Carbon Black Cloud: How to un-quarantine isolated DNS server with no Alternate DNS Configured.
Carbon Black Cloud Console: All Versions
How to un-quarantine isolated DNS server with no Alternate DNS Configured
When a DC/DNS Server endpoint is put into quarantine, the sensor is unable to resolve the name of the back-end server. Since it can't check in, the quarantine state cannot be removed. Normally, the DNS server forwards requests it cannot satisfy to another server, configured in the DNS Server settings as a Forwarder server. When in quarantine, the sensor prevents forwarded DNS requests from being sent.
In the Network Interface properties, specify an Alternate DNS server in addition to the Preferred DNS server if available.
This option should begin working shortly after making the change you can try running the below command or giving it a few minutes.
Use RepCli command on quarantined server to find the back end server's name:
repcli status | find "ServerAddress"
On another computer, use nslookup or ping to find and record the IP address for the server:
ping -n 1 prod05.conferdeploy.net
On the quarantined server, add a line to the C:\Windows\System32\Drivers\etc\hosts file using the format <IP address> [tab] <Back-end Hostname>
Example: 220.127.116.11 dev-eap01.conferdeploy.net
After the sensor has checked in and left quarantine, remove the hosts file entry; the back end servers are load-balanced and their IP addresses will eventually change
Specifying "127.0.0.1" vs. the second server's address in "Preferred" or "Alternate" doesn't matter. Functionally, a switch is supposed to be made between the two when a query is not resolved. (An incorrect response still counts as 'having been resolved' - there has to be no name resolution to effect the switch.)
Quarantining a production DNS Server should be undertaken only after careful thought.
The engineering team is aware of the issue and it will be addressed with the implementation of the "Quarantine Exclusions" feature.