3

Working with the First-Time Boot Utility

• Using the First-Time Boot utility
• Starting the First-Time Boot utility
• Configuring settings for the 3-DNS web server
• Configuring remote administration
• Configuring the 3-DNS Controller mode
• Configuring NameSurfer for zone file management
• Confirming your configuration settings
• Committing your configuration settings to the system

Using the First-Time Boot utility

The First-Time Boot utility is a wizard that walks you through a brief series of required configuration tasks, such as defining a root password and configuring IP addresses for the network interfaces. Once you complete the First-Time Boot utility, you can connect to the 3-DNS Controller from a remote workstation or through a web browser and begin configuring your load balancing setup.

The First-Time Boot utility is organized into three phases: configure, confirm, and commit. Each phase walks you through a series of screens, so that you can configure the following settings:

• Root password
• Host name (FQDN)
• Default route (typically a router's IP address)
• Time zone
• NTP clock synchronization
• Settings for the interface(s)
• Configuration for 3-DNS Controller redundant systems (fail-over IP address)
• Settings for remote administration
• Settings for the 3-DNS web server
• Settings for the 3-DNS Controller mode
• Settings for the NameSurfer application
• Settings for optional technical support access

  First, you configure all of the required information. Next, you have the opportunity to correct, if necessary, and confirm each individual setting that you have configured. Last, your confirmed settings are committed and saved to the system. Note that the screens you see are tailored to your specific hardware and software configuration. For example, if you have a stand-alone system, the First-Time Boot utility skips the redundant system screens, and if you run the controller in bridge or router mode, the First-Time Boot utility skips the NameSurfer application screens.

Gathering configuration information

Before you run the First-Time Boot utility on a specific 3-DNS Controller, use the Configuration Worksheet to gather the following information:

• Passwords for the root system, for the 3-DNS web server, for NameSurfer, and for technical support access (optional)
• Host names for the root system and the 3-DNS web server
• A default route (typically a router's IP address)
• Settings for the network interfaces, including IP addresses, media type, and custom netmask and broadcast addresses
• Configuration information for redundant systems, including the IP addresses of the individual controllers, and an IP address for the shared IP address
• Configuration information for browser access to the web-based Configuration utility
• The IP address or IP address range for remote administrative connections

An important note about configuring non-crypto 3-DNS Controllers

When you run the First-Time Boot utility on a non-crypto 3-DNS Controller, a controller that does not use encrypted communications, certain screens are different from those shown when you run the First-Time Boot utility on a crypto 3-DNS Controller, a controller that uses encrypted communications.

• On crypto 3-DNS Controllers, the First-Time Boot utility prompts you to choose either SSH or RSH for remote, secure connections. We recommend that you configure an administrative IP address from which the 3-DNS Controller accepts SSH connections.
• On non-crypto 3-DNS Controllers, you can only configure an administrative IP address from which the 3-DNS Controller accepts RSH connections.
• The 3-DNS Controller stores the administrative IP address for SSH and RSH connections in the /etc/hosts.allow file.
  
  

  Note: If you have both crypto and non-crypto 3-DNS Controllers, and you are setting up a crypto 3-DNS Controller, you need to configure the controller so that it accepts RSH and RCP connections. For more information on configuring RSH and RCP on crypto controllers, see Enabling remote login tools, on page 4-1 .

Starting the First-Time Boot utility

The First-Time Boot utility starts automatically when you turn on the 3-DNS Controller (the power switch is located on the front of the controller). The first screen the controller displays is the License Agreement screen. You must scroll through the screen, read the license, and accept the agreement before you can move to the next screen. If you accept the terms of the license agreement, the next screen you see is the Welcome screen. From this screen, simply press any key on the keyboard to start the First-Time Boot utility, and then follow the instructions on the subsequent screens to complete the process.

Note: You can re-run the First-Time Boot utility after you run it for the initial configuration. To rerun the First-Time Boot utility, type config at the command line.

Defining a root password

A root password allows you administrative access to the 3-DNS Controller. The root password must contain a minimum of 6 characters, but no more than 32 characters. Passwords are case-sensitive, and we recommend that your password contain a combination of uppercase and lowercase characters, as well as special characters. Once you enter a password, the First-Time Boot utility prompts you to confirm your root password by typing it again. If the two passwords match, your password is immediately saved. If the two passwords do not match, you receive an error message asking you to re-enter your password.

Warning: The root password is the only setting that is saved immediately, rather than confirmed and committed at the end of the First-Time Boot utility process. You can change the root password after the First-Time Boot utility completes and you reboot the 3-DNS Controller (see Chapter 6, Administration and Monitoring, in the 3-DNS Administrator Guide, for more information). You can change other system settings when the First-Time Boot utility prompts you to confirm your configuration settings.

Defining a host name

The host name identifies the 3-DNS Controller itself. Host names must be in the format of a fully-qualified domain name. Host names may contain letters, numbers, and the symbol for dash ( - ), however, they may not contain spaces. For example, if the controller's label is controller1, then you define the host name as controller1.yourdomain.com.

Configuring a default route

If a 3-DNS Controller does not have a predefined static route for network traffic, the controller automatically sends traffic to the IP address that you define as the default route. Typically, a default route is set to a router's IP address.

Configuring a time zone

Configuring a time zone ensures that the clock for the 3-DNS Controller is set correctly, and that dates and times recorded in log files correspond to the time zone of the system administrator. Scroll through the time zone list to find the time zone closest to your location. Note that one option may appear with multiple names.

Configuring NTP clocks

You can synchronize the time on your 3-DNS Controller to a public time server by using Network Time Protocol (NTP). NTP is built on top of IP and assures accurate, local timekeeping with reference to clocks located on the Internet. This protocol is capable of synchronizing distributed clocks, within milliseconds, over long periods of time. If you choose to enable NTP, make sure UDP port 123 is open in both directions when the 3-DNS Controller is behind a firewall.

Configuring a redundant system

When you configure the interfaces on your 3-DNS Controller, you have several options based on whether you are configuring a redundant system. On the Configure 3-DNS Interfaces screen, select Yes, it is a redundant 3-DNS System, if you have a redundant system. Otherwise, select No, it is not a redundant 3-DNS System. The subsequent configuration screens vary, based on your selection.

Note: Note that if you are configuring a redundant system, you need to select a unit ID, and configure a shared IP address for the redundant system, in addition to configuring the interfaces themselves.

Selecting a unit ID for redundant systems

If you are configuring a redundant system, the First-Time Boot utility prompts you to provide a unit ID and an IP address for fail-over for the 3-DNS Controller. The default unit ID number is 1. If you are configuring the first controller in the redundant system, use the default. When you configure the second controller in the redundant system, type 2. These unit IDs are used for active-active redundant controller configuration.

Note: If you are configuring a stand-alone controller, you do not configure a unit ID. The First-Time Boot utility goes straight to the Configure Interfaces screen.

Configuring the shared IP address for redundant systems

If you have a redundant system, you are also prompted to provide the IP address that serves as an IP alias for both 3-DNS Controllers. The IP alias is shared between the units, and is used only by the currently active machine. The units themselves use unique IP addresses for each interface. The First-Time Boot utility guides you through configuring the interfaces, based on your hardware configuration.

Configuring the interfaces

The Select Interface screen shows a list of the installed interfaces. You must configure at least one interface, but you configure additional interfaces only if you want to have more than one independent network access path to the 3-DNS Controller, or if you want to run the controller in router mode.

Warning: The First-Time Boot utility lists only the interfaces that it detects during boot up. If the utility lists only one interface, a network adapter may have come loose during shipping. Check the LED indicators on the network adapters to ensure that they have properly detected the 3-DNS Controller media that should be installed.

Select the interface you want to configure, and press Enter (the interfaces are typically labeled fxp0 and fxp1). The utility prompts you for the following information, in many cases offering you a default:

• IP address
  This is the IP address of the controller itself.
• Netmask
  Note that the 3-DNS Controller uses a default netmask appropriate to the subnet indicated by the IP address. The default netmask is shown in brackets at the prompt.
• Broadcast address
  The default broadcast address is a combination of the IP address and the netmask. The default broadcast address is shown in brackets at the prompt.
• Shared IP address alias (redundant systems only)
• Peer IP address (redundant systems only)
  The peer IP address is the IP address of the other unit in the redundant system. The 3-DNS Controller uses the specified peer IP address to communicate with the second unit.
• Media type
  The media type options depend on the interface(s) included in your hardware configuration. The 3-DNS platform supports the following media types:
  
  
  • Auto
  • 10baseT
  • 10baseT, FDX
  • 100baseTX
  • 100baseTX, FDX
  • Gigabit Ethernet

Configuring settings for the 3-DNS web server

The 3-DNS web server requires that you define a domain name for the server, a user ID, and a password. The 3-DNS web server hosts the web-based Configuration utility. The information that you configure in these screens allows you to access the Configuration utility from a web browser on your workstation. On crypto 3-DNS Controllers, the First-Time Boot utility also generates certificates for authentication.

The First-Time Boot utility guides you through a series of screens to set up web server access:

• The first screen prompts you to enter a fully-qualified domain name. The default is the host name that you entered at the beginning of the First-Time Boot utility.
• The next web server screen prompts you for a user name and a password. The password does not show on screen as you type it. The utility prompts you to enter the password again for confirmation purposes.
• The final screen prompts you to specify whether you want to allow technical support to have access to the Configuration utility.
• The certification screen prompts you to enter the country, state, city, company, and division information used for the authentication certificate (crypto 3-DNS Controllers only).

Warning: If you ever change the IP addresses or host names on the 3-DNS Controller interfaces, you need to reconfigure the 3-DNS web server to reflect your new settings. You can reconfigure the 3-DNS web server from the command line using the following command:

config_httpd

Configuring 3-DNS web server passwords

The 3-DNS web server hosts the browser-based Configuration utility. If you wish to create a new password for the 3-DNS web server, after you have configured the password for the first time, run the config httpd command.

You can also add users to the existing password file, change a password for an existing user, or recreate the password file, without actually going through the 3-DNS web server configuration process. For more information, see Chapter 9, Scripts, in the 3-DNS Reference Guide.

Warning: If you have modified the 3-DNS web server configuration outside of the Configuration utility, be aware that some changes may be lost when you run the config httpd command. This utility overwrites the httpd.conf file, and several other files, but it does warn you before doing so.

Configuring remote administration

When you configure remote administration, the screens that you see vary, depending on whether you have a crypto 3-DNS Controller, or a non-crypto 3-DNS Controller.

• On crypto 3-DNS Controllers, the first screen you see is the Configure SSH screen, which prompts you to type an address for ssh command line access. The next screen you see is the Configure RSH screen. We recommend that you enable SSH remote administrative access, and disable RSH remote administrative access.
• On non-crypto 3-DNS Controllers, the First-Time Boot utility displays only the Configure RSH screen. Non-crypto controllers do not support SSH.
  
  

  The First-Time Boot utility prompts you to enter a single IP address, or a range of IP addresses, from which the 3-DNS Controller can accept administrative connections (either remote shell connections, or connections to the 3-DNS web server). To specify a range of IP addresses, you can use the asterisk (*) as a wildcard character in the IP addresses.

  The following example allows remote administration from all hosts on the 192.168.2.100 network:

  192.168.2.*

Warning: For 3-DNS Controllers, you must configure command line access. If you do not configure command line access, the 3-DNS Controllers cannot communicate with each other, and they cannot properly exchange configuration information.

Configuring the 3-DNS Controller mode

The 3-DNS Controller can now run in three different modes: node, bridge, and router.

• Node mode
  The node mode is the traditional installation of the 3-DNS Controller. The 3-DNS Controller replaces a DNS server in a network and uses the DNS server's IP address. All DNS traffic is directed at the 3-DNS Controller because it is registered with InterNIC as authoritative for the domain. In node mode, you usually run BIND on the system to manage DNS zone files.
• Bridge mode
  In bridge mode, the 3-DNS Controller acts as a bridging device by forwarding packets between two LAN segments (usually on the same IP subnet). The controller usually has one IP address on one interface, and is installed between the router or switch and the authoritative DNS server. The 3-DNS Controller does not replace the authoritative DNS server. The 3-DNS Controller filters all DNS packets that match wide IPs, and forwards the remaining packets to the authoritative DNS server for resolution. Note that this may be the preferred method of using the 3-DNS Controller because you do not have to replace the authoritative DNS server, and you can perform out-of-band testing before you deploy 3-DNS Controller software upgrades.
• Router mode
  In router mode, the 3-DNS acts as a router by forwarding packets between two different IP subnets. You can put the 3-DNS Controller anywhere in the network topology as along as packets destined for the authoritative DNS server have to pass through it. Router mode requires at least two IP addresses and two interfaces. Router mode is probably most useful for Internet service providers (ISPs) that want to redirect traffic to local content servers. For example, by using the 3-DNS Controller in router mode, an ISP can redirect requests for ads.mydomain.net to a local ad server.

Configuring NameSurfer for zone file management

In the final series of the First-Time Boot utility screens, you choose whether to have NameSurfer handle DNS zone file management on the current 3-DNS Controller. If you configure the 3-DNS Controller in node mode, we strongly recommend that you configure NameSurfer to handle zone file management. If you designate NameSurfer as the primary name server, NameSurfer converts the DNS zone files on the controller, becomes the authoritative DNS, and automatically processes changes and updates to the zone files. (You can access the NameSurfer application directly from the Configuration utility).

Note: Remember that if you run the 3-DNS Controller in bridge or router mode, the controller is not authoritative for any domains, so you do not manage any zone files on it.

Confirming your configuration settings

At this point, you have entered all the configuration information, and now you confirm each setting. Each confirmation screen displays a setting and prompts you to either accept or re-enter it. If you choose to edit the setting, the utility displays the original configuration screen in which you defined the setting. When you finish editing the item, you return directly to the Confirmation screen for that item, and continue the confirmation process. Note that once you accept a setting in the Confirmation screen, you do not have another opportunity to review before the commit phase.

You confirm or edit the settings in the same order that you configured them:

• Confirm host name
• Confirm default route
• Confirm all interface settings
• Confirm web server options
• Confirm SSH settings
• Confirm time zone
• Confirm NTP settings
• Confirm 3-DNS Controller mode
• Confirm administrative IP address
• Confirm NameSurfer application options

  Once you have confirmed the last setting, the First-Time Boot utility moves directly into the commit phase, where you are not able to make any changes.

Tip: If, at a later time, you wish to change any of the settings that you configure using the First-Time Boot utility, simply type config at the command line. The config command starts the First-Time Boot utility.

Committing your configuration settings to the system

Once you confirm all of the configuration settings, the First-Time Boot utility saves the configuration settings. During the commit process, the First-Time Boot utility creates the following files and tables:

• An /etc/hosts.allow file
  This file stores the IP address, or IP address range, from which the 3-DNS Controller accepts administrative connections.
• An /etc/rc.conf file
  This file lists the utilities and daemons that are started when you reboot the controller. This file also contains any custom arguments for the daemon processes.
• An /etc/hosts file
  This file contains the local host's address and host name.
• A /config/httpd/httpd.conf file
  This file contains the configuration directives for the 3-DNS web server.
• A named.conf file
  This file is the configuration file for the named daemon. This file lists the zones for which the name server is authoritative, and it contains directives that customize the behavior of the name server.
  
  

  If you want to update any of the information in these files at a later time, you can re-run the First-Time Boot utility by typing config at the command line. If you want to update the zone file information in the named.conf file, you can use the NameSurfer application in the web-based Configuration utility.

To open the NameSurfer application

1. In the navigation pane, click NameSurfer.
   The NameSurfer home screen opens.
2. Edit the zone file information as required.
   For help with the NameSurfer application, click Help in the Name surfer navigation pane

Warning: If you edit any of the files using a method other than those specified here, your changes will not be saved in the configuration database file and will be lost if you upgrade the controller.