Manual Chapter : 3-DNS Module for BIG-IP Adminstrator guide, v4.0: Administration and Monitoring

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.0 PTF-01, 4.0.0
Manual Chapter


6

Administration and Monitoring



Monitoring and administration utilities provided on the 3-DNS Controller

The 3-DNS Controller provides utilities for monitoring and administration. You can perform configuration tasks, and monitor system statistics for all components of the 3-DNS Controller.

The 3-DNS Controller provides the following configuration, monitoring, and administration utilities:

  • Configuration utility
    The Configuration utility is a browser-based application you can use to configure and monitor the 3-DNS Controller. The Configuration utility supports Netscape Navigator, version 4.5 or later, and Internet Explorer, version 4.02 or later.
  • 3-DNS Maintenance menu
    The 3-DNS Maintenance menu is a command line utility you can use to configure the 3-DNS Controller. Use the 3-DNS Maintenance menu to simplify certain tasks such as updating the big3d agent and editing the wideip.conf file.
  • MindTerm SSH Console
    The MindTerm SSH Console is a secure shell tool that you can use, from the Configuration utility, to view the command line utility from a web browser.
  • Network Map
    The Network Map is an interactive screen, in the Configuration utility, where you can view your physical and logical configurations simultaneously.
  • Statistics screens
    Using the Statistics screens in the Configuration utility, you can view a myriad of performance and metrics details about the 3-DNS Controller, the servers and the virtual servers it manages, and the load balancing it performs.

Working with the 3-DNS Maintenance menu

You can use the 3-DNS Maintenance menu to configure and monitor the 3-DNS Controller from the command line.

You can use the 3-DNS Maintenance menu to perform the following types of manual configuration tasks:

  • Edit the wideip.conf configuration file
  • Edit BIND configuration files
  • View statistics
  • Work with the big3d agent
  • Manage synchronized files
  • Work with security issues
  • Configure the 3-DNS web server
  • Work with syncd
  • Configure NTP
  • Configure NameSurfer

Warning: If you use the browser-based NameSurfer application, you cannot use the Edit BIND Configuration command on the 3-DNS Maintenance menu to configure your DNS zone files. For more information on managing your zone files, please refer to Planning DNS zone file management, on page 2-9 .

Figure 6.1 shows the main screen of the 3-DNS Maintenance menu.

Figure 6.1 3-DNS Maintenance menu main screen

  3 D N S(®)  Maintenance Menu     

Configure SSH communication with remote devices
Generate and Copy iQuery Encryption Key
Check remote versions of big3d
Edit big3d matrix
Install and Start big3d
Edit BIND Configuration
Edit 3-DNS Configuration
Backup the 3-DNS Controller
Restore a 3-DNS Controller from a backup
Synchronize Metrics Data
Restart big3d
Reconfigure 3-DNS Configuration Utility
Restart 3-DNS Configuration Utility
Change/Add Users for 3-DNS Configuration Utility
Dump 3dnsd Statistics
Stop syncd
Restart syncd
Configure connection to NTP time server
Configure NameSurfer(TM)
Enter 'q' to Quit

To use the 3-DNS Maintenance menu from the command line

  1. On the command line, type the following command to open the menu:

    3dnsmaint

  2. From the menu, choose the command to you wish to run, and press the Enter key.

    Each command is described in the following sections.

Configuring zone files and wide IPs

We recommend that you use NameSurfer to configure BIND zone files, and that you use the Configuration utility to configure wide IPs. However, if you choose to edit the BIND zone files and the 3-DNS Controller configuration files from the command line, use the following commands.

Edit BIND Configuration

The Edit BIND Configuration command opens the named.conf file for editing.

Warning: Use this command only if you are performing all configuration tasks from the command line. It is important that you do not use this command if you are using NameSurfer.

Edit 3-DNS Configuration

The Edit 3-DNS Configuration command runs the edit_wideip script, which performs the following tasks:

  • Opens the wideip.conf file for editing
  • Copies the wideip.conf file to all other 3-DNS Controllers in the local 3-DNS Controller's sync group
  • Restarts 3dnsd

Viewing statistics

From the Maintenance menu, use the Dump 3dnsd Statistics command to view various 3-DNS Controller statistics. The Dump 3dnsd Statistics command corresponds to the 3dprint script, which lets you view the following statistics screens at the command line:

  • 3-DNS
    This object displays statistics about each 3-DNS Controller in your network. The statistics include such things as whether the controller is enabled or disabled, the number of packets per second traveling in and out of the 3-DNS Controller during the last sample period, the name of the sync group to which each 3-DNS Controller belongs, and so on.
  • BIG-IP
    This object displays statistics about all BIG-IP Controllers known to the 3-DNS Controller. The statistics include such things as the number of virtual servers each BIG-IP Controller manages, the number of times the 3-DNS Controller resolves requests to those virtual servers, and more.
  • EDGE-FX
    This object displays statistics about all EDGE-FX Caches known to the 3-DNS Controller. The statistics include such things as the number of virtual servers each EDGE-FX Cache manages, the number of times the 3-DNS Controller resolves requests to those virtual servers, and more.
  • Hosts
    This object displays statistics about all hosts known to the 3-DNS Controller, such as the number of times the 3-DNS Controller resolves requests to the host, and the number of virtual servers that the hosts manage.
  • Virtual Servers
    This object displays statistics about BIG-IP Controller, EDGE-FX Cache, and host virtual servers; the statistics include such things as the server state, and the number of times it has received resolution requests.
  • Paths
    This object displays path statistics such as round trip time, packet completion rate, the remaining time to live (TTL) before a path's metric data needs to be refreshed, and so on.
  • Local DNS
    This object displays statistics collected for LDNS servers: the number of resolution requests received from a given server, the current protocol used to probe the server, and more.
  • Wide IPs
    This object displays statistics about each wide IP defined on the 3-DNS Controller. The statistics include such things as load balancing information, the remaining time to live (TTL) before the wide IP's metrics data needs to be refreshed, and so on.
  • Globals
    This object displays statistics about the globals sub-statements. The statistics include such things as the current and default values for each of the globals sub-statements, and whether you have to restart 3dnsd when you make changes to the parameters.
  • Summary
    This object displays summary statistics such as the 3-DNS Controller version, the total number of resolved requests, and the load balancing methods used to resolve requests.
  • Data Centers
    This object displays statistics about the data centers and their servers in your network. The statistics include such things as the names of the data centers, the name or IP address of the servers in the data center, and whether the data center is enabled or disabled.
  • Sync Groups
    This object displays statistics about each sync group in your network. The statistics include such things as the name of the sync group, whether 3dnsd is running on each 3-DNS Controller, whether the big3d agent is running on each 3-DNS Controller, the name and IP address of the 3-DNS Controller, and whether the 3-DNS Controller is a principal or receiver.

    To view more statistics information, expand the Statistics item on the navigation pane in the Configuration utility.

Working with the big3d agent

You can use the following commands to work with the big3d agent, which collects information about paths between a data center and a specific local DNS server.

Check big3d versions

The Check remote versions of big3d command runs the big3d_version script. This script checks that the correct version of big3d is running on all BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers known to the 3-DNS Controller.

Edit big3d matrix

The Edit big3d matrix command opens an editable file that lists version numbers, and the appropriate big3d agent, for all BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers known to the 3-DNS Controller.

You do not need to edit this file unless a new version of BIG-IP Controller, EDGE-FX Cache, or GLOBAL-SITE Controller creates a conflict. If this happens, you need to place a new version of the big3d agent on all affected servers.

The Install and Start big3d command uses the matrix file to determine which version of the big3d agent to transfer to the BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers.

Install and Start big3d

The Install and Start big3d command runs the big3d_install script, which installs and starts the appropriate version of the big3d agent on each BIG-IP Controller, EDGE-FX Cache, and GLOBAL-SITE Controller in the network.

Restart big3d

The Restart big3d command runs the big3d_restart script, which stops and restarts the big3d agent on each BIG-IP Controller, EDGE-FX Cache, and GLOBAL-SITE Controller.

Managing synchronized files

You can use the following commands to copy metrics data to a new 3-DNS Controller, to archive synchronized files, or to retrieve an archive.

Synchronize Metrics Data

The Synchronize Metrics Data command runs the 3dns_sync_metrics script, which prompts you to copy metrics data from a remote 3-DNS Controller to the local 3-DNS Controller.

You should use this command only when you are configuring a new 3-DNS Controller in a network that already contains 3-DNS Controllers.

Working with security issues

You can use the following commands to address security issues for your network setup.

Configure SSH communication with remote devices

The Configure SSH communication with remote devices command runs the config_ssh script, which configures secure shell access to any new 3-DNS Controller, BIG-IP Controller, EDGE-FX Cache, or GLOBAL-SITE Controller that is added to a network.

For more information, see Chapter 9, Scripts, and Chapter 12, Utilities, in the 3-DNS Reference Guide.

Generate and Copy Encryption iQuery Key

The Generate and Copy iQuery Encryption key command runs the install_key script, which then runs the F5makekey program. The F5makekey program generates a seed key for encrypting communications between the 3-DNS Controller and BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers.

For more information, see Chapter 9, Scripts, and Chapter 12, Utilities, in the 3-DNS Reference Guide.

Note: This command is not available in the non-crypto version of the 3-DNS Controller.

Configuring the 3-DNS Configuration utility

You can use the following commands to configure the 3-DNS Configuration utility, which is hosted by the 3-DNS web server.

Reconfigure 3-DNS Configuration Utility

The Reconfigure 3-DNS Configuration Utility command runs the config_httpd script, which lets you make configuration changes to the 3-DNS web server.

Restart 3-DNS Configuration Utility

The Restart 3-DNS Configuration Utility command runs the 3dns_admin_start script, which restarts the 3-DNS web server.

Change/Add Users for 3-DNS Configuration Utility

The Change/Add Users for 3-DNS Configuration Utility command runs the 3dns_web_passwd script, which lets you provide one of three levels of access to the 3-DNS Configuration utility for selected users only, and assign passwords for those users. The three levels of user access are:

  • Read-only
    Users with this level of access can only view the configuration and statistics information in the Configuration utility.
  • Partial read/write
    Users with this level of access can view configuration and statistics information in the Configuration utility. They can also enable and disable objects in the configuration.
  • Full read/write
    Users with this level of access have full administrative access to all components of the Configuration utility.

    You can also add, remove, and modify users and their administrative access levels using the Configuration utility. For more information, please see Adding users for the Configuration utility, on page 6-12 .

Working with syncd

You can use the following commands to work with syncd, the synchronization daemon that runs on all 3-DNS Controllers. The function of syncd is to update and synchronize all 3-DNS Controller configuration files.

Stop syncd

The Stop syncd command runs the syncd_stop script, which stops the syncd daemon, if it is running.

Restart syncd

The Restart syncd command runs the syncd_start script, which restarts the syncd daemon if it is already running, or starts it if it is not.

Configuring NTP

The 3-DNS Controllers in a network must have their time synchronized to within a few seconds of each other. If you do not synchronize the controllers, it is done by default through iQuery messages exchanged between 3-DNS Controllers. However, the following command allows much more precise time synchronization between the 3-DNS Controllers.

Configure Connection to NTP Time Server

The Configure Connection to NTP Time Server command allows the 3-DNS Controller to synchronize its time to a public NTP (Network Time Protocol) server on the Internet. To simplify the task of choosing the best time server, this command has a list of regional time servers built into it. A 3-DNS Controller is not required to have NTP configured; depending on the network configuration, it may not be possible to configure NTP (for example, if the 3-DNS Controller is behind a firewall and the firewall does not pass NTP packets).

Configuring NameSurfer

You can use the following command to have NameSurfer handle DNS zone file management on the 3-DNS Controller.

Configure NameSurfer

The Configure NameSurfer command makes NameSurfer the master on the 3-DNS Controller, and NameSurfer then handles the zone file management, dealing with all changes and updates to the zone files. Note that configuring NameSurfer as the master is an optional setting. You can access the NameSurfer application in the Configuration utility by clicking NameSurfer in the navigation pane.

Warning: If you do not set NameSurfer to be the master for your wide IP zones, you must maintain all of your zone file information manually.

Managing users on the 3-DNS Controller

The First-Time Boot utility prompts you to define a password that allows remote access to the 3-DNS Controller, and also prompts you to define a user name and password for the 3-DNS web server, which hosts the Configuration utility. You can change these passwords at any time.

Changing the root password

The root password is the password that allows access to the 3-DNS Controller itself, at the command line.

To change the root password for command line access

  1. At the 3-DNS Controller command line, log in as root and use the passwd command.
  2. At the password prompt, type the password you want to use for the 3-DNS Controller and press Enter.
  3. To confirm the password, retype it and press Enter.

Adding users for the Configuration utility

You can create new users for the Configuration utility, change a password for an existing user, or recreate the password file altogether, without actually going through the 3-DNS web server configuration process. (The 3-DNS web server hosts the Configuration utility.) You can also modify a user's administrative access level for the Configuration utility. The three level of user access are:

  • Read-only
    Users with this level of access can only view the configuration and statistics information in the Configuration utility.
  • Partial read/write
    Users with this level of access can view configuration and statistics information in the Configuration utility. They can also enable and disable objects in the configuration.
  • Full read/write
    Users with this level of access have full administrative access to all components of the Configuration utility.

To change or add user information using the Configuration utility

  1. In the navigation pane, click User Admin.
    The User Administration screen opens.
  2. Add the user administration settings. For help on configuring the settings, click Help on the toolbar.

To change or add user information from the command line

  1. At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
  2. On the 3-DNS Maintenance menu, select the Change/Add Users for 3-DNS Configuration Utility command.

To create new users and change passwords for existing users from the command line

The following command creates a new user ID, or changes the password for an existing user ID. In place of the <username> parameter, type the user ID for which you want to create a password:

/usr/local/bin/htpasswd /config/httpd/users \ <username>

Once you enter the command, you are prompted to type the new password for the new user.

To create a new password file from the command line

The following command recreates the Configuration utility password file, and defines one new user ID and password. In place of the <username> parameter, type the user ID that you want to create:

/usr/local/htpasswd -c /config/httpd/users \ <username>

Once you enter the command, you are prompted to type the new password for the new user.

Using the MindTerm SSH Console

With the MindTerm SSH Console, you can open an SSH session for the 3-DNS Controller from the Configuration utility. The crypto 3-DNS Controller uses the MindTerm SSH client to enable secure command line administration. You can perform any of the command line tasks in a popup console screen.

Warning: The MindTerm SSH client requires a Java virtual machine to operate. If you are unable to run the MindTerm SSH client, make sure that you have a Java virtual machine installed and that your browser has Java enabled in the Preferences, or Options, section. For more information on Java virtual machines and download options, visit your web browser manufacturer's web site.

To open the MindTerm SSH Console using the Configuration utility

  1. In the navigation pane, click MindTerm SSH Console.
    A popup console opens.
  2. When you see the command prompt, press Enter.
  3. Log in to the controller as you normally would.

    Note: When you use the MindTerm SSH Console, you can only administer the local 3-DNS Controller. If you wish to administer remote controllers, you do so using an SSH or Telnet session from the command line on the local controller.

Using the Network Map

The Network Map is a dynamic, illustrative map of the physical and logical components of your network. The Network Map lets you see how the data centers, servers, and virtual servers you configured are mapped to the wide IPs and pools you configured. You can also make changes to your configuration from the Network Map, using the following options:

  • You can double-click any object name on the Network Map to expand the object.
  • You can right-click any object name to view a popup menu of configuration options for that object.

To view the Network Map using the Configuration utility

  1. In the navigation pane, click Network Map.
    The Network Map screen opens.
  2. To see the relationships between the components, double-click the component. The tree expands and the component is highlighted (in blue).
  3. To modify a component, right-click the component to view a popup menu, then select the item you want to change.
  4. You can also click the name of the component in the status bar in the lower portion of the screen to edit the component's configuration.

    For more information on the features of the Network Map, click Help on the toolbar.

Warning: The Network Map requires a Java virtual machine to operate. If you are unable to view the Network Map, make sure that you have a Java virtual machine installed and that your browser has Java enabled in the Preferences, or Options, section. For more information on Java virtual machines and download options, visit your web browser manufacturer's web site.

Viewing system statistics

Using the Configuration utility, you can view current statistics about the following objects in the configuration:

Configuration utility Statistics screens
Statistics Item Description
Summary This statistics screen provides information about the 3-DNS Controller itself.
Globals This statistics screen provides information on the global settings for the 3-DNS Controller.
Disabled objects This statistics screen provides information on the servers and virtual servers that you have disabled.
Metrics This statistics screen provides performance information for the servers and virtual servers you have configured.
Dynamic persistence requests This statistics screen provides information on the virtual connections between local DNS servers and virtual servers for given wide IPs in the network.
Data centers This statistics screen provides information on the data centers in your network.
Sync groups This statistics screen provides information on the 3-DNS Controllers that are in the same sync group as the controller you are looking at.
Wide IPs This statistics screen provides information on the wide IPs and pools you configured.
ECV This statistics screen provides performance information for any ECV health monitors you have configured.
3-DNS Controllers This statistics screen provides information on the 3-DNS Controllers you have configured.
BIG-IP Controllers This statistics screen provides information on the BIG-IP Controllers you have configured.
EDGE-FX Caches This statistics screen provides information on the EDGE-FX Caches you have configured.
Probers This statistics screen provides information on the probers you have configured.
Hosts This statistics screen provides information on the hosts you have configured.
Virtual servers This statistics screen provides information on the virtual servers you have configured.
Paths This statistics screen provides information on the paths created by the 3-DNS Controller when paths are required to fulfill name resolution requests.
Local DNS servers This statistics screen provides information on the local DNS servers in the 3-DNS Controller's database.

To view system statistics

  1. In the navigation pane, expand the Statistics item.
  2. From the list, select the item representing the statistics you wish to view.
  3. For details about the information displayed on a specific statistics screen, click Help on the toolbar.