Manual Chapter : 3-DNS Administrator Guide v1.0.6: Utilities and Scripts

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 1.0.6
Manual Chapter


D

Utilities and Scripts



Utilities

The 3DNS Controller includes several utilities and scripts. These utilities and scripts allow you to configure the DNS, and the various features of the 3DNS Controller.

3dparse

The 3dparse tool parses and verifies the syntax of the 3DNS configuration file (wideip.conf). You can use it to verify syntax after making any changes to wideip.conf, before running named.

The 3dparse tool can be used to validate configuration syntax. 3dparse checks global value ranges and to ensure each virtual server is configured on a BIG/ip Controller or other host machine. The 3dparse tool also checks dependencies. For example, TTL values (like bigip_ttl) must be greater than their corresponding timer values (like timer_get_bigip_data).

Use the following syntax with 3dparse:

3dparse [-help] [-o] [-if <file_name>] [-of <file_name>] \
[-version] [-sf <file_name>] [-d] [-s] [-vl] [-picky]

The options for 3dparse include:

-help

Displays the list of available options.

-o

Writes the in-memory configuration to the wideip.conf file. The in-memory configuration is created by reading the input file and applying verification and validation.

-if <file_name>

Specifies a file name for the input file. If you don't use this option, 3dparse uses the default input file, wideip.conf.

-of <file_name>

Specifies a file name for the output file.

-version

Displays the version information.

-sf <file_name>

Path for output status file. The default is stdout.

-d

Simulate an ndc dumpdb after parsing.

-s

Simulate data copier behavior when loading.

-vl

Turn on syslog verbosity and path loading.

-picky

Do not auto-correct any validation errors.

Example

The following example shows a 3dparse command. The bold typeface indicates the command entered.

bighost:~# 3dparse -o



3dparse: Initializing ...



3dparse: Parsing /etc/wideip.conf



3dparse: Dumping ./3dparse.out



3dparse: SUCCESS

 

watchdog-named

Use the watchdog-named utility to ensure that a version of named is always running on the 3DNS Controller.

If watchdog-named is running, do not manually start named. The 3DNS Controller does not prevent more than one named process from running simultaneously, and watchdog-named only monitors one named process at a time.

Because watchdog-named is not a daemon, start it as a background process.

watchdog-named performs the following functions:

  • Starts and watches a new named process if named is not running when watchdog-named is started.
  • Monitors any running named process.
  • Starts a new named process if the watched named process stops.
  • Keeps secure any dumped named core files by renaming the core file and adding a timestamp suffix. watchdog-named then compresses the core file.
  • Presents an error message if you attempt to start more than one watchdog-named process.
  • Logs an emergency message if the named process runs for less than one hour before stopping, ten times in a row; this behavior usually indicates a serious problem with named. You can use the -r or -s arguments when you start watchdog-named to change the time parameters. These arguments are described later in this section.
  • Parses named.conf to find the directory command in order to find in which directory to run and where to dump and find named cores. If more that one directory command is found in named.conf, watchdog-named uses the last one it finds.

    When your 3DNS Controller is using watchdog-named, you cannot use ndc to stop, start, or restart named. Instead, you must use 3ndc. See 3ndc, on page D-5 .

    If you are using a ps command followed by a grep named command to find all named process on a 3DNS Controller, add the -ww argument to the ps command. This causes ps to print out long lines, ensuring that watchdog-named appears in the output.

    A 3DNS Controller does not have to use watchdog-named. You can instead use named and ndc. See named, on page D-6 , and ndc, on page D-8 .

    watchdog-named uses the following syntax:

watchdog-named [-c <path>] [-r <number>] [-s <number>]

The options for watchdog-named include:

-c <path>

Specifies the path for the named.conf file to use. The default is /etc/named.conf.

-r <number>

Specifies the number of times named can be restarted before a warning is logged. The default is 10.

-s <number>

Specifies the number of seconds between restarts that is considered excessive. The default is 3600.

3ndc

3ndc allows the name server administrator to send various signals to the name server, or to restart it. 3ndc is should be used in place of ndc on 3DNS Controllers that use watchdog-named.

Only use 3ndc if watchdog-named is being used on your 3DNS Controller.

The syntax for 3ndc is as follows:

3ndc directive [ ...]

When you use 3ndc, you can specify directives. Directives are not required. Directives for 3ndc include:

status

Display the current status of named as shown by ps(1).

dumpdb

Write named's database and cache to /var/tmp/named_dump.db. It uses the INT signal.

reload

Checks the serial numbers of all primary and secondary zones and reloads those that have changed. Uses the HUP signal.

stats

Writes statistics to /var/tmp/named.stats. Uses the IOT or ABRT signal.

trace

Increments the tracing level by one. Whenever the tracing level is not zero, trace information is written to /var/tmp/named.run. Higher tracing levels result in more detailed information. Uses the USR1 signal.

notrace | cmd

Rereads the /var/run/widip.cmd file and set its tracing level to zero. The /var/tmp/named.run closes if it is open. Uses the USR2 signal. Using notrace or cmd has the same effect, and can be used in addition to using the same argument with ndc.

querylog

Toggles the query logging feature which, while on, results in a syslog(3) entry for each incoming query. It uses the WINCH signal. Note that query logging consumes log file space. This directive may also be given as qrylog.

start

Starts watchdog-named, if it is not running. watchdog-named starts named. If a named process is already running, watchdog-named starts and watches the current named process.

stop

Stops watchdog-named and named, if they are running.

restart

Stops and restarts watchdog-named and named.

named

named is the Internet domain name server. If no arguments are specified, named opens the default boot file (/etc/named.conf), reads any initial data, and listens for queries.

named uses the following syntax:

named [ -(b|c) <config_file> ] [ -d <debuglevel>] [ -f ] \
[ -g <group_name> ] [ -p <port#> ] [ -q ] [ -r ] \
[ -t <directory> ] [ -u <user_name> ] [ -v ] [ -w <directory> ]\ [ config_file ]

The options for named include:

-b

Specifies an alternate boot file. This argument is overridden by any configuration file which is specified at the end of the command line. The default value is /etc/named.conf.

-d

Prints debugging information. The number specified after this option determines the level of printed messages.

-f

Runs the process in the foreground.

-g

Specifies which group the server should run as after it initializes. You can specify a group name or a numeric group ID.

-p

Use the specified remote port number; this is the port number to which named sends queries. The default value is the standard port number as returned by the getservby-name command for the service domain. In earlier versions of named, the syntax
-p port#[/localport#] was supported. The first port was used when contacting remote servers, and the second one was the service port bound by the local instance of named. The current usage is equivalent to the old usage without the localport# specified; this functionality can be specified with the listen-on clause of the configuration file's options statement.

-q

Traces all incoming queries if named was compiled with the QRYLOG defined command. Note that this option is deprecated in favor of the boot file directive: options query-log.

-r

Turns off recursion on the server. Answers can come only from local (primary or secondary) zones. This option can be used on root servers. Note that this option is deprecated in favor of the boot file directive: options no-recursion.

-t

Specifies the directory the server should chroot(2) into as soon as it finishes processing command line arguments.

-u

Specifies the user the server should run as after it initializes. You can specify a user name or a numeric user ID. If you did not use the -g option, the group ID used is the primary group of the specified user--initgroups(3)--is called, so all of the user's groups are available to the server.

-v

Displays the version information.

-w

Sets the working directory of the server. The directory clause of the configuration file's options statement overrides any value specified on the command line. The default working directory is the current directory.

[config_file]

Any additional argument is taken as the name of the configuration file, for compatibility with older implementations; as noted above, this argument overrides any configuration file specified by the -b and -c options. If no further argument is given, the default configuration file is used (/etc/named.conf).

For more information on named, see the named man page.

ndc

The name daemon control interface command ndc allows a name server administrator to send signals to the name server. This section describes ndc; a sub-section describes the value that the 3DNS platform adds to the normal ndc functionality present in BIND.

Warning: Do not use ndc with watchdog-named. Instead, use 3ndc.

The syntax for ndc is as follows:

ndc directive [ ... ]

When you use ndc, you can specify directives. Directives are not required. The directives available for 3ndc include:

status

Display the current status of named as shown by ps.

dumpdb

Write the database and cache to /var/tmp/named_dump.db. It uses the INT signal.

reload

Checks the serial numbers of all primary and secondary zones and reloads those that have changed. Uses the HUP signal. Use this directive with caution, as it sometimes starts two copies of ndc.

stats

Writes its statistics to /var/tmp/named.stats. It uses the IOT or ABRT signal.

trace

Increments the tracing level by one. Whenever the tracing level is not zero, trace information is written to /var/tmp/named.run. Higher tracing levels result in more detailed information. It uses the USR1 signal.

notrace

Sets its tracing level to zero, closing /var/tmp/named.run if it is open. It uses the USR2 signal.

querylog

Toggles the query logging feature which, while on, results in a syslog entry for each incoming query. It uses the WINCH signal. Note that query logging consumes log file space. This directive may also be given as qrylog.

start

Starts named, as long as it isn't already running.

stop

Stops named, if it is running.

restart

Stops and restarts named.

Signals and dump files: extending ndc

As mentioned above, the 3DNS Controller extends the functionality of ndc to send signals to the 3DNS Controller and dump data to the 3DNS Controller files.

To send signals to the 3DNS Controller name server (named), use one of the following commands:

kill -<signal code> `cat /var/run/named.pid`

or

ndc <signal function name>

The following signal codes are used by the 3DNS Controller in addition to the normal BIND functionality:

HUP (name: restart)

Restarts the name server. Use this signal to reread the named.conf and the wideip.conf files.

INT (name: dumpdb)

Dumps data metrics for wide IP addresses, BIG/ip Controllers, hosts, paths, and virtual servers in the following files, which are located in /var/run:

  • 3dns.sum
  • 3dns.paths
  • 3dns.ldns
  • 3dns.vs
  • 3dns.bigips
  • 3dns.hosts
  • 3dns.wips
  • 3dns.lbs

    These files correspond to the tables displayed in the F5 Configuration utility.

    In addition, a memory representation of the 3DNS Controller is dumped to wideip_dump.db in wideip.conf-compliant format (C-like format).

Note: The preceding information describes the low-level mechanics of how the 3DNS Controller administration tool obtains its information. This information can be useful for troubleshooting purposes.

ABRT (name:stats)

Dumps static information to /var/run/3dnsStats.log.

Configuring syslog for 3DNS messages

Although the syslog daemon is configured to save 3DNS Controller messages by default, the information in this section is provided in case you ever need to reconfigure your system. The lines listed in the following procedure are default entries for files shipped with a new 3DNS Controller.

Both big3d and named use the syslog daemon and all messages are written to the local2 facility.

To set up 3DNS Controller logging:

  1. Add the following line to the /etc/syslog.conf file.

local2.err /var/log/3dns

To include warnings in normal operations, also add the following line:

local2.warning /var/log/3dns

For full debugging, add the following line:

local2.debug /var/log/3dns

The above lines are somewhat equivalent to:

local2.* /var/log/3dns

As an alternative, you can use a different file to capture a session without affecting the default files. For example, you could use a line like the following:

local2.debug /var/log/3dns.debug

To switch logging levels or specify another file name, edit the /etc/syslog.conf file and restart syslogd or issue it a SIGHUP.

  1. Create an empty 3DNS Controller file in /var/log by typing the following on the command line:

% touch 3dns

Note that in the above example, 3dns is the name of the file you are creating. You can use this command to create other files for the 3DNS Controller (with different names). You need only create other 3DNS Controller files when solving configuration problems.

You must touch each file that you create. Continuing with the examples in step 1, type the following entry:

% touch 3dns.debug

  1. Restart syslog by typing the following on the command line:

kill -HUP `cat /var/run/syslog.pid`

Log rotation

The 3DNS Controller's log file is called /var/log/3dns. The 3DNS Controller uses log rotation to keep log files from becoming overly large. A script included with the 3DNS Controller, /etc/daily, automatically runs each night, compressing the existing information in the log file. We do not recommend that you edit this file.

syslog.conf

The syslog.conf file is the configuration file for the syslogd program. It consists of blocks of lines separated by program specifications, with each line containing two fields:

  • Selector field
    Specifies the types of messages and priorities to which the line applies.
  • Action field
    Specifies the action to be taken if syslogd receives a message that matches the selection criteria.

    The selector field is separated from the action field by one or more space or tab characters.

    The Selector function is encoded as a facility, a period (.), and a level, with no intervening white space. Both the facility and the level are case insensitive.

    The facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, ntp, syslog, user, uucp, and local0 through local7. These keywords (with the exception of mark) correspond to the similar LOG_ values specified to the openlog and syslog library routines.

    The level describes the severity of the message. The severity levels include (from highest to lowest): emerg, alert, crit, err, warning, notice, info, and debug. These correspond to the similar LOG_ values specified to the syslog library routine.

    Each block of lines in the syslog.conf file is separated from the previous block by a tag. The tag is a line beginning with one of the following:

  • #!prog
    Used for compatibility with the previous syslogd; for example, if one is sharing syslog.conf files.
  • !prog
    Each block will be associated with calls to syslog from that specific program.

    The action specified in the action field is taken if a message received matches the specified facility and is of the specified level (or a higher level), and if the first word in the message after the date matches the program.

    To specify multiple selectors for a single action, separate each selector with a semicolon (;) character. It is important to note that each selector can modify the ones preceding it.

    To specify multiple facilities for a single level, separate each selector with a comma (,) character.

    An asterisk (*) can be used as a wildcard character to specify all facilities, all levels, or all programs.

    The special facility mark receives a message at info priority every 20 minutes. This is not enabled by a facility field. The facility command uses the following marks:

  • A comma separated list of users
    Selected messages are written to those users if they are logged in.
  • An asterisk
    Selected messages are written to all logged-in users.
  • A vertical bar (|)
    The vertical bar is followed by a command to which to pipe the selected messages. The command is passed to a /bin/sh for evaluation, so usual shell metacharacters or input/output redirection can occur. (However, note that redirecting stdio buffered output from the invoked command can cause additional delays, or even lost output data in case a logging sub-process exited with a signal.) The command itself runs with stdout and stderr redirected to /dev/null. Upon receipt of a SIGHUP, syslog.conf closes the pipe to the process. If the process didn't exit voluntarily, it will be sent a SIGTERM signal after a grace period of up to 60 seconds.

    The command starts only when the data that should be piped to it arrives. If the process exits later, it restarts as necessary. If you want the sub-process to get exactly one line of input only (which can be very resource-consuming if there are a lot of messages flowing quickly), you can do this by exiting after just one line of input. If necessary, a script wrapper can be written to this effect.

    Unless the command is a full pipeline, you probably want to start the command with exec so that the invoking shell process does not wait for the command to complete.

Warning: The process is started under the UID that invokes syslogd, usually the superuser.

Blank lines and lines whose first non-blank character is a hash (#) character are considered to be comments, and are ignored.

Example

The following is an example of a configuration file:

 # Log all kernel messages, authentication messages of  

# level notice or higher and anything of level err or

# higher to the console.

# Don't log private authentication messages!

*.err;kern.*;auth.notice;authpriv.none /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* /var/log/maillog

# Everybody gets emergency messages, plus log them on another

# Save ftpd transactions along with mail and news

!ftpd

*.* /var/log/spoolerr


syslogd

The syslogd daemon reads and logs messages to the system console, log files, other machines, and/or users as specified by its configuration file.

The syslogd daemon uses the following syntax:

syslogd [-a <allowed_peer>] [-d] [-f] [-m] [-p] [-s]

Options include the following:

-a <allowed_peer>

Allows allowed_peer to log to this syslogd using UDP datagrams. Multiple -a options may be specified.

Allowed_peer can be any of the following:

  • ipaddr/masklen[:service]
    Accepts datagrams from ipaddr (in the usual dotted quad notation) with masklen bits being taken into account when doing the address comparison. If specified, service is the name or number of a UDP service to which the source packet must belong. A service of * allows packets sent from any UDP port. The default service is "syslog". A missing masklen is substituted by the historic class A or class B netmasks if ipaddr belongs to the address range of class A or B, respectively, or by 24 otherwise.
  • domainname[:service]
    Accepts datagrams where the reverse address lookup yields the domainname for the sender's address. The meaning of service is described above.
  • *domainname[:service]
    Same as above, except that any source host whose name ends in domainname will get permission.

-d

Puts syslogd into debugging mode. This is useful for troubleshooting.

-f

Specifies the path name of an alternate configuration file; the default is /etc/syslog.conf.

-m

Selects the number of minutes between mark messages; the default is 20 minutes.

-p

Specifies the path name of an alternate log socket; the default is /var/run/log.

-s

Operates in secure mode. Does not listen for log message from remote machines.

log2mail

The log2mail program gathers system log messages from the syslogd daemon and mails a copy to each specified address. It is intended to be invoked by syslogd using the "|" construct in the /etc/syslog.conf file, as in the following example:

*.err,auth.notice |/usr/sbin/log2mail root@remote.site.com

The log2mail program begins each mail message with a line of context taken from the previous mail message. The context clarifies the meaning of the "last message repeated n times" messages that are generated by syslogd itself.

log2mail uses this syntax:

log2mail [-t <inverval> ]

One option is available:

-t <interval>

Specifies the minimum interval in seconds between consecutive mail messages. When log2mail receives a new log message, it checks whether <interval> seconds have passed since the last time it mailed a message. If at least that amount of time has passed, log2mail mails the new message without delay. Otherwise, it saves incoming messages and sends them later, after <interval> seconds have passed since the previous mail. This prevents a large number of log messages from producing many mail messages.

The default interval is 300 seconds (5 minutes).

thttpd

The thttpd server is a simple, small, fast, and secure HTTP server. It is distributed and installed with the 3DNS Controller, and it supports the 3DNS Web Administration tool.

For more information on the thttpd server, see the following Web page: www.acme.com/software/thttpd/.

thttpd uses this syntax:

thttpd [-p <port>] [-d <dir>] [-r | -nor] [-u <user>] \
[-c <cgipat>] [-t <throttles>] [-h <host>] [-l <logfile>]

Options for the thttpd server include:

-p

Specifies an alternate port number to listen on. The default is 80.

-d

Specifies a directory to chdir() to at startup.

-r

Performs a chroot() at initialization time, restricting file access to the program's current directory. If -r is the compiled-in default,
-nor disables it.

-u

Specifies what user to switch to after initialization when started as root. The default is nobody.

-c

Specifies a pattern for CGI programs.

-t

Specifies a file of throttle settings

-h

Specifies a host name to bind to, for multi-homing. The default is to bind to all host names supported on the local machine.

-l

Specifies a file for logging. If no file is specified, thttpd logs via syslog.

Basic authentication

The version of thttpd that is installed with the 3DNS Controller includes the basic authentication feature, which is available as an option at compile time. If basic authentication is enabled, it uses a password file in a served directory, called .htpasswd by default. This file is formatted as the familiar colon-separated username/encrypted-password pair, with records delimited by new lines. The protection does not carry over to subdirectories. htpasswd is the name of the included utility program that helps create and modify .htpasswd files.

htpasswd uses this syntax:

htpasswd [-c ] passwordfile username

Using the above command sets a user's password in an httpd-style password file. The -c flag creates a new file.

Scripts

This section provides information on each script that is shipped with the 3DNS Controller. Most scripts correspond to items on the 3DNS Maintenance menu, which is shown on page 4-23 . This section provides information about how the scripts work. If you plan on doing a scripted task manually, you should find this section especially helpful.

Note: Before you edit a script, make a backup copy of the original.

File location

All scripts are located in /usr/contrib/bin, as are both data files. The data files are:

  • bigips.txt
    This file consists of a list of the physical, external IP address of each BIG/ip Controller that is managed by the 3DNS Controller. The format is one IP address per line. If you have a BIG/ip redundant hardware system, the IP addresses of both BIG/ip machines are listed. You can edit this file by using the Edit BIG/ip List item on the 3DNS Maintenance menu.
  • 3dns.txt
    This file consists of a list of administration IP addresses of 3DNS Controllers. The format is one IP address per line. You can edit this file by using the Edit 3DNS List item on the 3DNS Maintenance menu. Note that you should not list the current 3DNS Controller's IP address in its own 3dns.txt file.

    You can use shell style (also known as Perl style) comments in both bigips.txt and 3dns.txt. Shell style comments begin with a pound sign character (#) and are no longer than one line in length.

3dns_admin_start

The 3dns_admin_start script starts the Web Administration tool provided with your 3DNS Controller. For information on this tool, see Chapter 6, Web Administration .

3dns_auth

All 3DNS Controller scripts are easier to use when you generate password authentication. The 3dns_auth script corresponds to the Generate RSA Authentication item on the 3DNS Maintenance menu.

Note: This script is not available in the international version of the 3DNS Controller.

The 3dns_auth script generates a password authentication copying the ssh key to each 3DNS Controller and BIG/ip Controller.

Warning: Before you use this command, you must set the RSAAuthentication parameter to yes in the /etc/sshd_config.conf file.

The 3dns_auth script does the following:

  1. If no identity.pub file exists, 3dns_auth runs the ssh-keygen command to generate /root/.ssh/identity and /root/.ssh/identity.pub files that incorporate NULL passphrases. An existing identity.pub file indicates that ssh-keygen was already run. Running ssh-keygen more than once will cause problems, and is not recommended.

    When you run ssh-keygen, press Enter when asked for a passphrase. Do not type in a password.

    Here is a sample session to generate a public key:

3dns-standby# ssh-keygen  

Initializing random number generator...

Generating p: ............++ (distance 364)

Generating q: ..++ (distance 16)

Computing the keys...

Testing the keys...

Key generation complete.

Enter file in which to save the key (/root/.ssh/identity):

Enter passphrase:

Enter the same passphrase again:

Your identification has been saved in /root/.ssh/identity.

Your public key has been saved in /root/.ssh/identity.pub


  1. Appends the contents of the /root/.ssh/identity.pub file to the 3DNS /root/.ssh/authorized_keys file, using the following command:



3dns-standby# cat /root/.ssh/identity.pub |\
ssh -l root <ip-address-of-3DNS> 'cat >> /root/.ssh/authorized_keys'

Note that you must use a front tick mark (also called a single straight quotation mark) in the above syntax.

To test that you have successfully generated the ssh key, use ssh to log into the data collector without a password:

data collector# ssh root@<ip-address-of-3DNS>

Note: There may be cases where you have an existing identity.pub file, but you want to perform the other tasks performed by 3dns_auth. In these cases, do not run the script again. Instead, perform the other tasks manually.

3dns_dump

Without an argument, this script simply dumps the named cache and creates new versions of the files /var/3dns/etc/wideip.conf.static and /var/3dns/etc/wideip.conf.dynamic, using file /var/run/wideip.cmd. If a wideip.cmd file already exists before the 3dns_dump script is called, wideip.cmd will temporarily be moved, and then restored afterward. This script prints out an error message if named does not respond to the signal to dump or read in the command file.

3dns_mode <conf | watch>

This script takes an argument (conf or watch) and returns a text string that displays the wideip.conf mode that the 3DNS Controller is currently using.

The conf argument determines which wideip.conf mode is currently running. This argument is also available on the 3DNS Maintenance menu as the Display mode of wideip.conf command. There are four different modes:

  • Initial
    The /etc/wideip.conf file is an plain file (not a link), and the 3DNS Controller has never been put into Static or Dynamic mode.
  • Static
    The /etc/wideip.conf file is actually a link to /var/3dns/etc/wideip.conf.static.
  • Dynamic
    The /etc/wideip.conf file is actually a link to /var/3dns/etc/wideip.conf.dynamic.
  • Unknown
    The /etc/wideip.conf file is missing, or is linked to an unknown file, or is otherwise corrupt.

    The watch argument determines whether watchdog-named is currently active. The script returns yes or no.

    An invalid argument to 3dns_mode returns a ?.

3dns_sync

The 3dns_sync script corresponds to the Synchronize Configuration Data item on the 3DNS Maintenance menu. This script distributes the wideip.conf file from the current 3DNS Controller to all other 3DNS Controllers that are listed in the 3dns.txt file. This synchronizes the 3DNS Controller configuration on all specified 3DNS Controllers. Only use the script if you are certain that you want the same wideip.conf on all machines. Having the same wideip.conf on all machines may not be desirable in all cases.

3dns_web_passwd

The 3dns_web_passwd script corresponds to the Change/Add Users for 3DNS Web Administration item on the 3DNS Maintenance menu. This script secures the 3DNS administration Web site using basic authentication. This script lets you provide restricted or administrative access to the 3DNS Web Administration site for selected users only, and assigns passwords for those users. Users with restricted access have access to the statistics area only. Users with administrative access have access to all areas of the 3DNS Web Administration site.

It is important to note that if you do not use this script, all users have access to the 3DNS administration Web site.

The first time you use this script to provide access for a user name and password, you block access for all other users. You can run this script again any time you need to provide access for another user.

big3d_check

The big3d_check script corresponds to the Check big3d item on the 3DNS Maintenance menu. This script checks that each BIG/ip Controller listed in the bigips.txt file is running the big3d utility.

big3d_install

The big3d_install script corresponds to the Install and Start big3d item on the 3DNS Maintenance menu. This script installs and starts the appropriate version of the big3d utility on each BIG/ip Controller. This script is useful for 3DNS Controller updates.

big3d_install performs the following procedure on each BIG/ip Controller:

  1. Stops the running big3d process.
  2. Uses a matrix file to determine which version of big3d to copy to the BIG/ip Controller. The matrix file is a file that lists version numbers for all BIG/ip Controllers known to the 3DNS Controller and the version numbers of the big3d and named utilities running on each BIG/ip Controller.
  3. Adds the following to the bottom of the /etc/rc.local file:
if [ -f /usr/sbin/big3d ]; then    
echo -n "big3d": /usr/sbin/big3d 2> /dev/null fi
  1. Starts /usr/sbin/big3d.

Configuring the big3d process

The syntax is:

big3d [options]

Option Description
-foreground Runs the process in the foreground rather than as a daemon.
-help Lists the available options.
-keyfile Specifies the location of the key file for encryption.
-rxbufsize Sets the size of the receive socket buffer.
-txbufsize Sets the size of the transmit socket buffer.
-version Displays version information.

big3d_restart

The big3d_restart script corresponds to the Restart big3d item on the 3DNS Maintenance menu. This script stops and restarts the big3d utility on each BIG/ip Controller that is listed in the bigips.txt file.

dynamic_wideip

This script puts the 3DNS Controller into dynamic mode for wideip.conf. The script is also available on the 3DNS Maintenance menu as the Use Dynamic wideip.conf command.

The script first dumps the named cache; if the dump fails, the 3DNS Controller prompts you to choose whether to continue the script or exit the script. We recommend that you exit the script if this error occurs. Once the dump is complete, one of the following events happens:

  • If you are switching the 3DNS Controller from Initial mode to Dynamic mode, the script backs up the /etc/wideip.conf file to /var/3dns/etc/wideip.conf.ORIG, and changes /etc/wideip.conf to link to /var/3dns/etc/wideip.conf.dynamic.
  • If you are switching the 3DNS Controller from Static mode to Dynamic mode, the script simply changes /etc/wideip.conf to link to /var/3dns/etc/wideip.conf.dynamic. (In Static mode, the link points to /var/3dns/etc/wideip.conf.static.)

Note: Running this script while the system is already in dynamic mode is ineffective, and does not change the state of the system.

edit_wideip

The edit_wideip script corresponds to the Edit 3DNS Configuration item on the 3DNS Maintenance menu. This script opens the current wideip.conf file in pico and allows you to edit it.

In Initial mode, the script edits /etc/wideip.conf. In either Dynamic or Static mode, the script first dumps the named cache; if the dump fails, the 3DNS Controller prompts the user to choose whether to continue the script or exit the script (we recommend that you exit the script if this error occurs). Once the dump is complete, the script opens /var/3dns/etc/wideip.conf.static (even if in dynamic mode) for editing in pico or vi. Once the edits are completed and you close the text editor, wideip.conf.static is read as a command to reload into named.

install_key and F5makekey

The install_key script corresponds to the Generate and Copy F5 iQuery Encryption Key item on the 3DNS Maintenance menu. This script starts the F5makekey script and generates a seed key for encrypting communications between the 3DNS Controller and BIG/ip Controller. The install_key script creates and distributes the iQuery key to all BIG/ip Controllers and other 3DNS Controllers on your network.

Note: This script is not available in the international version of 3DNS Controller.

To start the F5makekey script, type the following from /usr/contrib/bin:

f5makekey

The seed value is located in /etc/F5key.dat and contains a random length (12-52) of random content (1-255), created by F5makekey. This array of values is used by MD-160, a one-way hash function, to generate a key (20 characters in length) for the Blowfish encryption algorithm.

print_3dvips

The print_3dvips script corresponds to the Fetch BIG/ip Configuration item on the 3DNS Maintenance menu. This script reads the list of defined BIG/ip Controllers in the bigips.txt file, then retrieves and saves a list of all the virtual servers owned by the listed BIG/ip Controllers. The print_3dvips script saves the list of virtual servers in a format that is acceptable by the 3DNS Controller and /etc/wideip.conf.

The generated list is saved in a file called /etc/bigip.lst, and is useful in configuring the bigip statement in your wideip.conf file. See page 4-5 .

Note: This script is not available in the international version of 3DNS Controller.

static_wideip

This script puts the 3DNS Controller into Static mode for wideip.conf. The script is also available on the 3DNS Maintenance menu as the Use Static wideip.conf command.

The script first dumps the named cache; if the dump fails, the 3DNS Controller prompts you to choose whether to continue the script or exit the script. We recommend that you exit the script if this error occurs. Once the dump is complete, one of the following events happens:

  • If you are switching the 3DNS Controller from Initial mode to Static mode, the script backs up the /etc/wideip.conf file to /var/3dns/etc/wideip.conf.ORIG, and changes /etc/wideip.conf to link to /var/3dns/etc/wideip.conf.static.
  • If you are switching the 3DNS Controller from Dynamic mode to Static mode, the script simply changes /etc/wideip.conf to link to /var/3dns/etc/wideip.conf.static. (In Dynamic mode, the link points to /var/3dns/etc/wideip.conf.dynamic.)

Note: Running this script while the system is already in Static mode does not change the state of the system.