Header Only - DO NOT REMOVE - Extreme Networks

LDAP host validation - Reverse DNS lookup


Hi,

As described by Yacobucci, Ryan https://community.extremenetworks.com/extreme/topics/nac-restricting-access-for-nondomain-devices. DNS reverse lookup takes part of LDAP host validation.

however, I’m doing a huge NAC deployment (about 2000 wireless devices connected to IdentiFi network). The rule defined to validade users and computers in the AD are not working and i figured out the DNS reverse zones are not being updated by the DHCP. Is there any alternative to avoid reverse DNS lookup?

Many thanks for all.



Luís Oliveira

2 replies

Userlevel 4
Hello,
There is no alternative that I know of for this other than to get the DHCP server issue resolved. NAC will first resolve the End System's IP after an authentication, then its conducts the reverse lookup to DNS, in order to get the FQDN. If that data is not accurate then the rule will fail.

There is an article in the knowledge-base for hostname resolution. You can use this to determine if the FQDN of the End System is being reported to NAC by the DNS server / reverse lookup process:

https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Troubleshooting-Tips-Debug-Incorrect-o...

Regards,

Scott Keene
NMS/NAC Support
Many Thanks Keene,

We are now using agent-based assessment to validate if the host belongs to the domain. It works fine for windows laptops. They have also macOS laptops registered in the domain. Do you know how to validate these ones using the assessment agent?
Many thanks once again

Luís Oliveira

Reply