Guest

Preview Tool

Cisco Bug: CSCut65777 - ENH: ISE should have an option to use the DNS cache for OCSP queries

Last Modified

Jun 07, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.3(0.876)

Description (partial)

Symptom:
ISE currently does not use the DNS cache for the OCSP queries. If a user certificate is not present in the OCSP cache, ISE queries the OCSP server. For OCSP DNS query, ISE uses a non-caching version of API. So each and every request for resolution is sent to the DNS server.

ISE should be configured to use the DNS cache for the OCSP queries for better performance  and reduce the number of queries on DNS server.

This is a feature request.

Conditions:
ISE configured with OCSP Client profiles.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.