the IP address of a DNS server. You can add up to six DNS servers; click the Add DNS Server. If you want to remove a server address, click the delete icon.

Note: The list is in priority order: the first server in the list is always used, and subsequent servers are used only if a response is not received from the servers above it. Although you can add up to six servers, only the first 3 servers listed will be used for the management interface. 

  1. Enter the Domain Search Name. This domain is added to hostnames that are not fully-qualified, for example, serverA instead of serverA.example.com.
  2. Enter the amount of Retries. The number of times, from 0 to 10, to retry the list of DNS servers when the system does not receive a response. The default is 2. This setting applies to DNS groups used on the data interfaces only.
  3. Enter the Timeout value. The number of seconds, from 1 to 30, to wait before trying the next DNS server. The default is 2 seconds. Each time the system retries the list of servers, this timeout doubles. This setting applies to DNS groups used on the data interfaces only.
  4. Click Add

 

Edit a DNS Group Object

You can edit a DNS group object that was created in CDO or in FDM. Use the following procedure to edit an existing DNS group object:

  1. In the CDO navigation bar on the left, click Objects
  2. Locate the DNS Group Object you want to edit by using object filters and search field.
  3. Select the object and click the edit icon edit.png in the Actions pane.
  4. Edit any of the following entries:
    • Object Name.
    • Description.
    • DNS Server. You can edit, add, or remove DNS servers from this list. 
    • Domain Search Name.
    • Retries.
    • Timeout. 
  5. Click Save
  6. Preview and Deploy Configuration Changes for All Devices.

 

Delete a DNS Group Object

Use the following procedure to delete a DNS Group Object from CDO:

  1. In the CDO navigation bar on the left, click Objects
  2. Locate the DNS Group Object you want to edit by using object filters and search field.
  3. Select the object and click the Remove icon trash.png
  4. Confirm you want to delete the DNS group object and click Ok
  5. Preview and Deploy Configuration Changes for All Devices.

 

Add a DNS Group Object as an FTD DNS Server

You can add a DNS group object as the preferred DNS Group for either the Data Interface or the Management Interface. See FTD Settings for more information. 

 

 

Related Articles:

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
  2. Tags
    1. DNS
    2. object