This document provides an overview of the new and changed features in Cisco Prime Network Registrar 11.0, and describes how to access information about the known problems.
Note |
You can access the most current Cisco Prime Network Registrar documentation, including these release notes, online at: |
This document contains the following sections:
Introduction
Cisco Prime Network Registrar is comprised of these components:
-
An Authoritative Domain Name System (DNS) protocol service
-
A Caching DNS service
-
A Dynamic Host Configuration Protocol (DHCP) service
Cisco offers these components as individually licensed applications or in a mix of suites.
Before You Begin
Before you install Cisco Prime Network Registrar 11.0, review the system requirements and licensing information available in Cisco Prime Network Registrar 11.0 Installation Guide.
Note |
If you are migrating to Cisco Prime Network Registrar 11.0 from an earlier version of Cisco Prime Network Registrar, you must review the release notes for the releases that occurred in between, to fully understand all the changes. |
Cisco Prime Network Registrar DHCP, Authoritative DNS, and Caching DNS components are licensed and managed from the Cisco Prime Network Registrar regional server. All services in the local clusters are licensed through the regional cluster. Only a regional install requires a license and only the regional server accepts new licenses. Then the regional server can authorize individual local clusters, based on available licenses.
Note |
Licenses for Cisco Prime Network Registrar 10.x or earlier are not valid for Cisco Prime Network Registrar 11.x. You should have a new license for Cisco Prime Network Registrar 11.x. For the 11.x regional, if one has 10.x CDNS clusters, the 10.x CDNS licenses must be added on the regional server (10.x CDNS clusters will use 10.x licenses, 11.x CDNS clusters will use 11.x licenses). |
Warning |
You MUST upgrade the Cisco Prime Network Registrar 10.x local clusters to 10.1.1 or later before upgrading the regional to 11.x. You should not upgrade the local clusters to 11.0 (or later) directly, as you will not be able to register with the regional until it is upgraded to 11.0 (or later). |
Note |
Smart Licensing is enabled by default in Cisco Prime Network Registrar 11.0. Cisco Prime Network Registrar 11.x regional, working in Smart License mode, does not support pre-11.0 local clusters. For more details, see the "Using Smart Licensing" section in "Cisco Prime Network Registrar 11.0 Installation Guide". |
For more details about Licensing, see the "License Files" section in Cisco Prime Network Registrar 11.0 Installation Guide.
The Cisco Prime Network Registrar 11.0 kit contains the following files and directories:
-
Linux—RHEL/CentOS 7.x and 8.x installation kits
-
Docs—Pointer card, Bugs, and Enhancement List
Note |
The OVA, QCOW2, and KVM kits, as well as the Jumpstart appliance, traditionally bundle the CentOS operating system. These are not currently available for Cisco Prime Network Registrar 11.0. When they become available, the Cisco Prime Network Registrar 11.0 documents will be updated. |
Licensing
Cisco Prime Network Registrar 11.0 supports both Smart Licensing and traditional licensing. However, it does not support the hybrid model, that is, you can use any one of the license types at a time. For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.
Cisco Prime Network Registrar 11.0 is licensed in two parts: Permanent License and SIA License. The SIA License entitles upgrades to future releases. If you are on SIA from Cisco Prime Network Registrar 10.x, or on unexpired SWSS contract from Cisco Prime Network Registrar 9.x, you can upgrade until either of those entitlements expire. For PAK-based licensing, you must install the PAK onto the Cisco Prime Network Registrar regional server. For Smart Licensing, the licenses are delivered to your Smart Account. Smart Licensing is enabled by default in Cisco Prime Network Registrar 11.0, but can be overridden after installation. For Cisco Prime Network Registrar 11.0, the licensing is done according to the services that you require. For more information, see the "License Files" section in Cisco Prime Network Registrar 11.0 Installation Guide.
Note |
You should not delete any of the individual licenses loaded from the file. If required, you may delete older versions of DNS and DHCP licenses after the upgrade. Older versions of CDNS licenses must be retained if the servers are not upgraded. |
Interoperability
Cisco Prime Network Registrar 11.0 uses individual component licenses. This allows users to purchase and install DHCP services, Authoritative DNS services, and Caching DNS services individually, or as a suite.
If you need additional DNS caching licenses, you should order them based on Server count since DNS caching is a server based license.
To install and manage DHCP, DNS, and Caching DNS licenses, you must establish a regional server. The regional server is used to install, count, and manage licensing for these components.
The synchronization between version 11.0 and pre-11.0 local clusters must be done from a 11.0 regional cluster. Cisco Prime Network Registrar 11.0 protocol servers interoperate with versions 8.3 or later.
What's New in Cisco Prime Network Registrar 11.0
The following table lists the new and modified features we documented in the user and installation guides. For information on additional features and fixes that were committed in Cisco Prime Network Registrar 11.0, see Resolved Bugs and Enhancement Features.
Feature |
Description |
---|---|
Cisco Prime Network Registrar 11.0 can be run as Docker container that you can install in your own infrastructure. Two Docker images are provided for Cisco Prime Network Registrar 11.0: a regional container and a local container. |
|
DNS queries without encryption are vulnerable to spoofing and other attacks that threaten privacy. To address these issues, Cisco Prime Network Registrar 11.0 supports DNS over TLS (DoT) as specified by RFC 7858. DNS over TLS is a security protocol for encrypting and wrapping DNS queries and answers via the Transport Layer Security (TLS) protocol. It improves privacy and security between clients and resolvers. It uses TCP as the basic connection protocol and layers over TLS encryption and authentication. Cisco Prime Network Registrar 11.0 supports TLS in both Authoritative DNS server and Caching DNS server. |
|
In Cisco Prime Network Registrar 11.0, zones can be referenced by multiple views without the need to make copies of the zone. This can be useful in a viewed configuration where a subset of zones are common across multiple views. To make the zones visible to other views, set the alternate-view-ids attribute for the zone and reload the DNS server. |
|
Cisco Prime Network Registrar 11.0 runs on Red Hat/CentOS 7.x and 8.x. Earlier versions of RHEL/CentOS are not supported. Starting from Cisco Prime Network Registrar 11.0, you need to use the yum install, rpm -i, or dnf install command to install the product. For complete details on installing and upgrading, see Cisco Prime Network Registrar 11.0 Installation Guide. The major change introduced with Cisco Prime Network Registrar 11.0 is to better separate the distributed files (that is, those installed by the RPM) from those that are data and configuration files specific to your installation. Basically, the /opt/nwreg2 area should not include files that are not provided as part of the installation. Everything that is specific to your installation, should now be in the /var/nwreg2 area. Two sets of RPM kits (one set for RHEL/CentOS 7.x and the other set for RHEL/CentOS 8.x) are provided for Cisco Prime Network Registrar 11.0. Each set consists of three RPM kits: One for regional clusters, one for local clusters (DHCP, DNS, and CDNS servers), and one for client-only (this provides the CLI and other tools, no servers). |
|
Cisco Prime Network Registrar 11.0 supports both Smart Licensing and traditional licensing. Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure – you control what users can access. With Smart Licensing you get:
To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central (software.cisco.com). For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide. |
|
Cisco Prime Network Registrar uses SSL/TLS certificate in various parts of the product (web UI, Caching DNS, and Authoritative DNS). Cisco Prime Network Registrar 11.0 allows you to input certificate files and have them stored in the appropriate location based on the Cisco Prime Network Registrar component. It also allows to keep track of the certificate expiration and warns when the certificate is about to expire. |
|
Oracle Berkeley Database Upgrade |
In Cisco Prime Network Registrar 11.0, the Oracle Berkeley database used by the product is upgraded from 4.5.20 to 18.1.32. The required database upgrade steps are handled automatically the first time Cisco Prime Network Registrar is started after installation. |
Command Line Interface Enhancements
The following commands are added or attributes modified in the CLI. For more information, see Cisco Prime Network Registrar 11.0 CLI Reference Guide.
New Commands
The following commands are added in the CLI:
-
cdns-forwarder—Controls and configures DNS Forwarders in the DNS Caching server.
-
cdns-exception—Controls and configures DNS Exceptions in the DNS Caching server.
-
certificate—Controls and configures SSL/TLS Certificates.
-
smart—Views and updates smart license information.
-
call-home—Views and updates call-home configuration.
-
debug—Sets debug level.
-
exit—Exits nrcmd.
-
help—Views textual help information.
-
license—Views and updates license information.
-
no—Unsets specified configuration.
-
show—Views current configuration or status.
Modified Commands
New attributes are added to, or definitions modified for, the following commands:
-
expert—Expert mode commands
Added the following commands:
-
ccm trimChangeSets delete-age [db-max-record>]—Initiates a trim of the change sets (change log) using the specified arguments.
Warning: This operation is usually NOT necessary and uses the values specified, which may be different than the periodic trimming done by CCM. This command should be used with extreme caution as it can delete data that should be retained.
-
ccm killConnection id—Superuser admin can use this command to shutdown the existing connection to the CCM server. id should be same as returned by the ccm listConnections full command.
-
object list -class=classname
-
object listbrief -class=classname
-
object listnames -class=classname
The above object commands can be used to list objects of a particular class; the -class=classname must be specified.
-
-
admin—Creates administrators and assigns them groups and passwords.
Added the following commands:
-
admin name suspend—Suspends login access for an administrator.
-
admin name reinstate—Reinstates login access for an administrator.
-
-
cdns—Configures and controls the DNS Caching server.
Added the following attributes:
immediate-response-stats, name-servers, tls, tls-port, tls-service-key, tls-service-pem, and tls-upstream-cert-bundle attributes.
-
cdns-redirect—Controls and configures DNS redirect processing in the DNS Caching server
Added the rpz-tls and rpz-tls-auth-name attributes.
-
cdns-firewall—Controls and configures DNS firewall processing in the DNS Caching server
Added the rpz-tls and rpz-tls-auth-name attributes.
-
client-class-policy—Adds DHCP policy information to a client-class.
Updated the following commands to include -expression:
-
client-class-policy name setOption <opt-name | id> value [-blob | -expression] [-roundrobin]
-
client-class-policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
client-class-policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
client-class-policy name setVendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
client-class-policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
client-policy—Adds DHCP policy information to a client object.
Updated the following commands to include -expression:
-
client-policy name setOption <opt-name | id> value [-blob | -expression] [-roundrobin]
-
client-policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
client-policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
client-policy name setVendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
client-policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
client-policy name listV6VendorOptions value [-blob | -expression] [-roundrobin]
-
-
dhcp-address-block-policy—Edits the DHCP policy embedded in a dhcp-address-block.
Updated the following commands to include -expression:
-
dhcp-address-block-policy name setOption <opt-name | id> value [-blob | -expression] [-roundrobin]
-
dhcp-address-block-policy name setVendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
dhcp-dns-update—Configures a DNS Update object for DHCP.
Removed the update-dns-first attribute.
-
dns—Configures and controls the DNS server.
-
Added the following attributes:
acl-blocklist, hybrid-adns-addrs, hybrid-use-adns-addrs, query-types-unwanted, tls, tls-port, tls-service-key, and tls-service-pem attributes.
-
Removed the push-notifications flag from the activity-counter-log-settings and server-log-settings attributes.
-
Removed the push-notifications-in and push-notifications-out flags from the packet-log-settings attribute.
-
Removed the following attributes:
blackhole-acl, local-port-num, pn-acl, pn-conn-ttl, pn-max-conns, pn-max-conns-per-client, pn-port, pn-tls, and push-notifications attributes.
-
-
dns-interface—Configures the DNS server's network interfaces.
Removed the port attribute.
-
ldap—Specifies the LDAP remote server's properties.
Added the password-encrypt attribute.
-
license—Views and updates license information.
-
Added the following command:
license showUtilHistory [-start start-time] [-end end-time] [-service cdns|dns|dhcp|...|all]
-
Updated the license showUtilization command to include [-rescan]:
license showUtilization [-rescan]
-
-
link-policy—Edits the DHCP policy embedded in a link.
Updated the following commands to include -expression:
-
link-policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
link-policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
link-policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
link-template-policy—Edits the DHCP policy embedded in a link-template.
Updated the following commands to include -expression:
-
link-template-policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
link-template-policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
link-template-policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
option—Configures option definitions.
Added the expression attribute.
-
prefix-policy—Edits the DHCP policy embedded in a prefix.
Updated the following commands to include -expression:
-
prefix-policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
prefix-policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
prefix-policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
prefix-template-policy—Edits the DHCP policy embedded in a prefix-template.
Updated the following commands to include -expression:
-
prefix-template-policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
prefix-template-policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
prefix-template-policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
policy—Specifies DHCP policy information.
Updated the following commands to include -expression:
-
policy name setOption <opt-name | id> value [-blob | -expression] [-roundrobin]
-
policy name setV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
policy name addV6Option <opt-name | id>[.instance] value [-blob | -expression] [-roundrobin]
-
policy name setVendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
policy name setV6VendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
resource—Configures resources limits and allows for viewing and resetting resources.
Added the certificate-expiration-critical-level and certificate-expiration-warning-level attributes.
-
scope-policy—Adds DHCP policy information to a scope.
Updated the following commands to include -expression:
-
scope-policy name setOption <opt-name | id> value [-blob | -expression] [-roundrobin]
-
scope-policy name setVendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
scope-template-policy—Edits the DHCP policy embedded in a scope-template.
Updated the following commands to include -expression:
-
scope-template-policy name setOption <opt-name | id> value [-blob | -expression] [-roundrobin]
-
scope-template-policy name setVendorOption <opt-name | id> opt-set-name value [-blob | -expression]
-
-
zone—Configures a DNS zone.
-
Added the alternate-view-ids attribute.
-
Removed the push-notifications attribute.
-
-
zone-dist—Configures zone distributions.
Removed the push-notifications attribute.
-
zone-template—Configures a zone template.
-
Added the alternate-view-ids attribute.
-
Removed the push-notifications attribute.
-
SDK Compatibility Considerations
Note |
|
Cisco Prime Network Registrar Bugs
For more information on a specific bug or to search all bugs in a particular Cisco Prime Network Registrar release, see Using the Bug Search Tool.
This section contains the following information:
Resolved Bugs
The following table lists the key issues resolved in the Cisco Prime Network Registrar 11.0 release.
Bug ID |
Description |
||
---|---|---|---|
Unable to register 10.x locals with 11.0 regional
|
|||
Restoring local cluster data from regional can create some duplicate objects on the local |
|||
DNS updates stuck when DNS server configured for multiple roles |
For the complete list of bugs for this release, see the cpnr_11_0_buglist.pdf file available at the product download site. See this list especially for information about fixes to customer-reported issues.
Enhancement Features
The following table lists the key enhancement features added in the Cisco Prime Network Registrar 11.0 release.
Bug ID |
Description |
---|---|
Implement calculation of query RTT in CDNS server |
|
Update Berkeley DB |
|
CDNS should have a way of reporting information on forwarders and exceptions |
|
License showUtilization enhancement for regional |
|
Support expressions for options |
|
CDNS: DNS over TLS (DoT) support |
|
Align DHCPv6 lease licensing counts with DHCPv4 |
|
Change DHCPv4 DNS updates to store details on lease |
|
Add command to kill ccm connection |
|
Add support for IPv6-Only Preferred option (RFC8925) |
|
Add new IANA options (v4: 108, 114, 147, 148; v6: 141, 142) |
For the complete list of enhancement features added in this release, see the cpnr_11_0_enhancements.pdf file available at the product download site.
Using the Bug Search Tool
Use the Bug Search tool to search for a specific bug or to search for all bugs in a release.
Procedure
Step 1 | |||
Step 2 |
At the Log In screen, enter your registered Cisco.com username and password; then, click Log In. The Bug Search page opens.
|
||
Step 3 |
To search for a specific bug, enter the bug ID in the Search For field and press Return. |
||
Step 4 |
To search for bugs in the current release, click the Search Bugs tab and specify the following criteria:
|
Note |
To export the results to a spreadsheet, click the Export All to Spreadsheet link. |
Important Notes
This section contains the important information related to this software release and information in response to recent customer queries. It describes:
Windows Support
Cisco Prime Network Registrar 11.0 does not support Windows.
BYOD Support
Starting from 11.0, Cisco Prime Network Registrar does not support the BYOD feature. Cisco Prime Network Registrar 10.1 was the last release to support BYOD.
DNS Push Notification Support
Starting from 11.0, Cisco Prime Network Registrar does not support the DNS Push Notification feature. Cisco Prime Network Registrar 10.1 was the last release to support DNS Push Notification.
DHCPv4 DNS Updates
In Cisco Prime Network Registrar 11.0, the support for updating DNS before sending an acknowledgement to the client is removed (that is, the DNS Update Configuration attribute (update-dns-first) is deprecated and is ignored). However, for backward compatibility, the extension dictionary data item "send-ack-first" is retained though whatever it is set to is ignored. DNS updates are performed as soon as possible, but may well occur after the client has been sent an acknowledgement.
DHCPv4 DNS updates no longer make use of the eventstore and therefore, the eventstore related queue size traps will no longer trigger events related to DNS updates. Note that the eventstore is still used for LDAP writes.
DHCP DNS Updates - DNS Servers Cannot Perform in Multiple Roles
Starting from Cisco Prime Network Registrar 11.0, you can no longer configure a DNS server to be used in multiple roles. Before upgrading to Cisco Prime Network Registrar 11.0, you may want to review your DHCP DNS update configurations to confirm that they do not violate the rules. The stricter rules are that each server (based on its address) can only operate as a standalone, HA main, or HA backup; and a HA main or HA backup may only be in a single HA relationship. If you need a DNS server to perform in multiple roles, you must use a separate address for the DNS server for each of those roles.
After upgrading, review the DHCP server logs for any error messages and correct the configurations, if required.
Related Documentation
See Cisco Prime Network Registrar Documentation Overview for a list of Cisco Prime Network Registrar 11.0 guides.
Accessibility Features in Cisco Prime Network Registrar 11.0
All product documents are accessible except for images, graphics, and some charts. If you would like to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2021 Cisco Systems, Inc. All rights reserved.