This document provides an overview of the new and changed features in Cisco Prime Network Registrar 11.1, and describes how to access information about the known problems.


Note

You can access the most current Cisco Prime Network Registrar documentation, including these release notes, online at:

https://www.cisco.com/c/en/us/support/cloud-systems-management/prime-network-registrar/tsd-products-support-series-home.html


This document contains the following sections:

Introduction

Cisco Prime Network Registrar is comprised of these components:

  • An Authoritative Domain Name System (DNS) protocol service

  • A Caching DNS service

  • A Dynamic Host Configuration Protocol (DHCP) service

Cisco offers these components as individually licensed applications or in a mix of suites.

Before You Begin

Before you install Cisco Prime Network Registrar 11.1, review the system requirements and licensing information available in Cisco Prime Network Registrar 11.1 Installation Guide.


Note

If you are migrating to Cisco Prime Network Registrar 11.1 from an earlier version of Cisco Prime Network Registrar, you must review the release notes for the releases that occurred in between, to fully understand all the changes.


Cisco Prime Network Registrar DHCP, Authoritative DNS, and Caching DNS components are licensed and managed from the Cisco Prime Network Registrar regional server. All services in the local clusters are licensed through the regional cluster. Only a regional install requires a license and only the regional server accepts new licenses. Then the regional server can authorize individual local clusters, based on available licenses.


Note

Licenses for Cisco Prime Network Registrar 10.x or earlier are not valid for Cisco Prime Network Registrar 11.x. You should have a new license for Cisco Prime Network Registrar 11.x. For the 11.x regional, if one has 10.x CDNS clusters, the 10.x CDNS licenses must be added on the regional server (10.x CDNS clusters will use 10.x licenses, 11.x CDNS clusters will use 11.x licenses).



Warning

You MUST upgrade the Cisco Prime Network Registrar 10.x local clusters to 10.1.1 or later before upgrading the regional to 11.x. You should not upgrade the local clusters to 11.0 (or later) directly, as you will not be able to register with the regional until it is upgraded to 11.0 (or later).



Note

Smart Licensing is enabled by default in Cisco Prime Network Registrar 11.1. Cisco Prime Network Registrar 11.x regional, working in Smart License mode, does not support pre-11.0 local clusters. For more details, see the "Using Smart Licensing" section in "Cisco Prime Network Registrar 11.1 Installation Guide".


For more details about Licensing, see the "License Files" section in Cisco Prime Network Registrar 11.1 Installation Guide.

The Cisco Prime Network Registrar 11.1 kit contains the following files and directories:

  • Linux—Cisco Prime Network Registrar RPM application for RHEL/CentOS 7.3 or later, and RHEL 8.x

  • Docs—Pointer card, Bugs, and Enhancement List

  • Container—Container for Docker on Red Hat UBI 8.6

  • Kubernetes—Sample YAML files for deployment of Cisco Prime Network Registrar container on Kubernetes


Note

The OVA, QCOW2, and KVM kits, as well as the Jumpstart appliance, are not currently available for Cisco Prime Network Registrar 11.1. When they become available, the Cisco Prime Network Registrar 11.1 documents will be updated.


Licensing

Cisco Prime Network Registrar 11.1 supports both Smart Licensing and traditional licensing. However, it does not support the hybrid model, that is, you can use only one of the license types at a time. For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.

Cisco Prime Network Registrar 11.x is licensed in two parts: Permanent License and SIA License. The SIA License entitles upgrades to future releases. If you are on SIA from Cisco Prime Network Registrar 10.x, or on unexpired SWSS contract from Cisco Prime Network Registrar 9.x, you can upgrade until either of those entitlements expire. For PAK-based licensing, you must install the PAK onto the Cisco Prime Network Registrar regional server. For Smart Licensing, the licenses are delivered to your Smart Account. Smart Licensing is enabled by default in Cisco Prime Network Registrar 11.1, but can be overridden after installation. For Cisco Prime Network Registrar 11.1, the licensing is done according to the services that you require. For more information, see the "License Files" section in Cisco Prime Network Registrar 11.1 Installation Guide.


Note

You should not delete any of the individual licenses loaded from the file. If required, you may delete older versions of DNS and DHCP licenses after the upgrade. Older versions of CDNS licenses must be retained if the servers are not upgraded.


Interoperability

Cisco Prime Network Registrar 11.1 uses individual component licenses. This allows users to purchase and install DHCP services, Authoritative DNS services, and Caching DNS services individually, or as a suite.

If you need additional DNS caching licenses, you should order them based on Server count since DNS caching is a server based license.

To install and manage DHCP, DNS, and Caching DNS licenses, you must deploy a regional server. The regional server, among other things, is used to install, count, and manage licensing for these components.

The synchronization between version 11.1 and pre-11.1 local clusters must be done from a 11.1 regional cluster. Cisco Prime Network Registrar 11.1 protocol servers interoperate with versions 9.0 or later.

What's New in Cisco Prime Network Registrar 11.1

The following table lists the new and modified features we documented in the user and installation guides. For information on additional features and fixes that were committed in Cisco Prime Network Registrar 11.1, see Resolved Bugs and Enhancement Features.

Feature

Description

Smart DHCP failover sync task

In Cisco Prime Network Registrar 11.1, a new task smart-sync-dhcp-pair is added to identify the configuration changes and reload the servers only if required.

DNS over HTTPS (DoH) Support

DNS over HTTPS (DoH per RFC 8484) is a protocol for sending DNS queries and getting DNS responses over HTTPS. Cisco Prime Network Registrar 11.1 supports DoH in the Caching DNS server for incoming queries. If network interfaces are not configured, then the server listens on HTTPS port, TLS port, and DNS port (TCP and UDP) on all network interfaces. If network interfaces are configured manually, then the server listens on HTTPS port, TLS port, and DNS port (TCP and UDP) on those configured network interfaces. In Cisco Prime Network Registrar, the DoH configuration is available in web UI, CLI, and REST API.

SNMPv3 Support

Cisco Prime Network Registrar 11.1 supports the use of SNMPv3 for notification of certain server events.

The polling of statistics using SNMPv3 is done by:

  • Configuring the host's SNMP service to use SNMPv3. This must be done by the system administrator for the host.

  • Adding proxying of these requests to the Cisco Prime Network Registrar SNMP service. This is handled by the Cisco Prime Network Registrar startup code.

To configure trap recipients for SNMPv3, see the "Setting Up the SNMP Server" section in "Cisco Prime Network Registrar 11.1 Administration Guide".

Protection against DNS amplification and DNS tunneling attacks

In Cisco Prime Network Registrar 11.1, DNS security events feature is added to detect and report DNS threats.

Security Event Logging

You can specify whether or not to log security events for the DNS server using the security-event-logging attribute. You can also control which security event triggers to log. When the DNS server detects a security event and the related security event log setting is enabled, a log message will be written to cdns_security_log (for Caching DNS) or dns_security_log (for Authoritative DNS).

Per-user selection for Authentication method

In Cisco Prime Network Registrar 11.1, if external authentication is enabled and login fails because the external authentication servers are inaccessible or misconfigured, you can login using any administrators defined in the CCM server's database.

Binding update element queue alert mechanism

In Cisco Prime Network Registrar 11.1, the resource monitoring monitors the queued binding updates and triggers the standard resource monitoring notifications if the value is above the configured queued-binding-updates-warning-level and queued-binding-updates-critical-level.

Host Health Check support of SRV records

In Cisco Prime Network Registrar 11.1, you can enable host health check on SRV records to automatically health check their corresponding A/AAAA records.

Pass the IP address of the real user in logs

In Cisco Prime Network Registrar 11.1, for admins logged in through web UI and REST API, the actual client details (IP and port) are logged for each SCP operations.

Swagger documentation support

Cisco Prime Network Network Registrar 11.1 supports Swagger based documentation for the REST API which covers most of the scenarios. However, it does not cover all the REST API requests, especially the special cases with actions (for example, GET the child objects like CCMHost, CCMRRSet, Lease, and Lease6).

Command Line Interface Enhancements

The following commands are modified in the CLI. For more information, see Cisco Prime Network Registrar 11.1 CLI Reference Guide.

Modified Commands

New attributes are added to, or definitions modified for, the following commands:

  • acl—Manages DNS access control lists which are used to control zone access for DNS updates, zone transfers and queries.

    Added the description attribute.

  • cdns—Configures and controls the DNS Caching server.

    • Added the following attributes:

      https, https-port, security-event-log-settings, security-event-logging, security-event-max-qname-size, and smart-cache-expired-reply-ttl

    • Added the security and upstream settings to the activity-summary-settings attribute.

    • Renamed the tls-service-key and tls-service-pem attributes to service-key and service-pem respectively.

  • cdns64—Controls and configures DNS64 processing in the DNS Caching server.

    Added the description attribute.

  • cdns-redirect—Controls and configures DNS redirect processing in the DNS Caching server.

    Added the description attribute.

  • cdns-firewall—Controls and configures DNS firewall processing in the DNS Caching server.

    Added the description attribute.

  • cdns-forwarder—Controls and configures DNS Forwarders in the DNS Caching server.

    Added the cisco-umbrella and description attributes.

  • cdns-exception—Controls and configures DNS Exceptions in the DNS Caching server.

    Added the description attribute.

  • dns—Configures and controls the DNS server.

    • Added the following attributes:

      security-event-log-settings, security-event-logging, and security-event-max-qname-size.

    • Renamed the tls-service-key and tls-service-pem attributes to service-key and service-pem respectively.

  • dns-view—Controls and configures DNS Views in the DNS Authoritative and Caching servers.

    Added the description attribute.

  • dnssec-key—Manages Authoritative DNSSEC Key objects.

    Added the description attribute.

  • failover-pair—Configures a DHCP failover relationship.

    Added the description attribute.

  • gss-tsig—Configures GSS-TSIG objects.

    Added the description attribute.

  • ha-dns-pair—Configures a High Availability DNS relationship.

    Added the description attribute.

  • key—Manages TSIG key objects.

    Added the description attribute.

  • resource—Configures resources limits and allows for viewing and resetting resources.

    Added the following attributes:

    cdns-security-events-critical-level, cdns-security-events-warning-level, dns-security-events-critical-level, dns-security-events-warning-level, queued-binding-updates-critical-level, and queued-binding-updates-warning-level

  • snmp—Configures and controls the SNMP server.

    Added the local-proxy-only attribute.

  • task—Configures a scheduled task.

    • Added smart-sync-dhcp-pair in the sync-mode and sync-object-oid descriptions.

    • Added the smart-sync-dhcp-pair type to the task-type attribute.

  • trap-recipient—Configures destinations for SNMP trap messages.

    Added the following attributes:

    snmp-auth-password, snmp-auth-secret, snmp-engine-id, snmp-priv-password, snmp-priv-secret, snmp-security, snmp-trap-msg, snmp-trap-version, snmp-user, and snmp-v3-protocol

  • update-policy—Configures DNS update policies.

    Added the description attribute.

  • zone-dist—Configures zone distributions.

    Added the description attribute.

  • zone-template—Configures a zone template.

    Added the description attribute.

Cisco Prime Network Registrar Bugs

For more information on a specific bug or to search all bugs in a particular Cisco Prime Network Registrar release, see Using the Bug Search Tool.

This section contains the following information:

Resolved Bugs

The following table lists the key issues resolved in the Cisco Prime Network Registrar 11.1 release.

Table 1. Resolved Bugs in Cisco Prime Network Registrar 11.1

Bug ID

Description

CSCvx51237

Active or bulk lease query connections may be terminated frequently

CSCvz61273

REST GET Lease operation returns empty response when query parameter has a hyphen

For the complete list of bugs for this release, see the cpnr_11_1_buglist.pdf file available at the product download site. See this list especially for information about fixes to customer-reported issues.

Enhancement Features

The following table lists the key enhancement feature added in the Cisco Prime Network Registrar 11.1 release.

Table 2. Enhancement Feature Added in Cisco Prime Network Registrar 11.1

Bug ID

Description

CSCvs64610

CDNS: DNS over HTTPS (DoH) support

CSCvx14738

Add new smart DHCP failover sync task

CSCvx30245

Host Health Check support of SRV records

CSCvx47477

Support for SNMPv3

CSCvy19842

Avoid using time acknowledged by partner if lease is not in LEASED state

CSCvy24759

Provide binding update element queue alert mechanism

CSCvy35502

Add ability to use local user when external authentication is enabled

CSCvz63374

DHCP Failover Relay Health Check Enhancements

For the complete list of enhancement features added in this release, see the cpnr_11_1_enhancements.pdf file available at the product download site.

Using the Bug Search Tool

Use the Bug Search tool to search for a specific bug or to search for all bugs in a release.

Procedure


Step 1

Go to http://tools.cisco.com/bugsearch.

Step 2

At the Log In screen, enter your registered Cisco.com username and password; then, click Log In. The Bug Search page opens.

Note 

If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4

To search for bugs in the current release, click the Search Bugs tab and specify the following criteria:

  1. In the Search For field, enter Prime Network Registrar 11.1 and press Return. (Leave the other fields empty.)

  2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by status, severity, modified date, and so forth.



Note

To export the results to a spreadsheet, click the Export All to Spreadsheet link.


Important Notes

This section contains the important information related to this software release and information in response to recent customer queries. It describes:

Binding Updates

Starting from Cisco Prime Network Registrar 11.1, the DHCP failover statistics are only returned if failover is actually configured. The *-binding-update-latency-* statistics are returned in the failover statistics, if there are actually any binding updates that have occurred (either in total, or during the current interval). Therefore, these values are not always available. Due to this change (and for other reasons), the cnrsnmp agent has been updated to only return MIB values that actually exist. Thus, NoSuchObject is returned when the MIB OID is not known and NoSuchInstance is returned when the MIB OID value is not currently available (such as the server is not running or that particular statistic is not available). One consequence of this is that if you now do an snmpwalk and you do not have DHCP configured (or running), you may not see any DHCP MIB values; same result occurs if no Caching DNS or Authoritative DNS is running. Another consequence is that some values will be reported when they are actually available.

Accessibility Features in Cisco Prime Network Registrar 11.1

All product documents are accessible except for images, graphics, and some charts. If you would like to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.

To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2022 Cisco Systems, Inc. All rights reserved.