Applies To:Show Versions
3-DNS Controller versions 1.x - 4.x
- 3.0 PTF-02, 3.0 PTF-01, 3.0.0
Working with the First-Time Boot Utility
The First-Time Boot utility is a wizard that walks you through a brief series of required configuration tasks, such as defining a root password and configuring IP addresses for the network interfaces. Once you complete the First-Time Boot utility, you can connect to the 3-DNS Controller from a remote workstation or a web browser and begin configuring your load balancing setup.
The First-Time Boot utility is organized into three phases: configure, confirm, and commit. Each phase walks you through a series of screens, so that you can configure the following settings:
- Root password
- Host name (FQDN)
- Default route (typically a router's IP address)
- Time zone
- NTP clocks
- Settings for the network interface(s)
- Configuration for 3-DNS Controller redundant systems (fail-over IP address)
- Settings for remote administration
- Settings for the 3-DNS web server
- Settings for the NameSurfer application
- Settings for optional technical support access
First, you configure all of the required information. Next, you have the opportunity to correct, if necessary, and confirm each individual setting that you have configured. Last, your confirmed settings are committed and saved to the system. Note that the screens you see are tailored to your specific hardware and software configuration. For example, if you have a stand-alone system, the First-Time Boot utility skips the redundant system screens.
Before you run the First-Time Boot utility on a specific 3-DNS Controller, you should have the following information ready to enter:
- Passwords for the root system, for the 3-DNS web server, and for technical support access (optional)
- Host names for the root system and the 3-DNS web server
- A default route (typically a router's IP address)
- Settings for the network interfaces, including IP addresses, media type, and custom netmask and broadcast addresses
- Configuration information for redundant systems, including the IP addresses of the individual controllers, and an IP address for the shared IP alias
- The IP address or IP address range for remote administrative connections
When you run the First-Time Boot utility on a non-crypto 3-DNS Controller, a controller that does not use encrypted communications, certain screens are different from those shown when you run the First-Time Boot utility on a crypto 3-DNS Controller, a controller that uses encrypted communications.
- On crypto 3-DNS Controllers, the First-Time Boot utility prompts you to choose either SSH or RSH for remote, secure connections. We recommend that you configure an administrative IP address from which the 3-DNS Controller accepts SSH connections.
- On non-crypto 3-DNS Controllers, the First-Time Boot utility prompts you can only configure an administrative IP address from which the 3-DNS Controller accepts RSH connections.
The 3-DNS Controller stores the administrative IP address for RSH connections in the /etc/hosts.allow file. Note that storing the administrative IP address in the /etc/hosts.allow file may differ slightly from other common RSH configurations, where it is often stored in the /etc/hosts.equiv file.
Note: If you have both crypto and non-crypto F5 Networks devices in your network, including 3-DNS Controllers, BIG-IP Controllers, or EDGE-FX Caches, and you are setting up a crypto 3-DNS Controller, you need to configure the controller so that it accepts RSH and RCP connections. For more information on configuring RSH and RCP on crypto controllers, see Enabling remote login tools, on page 4-1 .
The First Time Boot utility starts automatically when you turn on the 3-DNS Controller (the power switch is located on the front of the controller). The first screen the controller displays is the License Agreement screen. You must scroll through the screen, read the license, and accept the agreement before you can move to the next screen. If you agree to the license statement, the next screen you see is the Welcome screen. From this screen, simply press any key on the keyboard to start the First-Time Boot utility, and then follow the instructions on the subsequent screens to complete the process.
A root password allows you administrative access to the 3-DNS Controller. The root password must contain a minimum of 6 characters, but no more than 32 characters. Passwords are case-sensitive, and we recommend that your password contain a combination of uppercase and lowercase characters, as well as punctuation characters. Once you enter a password, the First-Time Boot utility prompts you to confirm your root password by typing it again. If the two passwords match, your password is immediately saved. If the two passwords do not match, you receive an error message asking you to re-enter your password.
Warning: The root password is the only setting that is saved immediately, rather than confirmed and committed at the end of the First-Time Boot utility process. You can change the root password after the First-Time Boot utility completes and you reboot the 3-DNS Controller (see the 3-DNS Controller Administrator Guide, Chapter 6, Monitoring and Administration, for more information). You can change other system settings when the First-Time Boot utility prompts you to confirm your configuration settings.
The host name identifies the 3-DNS Controller itself. Host names must be in the format of a fully-qualified domain name. Host names may contain letters, numbers, and the symbol for dash ( - ), however, they may not contain spaces. For example, if the controller's label is controller1, then you define the host name as controller1.yourdomain.com.
If a 3-DNS Controller does not have a predefined static route for network traffic, the controller automatically sends traffic to the IP address that you define as the default route. Typically, a default route is set to a router's IP address.
Configuring a time zone ensures that the clock for the 3-DNS Controller is set correctly, and that dates and times recorded in log files correspond to the time zone of the system administrator. Scroll through the time zone list to find the zone closest to your location. Note that one option may appear with multiple names.
You can synchronize the time on your 3-DNS Controller to a public time server by using Network Time Protocol (NTP). NTP is built on top of TCP/IP and assures accurate, local timekeeping with reference to clocks located on the Internet. This protocol is capable of synchronizing distributed clocks, within milliseconds, over long periods of time. If you choose to enable NTP, make sure UDP port 123 is open in both directions when the 3-DNS Controller is behind a firewall.
When you configure the interfaces on your 3-DNS Controller, you have several options based on whether you are configuring a redundant system, and whether you are configuring the internal or external interface. On the Configure 3-DNS Interfaces screen, select Yes, it is a redundant 3-DNS System, if you have a redundant system. Otherwise, select No, it is not a redundant 3-DNS System. The subsequent configuration screens vary based on your selection.
Note: Please note that if you are configuring a redundant system, you need to select a unit ID, and configure a shared IP alias for the redundant pair, in addition to configuring the interfaces themselves.
Selecting a unit ID for redundant systems
If you are configuring a redundant system, the First-Time Boot utility prompts you to provide a unit ID and an IP address for fail-over for the 3-DNS Controller. The default unit ID number is 1. If you are configuring the first controller in the redundant system, use the default. When you configure the second controller in the redundant pair, type 2. These unit IDs are used for active-active redundant controller configuration.
Configuring the shared IP alias for redundant systems
If you have a redundant system, you are also prompted to provide the IP address that serves as an IP alias for both 3-DNS Controllers. The IP alias is shared between the units, and is used only by the currently active machine. Each controller uses unique IP addresses on its network interface card(s). The First-Time Boot utility guides you through configuring the interfaces, based on your hardware configuration.
- Stand-alone controllers
On stand-alone controllers, you enter IP addresses in the following order: primary Ethernet interface IP address, secondary Ethernet interface IP address.
- Redundant systems
On redundant systems, you enter IP addresses in the following order: primary Ethernet interface IP address, primary shared alias, secondary Ethernet interface IP address, secondary shared alias.
The Select Interface screen shows a list of the installed interfaces. You must configure the primary Ethernet interface, but you need to configure the secondary Ethernet interface only if you want to have two independent network access paths to the 3-DNS Controller.
Warning: The First-Time Boot utility lists only the network interface cards that it detects during boot up. If the utility lists only one interface card, the network adapter may have come loose during shipping. Check the LED indicators on the network adapters to ensure that they have properly detected the 3-DNS Controller media that should be installed.
Select the Ethernet interface you want to configure, and press Enter (the primary Ethernet interface is typically labeled fxp0). The utility prompts you for the following information, in many cases offering you a default:
- IP address
Note that the 3-DNS Controller uses a default netmask appropriate to the subnet indicated by the IP address. The default netmask is shown in brackets at the prompt.
- Broadcast address
The default broadcast address is a combination of the IP address and the netmask. The default broadcast address is shown in brackets at the prompt.
- Primary shared IP alias (redundant systems only)
- Peer IP address (redundant systems only)
The peer IP address is the IP address of the other controller that runs in the redundant system. The 3-DNS Controller uses the specified peer IP address to communicate with the second controller.
- Media type for primary Ethernet interface
The media type options depend on the network interface card included in your hardware configuration. The 3-DNS platform supports the following types:
- Gigabit Ethernet
When you configure remote administration, the screens that you see vary, depending on whether you have a crypto 3-DNS Controller, or a non-crypto 3-DNS Controller.
- On crypto 3-DNS Controllers, the first screen you see is the Configure SSH screen, which prompts you to type an address for ssh command line access. The next screen you see is the Configure RSH screen. We recommend that you enable SSH remote administrative access, and disable RSH remote administrative access.
- On non-crypto 3-DNS Controllers that do not have SSH, the First-Time Boot utility displays only the Configure RSH screen.
The First-Time Boot utility prompts you to enter a single IP address or a range of IP addresses, from which the 3-DNS Controller can accept administrative connections (either remote shell connections, or connections to the 3-DNS web server). To specify a range of IP addresses, you can use the asterisk (*) as a wildcard character in the IP addresses.
The following example allows remote administration from all hosts on the 192.168.2.0 network:
Tip: For 3-DNS Controllers, you must configure command line access. If you do not configure command line access, the 3-DNS Controllers cannot communicate with each other, and they cannot properly exchange configuration information.
The 3-DNS web server requires that you define a domain name for the server. The 3-DNS web server configuration requires that you define a user ID and password. On crypto 3-DNS Controllers, the configuration also generates certificates for authentication.
The First-Time Boot utility guides you through a series of screens to set up web server access:
- The first screen prompts you to enter a fully-qualified domain name. The default is the host name that you entered at the beginning of the First-Time Boot utility.
- The next web server screen prompts you for a user name and a password. The password does not show on screen as you type it. The utility prompts you to enter the password again for confirmation purposes.
- The final screen prompts you to specify whether you want to allow F5 technical support to have access to the web server.
- The certification screen prompts you to enter the country, state, city, company, and division information used for the authentication certificate (crypto 3-DNS Controllers only).
Warning: If you ever change the IP addresses or host names on the 3-DNS Controller interfaces, you need to reconfigure the 3-DNS web server to reflect your new settings. You can run the re-configuration utility from the command line using the following command:
If you wish to create a new password for the 3-DNS web server, delete the /var/f5/httpd/basicauth/users file before running the config_httpd utility. If this file is missing from the configuration, the utility prompts you for both user ID and password information.
You can also add users to the existing password file, change a password for an existing user, or recreate the password file, without actually going through the 3-DNS web server configuration process. For more information, see Utilities in the 3-DNS Controller Reference Guide.
Warning: If you have modified the 3-DNS web server configuration outside of the Configuration utility, be aware that some changes may be lost when you run the config_httpd utility. This utility overwrites the httpd.conf file, and several other files, but it does warn you before doing so.
Note that if you are defining a redundant system (either 3-DNS Controllers or BIG-IP Controllers), you need to enter the IP address of the controller, as well as the shared IP alias for each interface on the controller. You also need to choose whether the current 3-DNS Controller will be a principal member or a receiver member of a sync group. A sync group is a group of two or more 3-DNS Controllers that share the same configuration information by staying synchronized with the principal controller. For more information, see Chapter 9, Sync Groups, in the 3-DNS Controller Reference Guide.
In the final series of screens, you choose whether to have NameSurfer handle DNS zone file management on the current 3-DNS Controller. We strongly recommend that you configure NameSurfer to handle zone file management by selecting NameSurfer to be the master on the 3-DNS Controller. If you select NameSurfer as the master, NameSurfer converts the DNS zone files on the controller and handles all changes and updates to these files. (You can access the NameSurfer application directly from the Configuration utility).
At this point, you have entered all the configuration information, and now you confirm each setting. Each confirmation screen displays a setting and prompts you to either accept or re-enter it. If you choose to edit the setting, the utility displays the original configuration screen in which you defined the setting the first time. When you finish editing the item, you return directly to the Confirmation screen for that item, and continue the confirmation process. Note that once you accept a setting in the Confirmation screen, you do not have another opportunity to review it.
You confirm or edit the settings in the same order that you configured them:
- Confirm host name
- Confirm default route
- Confirm time zone
- Confirm all interface settings
- Confirm administrative IP address
- Confirm web server options
- Confirm NameSurfer options
Once you have confirmed the last setting, the First-Time Boot utility moves directly into the commit phase, where you are not able to make any changes.
Once you confirm all of the configuration settings, the configuration utility saves the configuration settings. During this commit process, the First-Time Boot utility creates the following files and tables:
- An /etc/hosts.allow file
This file stores the IP address, or IP address range, from which the 3-DNS Controller accepts administrative connections.
- An /etc/rc.conf file
- An /etc/hosts file
- A sample wideip.conf file
- A /var/3dns/etc/remote.data file
- A topology.inc file
- A /var/f5/httpd/conf/httpd.conf file
If you want to change any information in these files at a later time, you can edit the files directly, change the information in the web-based Configuration utility, or change certain settings using command line utilities. If necessary, you can also re-run the First-Time Boot utility.