Applies To:Show Versions
3-DNS Controller versions 1.x - 4.x
- 4.2 PTF-10, 4.2 PTF-09, 4.2 PTF-08, 4.2 PTF-07, 4.2 PTF-06, 4.2 PTF-05, 4.2 PTF-04, 4.2 PTF-03, 4.2 PTF-02, 4.2 PTF-01, 4.2.0
Setting Up the Hardware
- Unpacking and installing the hardware
- Addressing hardware configuration issues
- Setting up automatic DNS zone file management
- Preparing workstations for command line access
- Using a serial terminal
- Configuring Sendmail
- Shutting down the 3-DNS
Unpacking and installing the hardware
Regardless of the configuration you intend to use, you need to completely install the 3-DNS hardware. This chapter reviews the hardware requirements, introduces the hardware, notes the environmental issues, and gives procedures for installing the hardware. It also provides basic information about configuration and management issues for redundant systems, multiple network interfaces, and DNS zone files.
The two basic tasks you must complete to get the 3-DNS installed and set up are as follows:
- Connect the peripheral hardware and connect the 3-DNS to the network.
- Turn the system on and run the Setup utility.
The Setup utility is a wizard that helps you configure basic system elements such as administrative passwords, IP addresses, and host names for both the root system and the 3-DNS web server. For more information on configuring your 3-DNS, see Chapter 4, Working with the Setup Utility .
Reviewing the hardware requirements
The 3-DNS comes with the hardware you need for installation and maintenance. However, you must provide standard peripheral hardware, such as a keyboard and monitor or serial terminal.
Hardware provided with the 3-DNS
When you unpack the 3-DNS, make sure the following components are included:
- One power cable
- One PC/AT-to-PS/2 keyboard adapter
- Four rack-mounting screws
- One extra fan filter
- One 3-DNS Administrator Kit, which includes the 3-DNS Software and Documentation CD-ROM, the hardware poster, and the Configuration Worksheet.
If you purchase a hardware-based redundant system, you also receive one fail-over cable to connect the two units together (network-based redundant systems do not require a fail-over cable).
Peripheral hardware that you provide
For each 3-DNS in the system, you need to provide the following peripheral hardware:
- Standard input/output hardware for direct administrative access to the 3-DNS. Either of the following options is acceptable:
- VGA monitor and PC/AT-compatible keyboard
- Serial terminal and a null modem cable. (See Using a serial terminal, on page 3-6 , for serial terminal configuration information.)
- Network hubs, switches, or concentrators to connect to the 3-DNS network interfaces. The devices you select must be compatible with the network interface cards installed in the 3-DNS. The devices can support 10/100 Ethernet or Gigabit Ethernet. Note that for Ethernet, you need either a 10Mb/sec or 100 Mb/sec hub or switch.
If you plan on performing remote administration from your own PC workstation, as most users do, we recommend that you have your workstation already in place. Keep in mind that the Setup utility prompts you to enter your workstation's IP address when you set up remote administrative access.
Familiarizing yourself with the 3-DNS hardware
The 3-DNS is offered in a 2U hardware configuration. Before you begin to install the 3-DNS, you may want to quickly review the hardware poster that illustrate the controls and ports on the front and the back of a 2U 3-DNS.
Environmental requirements and usage guidelines
A 3-DNS is an industrial network appliance, designed to be mounted in a standard 19-inch rack. To ensure safe installation and operation of the unit:
- Install the rack according to the manufacturer's instructions, and check the rack for stability before placing equipment in it.
- Build and position the rack so that once you install the 3-DNS, the power supply and the vents on both the front and back of the unit remain unobstructed. The 3-DNS must have adequate ventilation around the unit at all times.
- Do not allow the air temperature in the room to exceed 40° C (104° F).
- Do not plug the unit into a branch circuit shared by more electronic equipment than the circuit is designed to manage safely at one time.
- Verify that the voltage selector is set appropriately before connecting the power cable to the unit.
Guidelines for DC-powered equipment
A DC-powered installation must meet the following requirements:
- Install the unit using a 20 Amp external branch circuit protection device.
- For permanently connected equipment, incorporate a readily- accessible disconnect in the fixed wiring.
- Use only copper conductors.
Installing and connecting the hardware
There are six basic steps to installing the hardware. You simply need to install the system in the rack, connect the peripheral hardware and the external and internal interfaces, and then connect the fail-over and power cables. If you have a unit with three or more network interface cards (NICs), be sure to review step 3.
Warning: Do not turn on a 3-DNS until all peripheral hardware is connected to the unit.
To install the hardware
- Mount the 3-DNS on the rack and secure it using the four rack-mounting screws that are provided.
- Connect the hardware that you have chosen to use for input/output:
- If you are using a VGA monitor and keyboard, connect the monitor connector cable to the video port and connect the keyboard connector cable to the keyboard port. Note that a PC/AT-to-PS/2 keyboard adapter is included with each 3-DNS (see the component list on page 3-1 ).
- Optionally, if you are using a serial terminal as the console, connect the serial cable to the serial terminal port.
- Connect the external interface to the network from which the 3-DNS receives connection requests.
If you have purchased a unit with three or more network interface cards (NICs), be sure to note or write down how you connect the cables to the internal and external interfaces. When you run the Setup utility, it automatically detects the number of interfaces that are installed and prompts you to configure more external interfaces, if you want. It is important to select the correct external interface based on the way you have connected the cables to the back of the unit.
- If you have a hardware-based redundant system, connect the fail-over cable to the fail-over port on each unit.
- Connect the power cable to the 3-DNS, and then connect it to the power source.
Warning: Before connecting the power cable to a power supply, customers outside the US should make sure that the voltage selector is set appropriately. This check is necessary only if the 3-DNS has an external voltage selector.
Addressing hardware configuration issues
Before you start the hardware setup, you may want to review the following items which address configuration and management issues for redundant systems, systems that use more than one network interface, and DNS zone file management.
Setting up a stand-alone unit or a redundant system
If you are setting up a stand-alone unit, you need one IP address and host name for each of the interfaces you plan to connect to the network. If you are setting up a redundant system, you need the actual IP address for each interface in each unit. If you are connecting the redundant system to more than one network, you also need a shared IP alias for each interface.
Setting up fail-over for a redundant system
Hardware-based fail-over is a redundant system that connects two 3-DNS units directly to each other using a fail-over serial cable. Network-based fail-over is a redundant system where two units are connected to each other either directly using an Ethernet cable, or indirectly via an Ethernet network. Of the two units in a redundant system, one runs as the active unit, managing all DNS resolution requests, and the other runs as the standby unit, waiting to take over in case the active unit fails and reboots. The communication between the units, such as fail-over notification, runs across either the fail-over cable in the hardware-based redundant system, or the network in the network-based redundant system.
When you run the Setup utility, it prompts you to enter the IP address of the other unit in the redundant system.
Triggering a fail-over in a redundant system
The 3-DNS tracks two key aspects of the system to validate system performance. In a redundant system, there are two events that indicate a system failure, and trigger a fail-over.
- If the 3dnsd daemon becomes unresponsive, or if you manually stop the daemon using the 3ndc stop or 3ndc restart commands, the 3-DNS treats this as a system failure and initiates a fail-over.
- If the 3-DNS fails to detect any traffic on its network interfaces, it attempts to create traffic to test the integrity of the interface. If the test fails, the 3-DNS treats this as a system failure and initiates a fail-over.
Using redundant systems with the sync group feature
If you include a redundant system in a sync group, you specify the redundant system's shared IP address when you define the sync group.
Using more than one network interface
The Setup utility automatically detects the number of interfaces installed in the 3-DNS. In most instances, you need to configure only one of the interfaces. If you want to configure an additional interface, you simply enter the same type of information that you entered for the first interface.
The 3-DNS now runs in three modes: node, bridge, and router. If you are running the 3-DNS in node mode, you only need to configure one interface. If you are running the 3-DNS in bridge mode, you use the additional interface to connect the 3-DNS to the authoritative DNS using either a cross-over cable, or through a separate switch or hub. In bridge mode, you do not need to configure the information in the Setup utility for the additional network interface. In router mode, you must configure two (or more) interfaces, on different subnets, in the Setup utility.
Note: For more information about the 3-DNS modes, refer to Configuring the 3-DNS mode, on page 4-8 .
Setting up automatic DNS zone file management
If you choose to run the 3-DNS in node mode (that is, as the primary name server for your domain), the Setup utility asks you if you want to use the NameSurfer application as the primary name server for DNS zone files. We recommend that you always run NameSurfer as the primary name server for DNS zone files. When you define or modify wide IPs in the Configuration utility, NameSurfer automatically makes the corresponding changes to the DNS zone files. The NameSurfer application also provides you with easy management of high-level domain zone files unrelated to the wide IP configuration.
If you plan on transferring existing BIND files from a primary DNS server to the 3-DNS, refer to Importing BIND files to NameSurfer during an initial installation, on page 2-11 .
Note: If you run the 3-DNS in router or bridge mode, you do not configure the NameSurfer application because the 3-DNS is not the authoritative DNS for your domain.
Preparing workstations for command line access
The type of system you have determines the options you have for remote command line administration:
- Crypto 3-DNS systems support secure shell (SSH) command line access. Note that if you have a Windows-based PC workstation, you can also use the Mindbright Mindterm SSH client to run an ssh session from a web browser. If you have a UNIX workstation, you can use a standard ssh client.
- Non-crypto 3-DNS systems support command line access using a standard rsh shell.
Note: If you are working with a crypto 3-DNS, you can access the Mindterm SSH client through the web-based Configuration utility.
Using a serial terminal
If you want to use a serial terminal (in addition to a standard console) with the 3-DNS, you need only ensure that the serial terminal settings are as follows:
- 9600 baud
- 8 bits
- 1 stop bit
- No parity
You can configure the 3-DNS to send email notifications to you, or to other administrators, using the Sendmail utility. The 3-DNS includes a sample Sendmail configuration file that you can use to start with, but you must customize the Sendmail setup for your network environment before you can use it.
Before you begin setting up Sendmail, you may need to look up the name of the mail exchanger for your domain. If you already know the name of the mail exchanger, refer to Setting up Sendmail, on page 3-7 , for details about setting up the sendmail utility itself.
Finding the mail exchanger for your domain
You can use the nslookup command on any workstation that is configured for lookup. Once you find the primary IP address for your domain, you can find the mail exchanger for your domain.
To find the mail exchanger for your domain
- Identify the default server name for your domain. From a workstation capable of name resolution, type the following on the command line:
- The command returns a default server name and corresponding IP address:
Default Server: <server name>
- Use the domain name to query for the mail exchanger:
The returned information includes the name of the mail exchanger. For example, the sample information shown in Figure 3.1 lists bigip.net as the preferred mail exchanger.
Figure 3.1 Sample mail exchanger information
bigip.net preference = 10, mail exchanger = mail.domain.com
bigip.net nameserver = ns1.bigip.net
bigip.net nameserver = ns2.bigip.net
bigip.net internet address = 192.168.112.1
ns1.bigip.net internet address = 192.168.112.2
ns2.bigip.net internet address = 192.168.112.3
Setting up Sendmail
When you set up Sendmail, you must edit three configuration files. Since the 3-DNS does not accept email messages, you can use the crontab utility to purge unsent or returned messages and send them to yourself or another administrator.
To set up and start Sendmail
- From the command line, open the /etc/rc.conf file. Add the following line to the file:
- Save and close the /etc/rc.conf file.
- To set the name of your mail exchange server, open the /etc/mail/sendmail.cf file and set the DS variable to the name of your mail exchanger. The syntax for this entry is:
- Save and close the /etc/mail/sendmail.cf file.
- To allow Sendmail to purge outgoing messages that cannot be delivered immediately from the queue containing mail, open the /etc/crontab file, and change the last line of the file to read:
0,15,30,45 * * * * root /usr/sbin/sendmail -q > /dev/null 2>&1
- Save and close the /etc/crontab file.
- To prevent returned or undeliverable email from going unnoticed, open the /etc/aliases file and create an entry so that root points to you or another administrator at your site.
- Save and close the /etc/aliases file.
- Run the /usr/sbin/newaliases command to generate a new aliases database that incorporates the information you added to the /etc/aliases file.
- To turn Sendmail on, either reboot the system, or type the following command:
/usr/sbin/sendmail -bd -q30m
Note: The 3-DNS supports only outgoing mail for Sendmail servers.
Shutting down the 3-DNS
When you need to turn the 3-DNS completely off, you need to complete two tasks. The first task is to shut down the 3-DNS software. After you shut down the 3-DNS software, you can turn off the power to the system.
To shut down the BIG-IP software from the command line
- To shut down the BIG-IP software, type the following command:
- When you see the following message, it is safe to turn off the power to the system:
System is halted, hit reset, turn power off, or press return to reboot
Warning: Do not remove the power supply from the power source to turn off the 3-DNS. Doing so may result in irrevocable damage to the system.