Applies To:Show Versions
3-DNS Controller versions 1.x - 4.x
- 4.2 PTF-08, 4.2.0
The current PTF installs fixes from all PTFs released after 3-DNS Controller, version 4.2. (For details, see the following section, Software enhancements and fixes.) The latest version of the PTF note is available at http://tech.f5.com.
Note: If you are updating the 3-DNS Controller module on a BIG-IP system, refer to the BIG-IP, version 4.2PTF08 note for instructions on installing the PTF.
Apply the PTF to the 3-DNS Controller, version 4.2 using the following process. Note that the installation script saves your current configuration.
Note: If you have installed prior PTFs, this installation does not overwrite any configuration changes that you made for prior PTFs.
- Change to the /var/tmp/ directory by typing:
- Connect to the F5 Networks FTP site (ftp.f5.com).
Use FTP in passive mode from the 3-DNS Controller to download the file. To place FTP in passive mode, type pass at the command line before transferring the file.
- Download the following PTF file to the /var/tmp/ directory on the target 3-DNS Controller:
- To install the PTF, type the following command:
The 3-DNS Controller automatically reboots once it completes installation.
After the PTF installation has completed, you need to install the
new version of the big3d agent on all BIG-IP systems, EDGE-FX
Caches, and GLOBAL-SITE systems known to the 3-DNS Controller, as follows:
- Log on to the 3-DNS Controller at the command line.
- Type 3dnsmaint to open the 3-DNS Maintenance menu.
- Select Install and Start big3d, and press Enter.
The 3-DNS Controller detects all BIG-IP systems, EDGE-FX Caches, and GLOBAL-SITE systems in the network, and updates their big3d agents with the appropriate version of the agent.
- Press Enter to return to the 3-DNS Maintenance menu.
- Type Q to quit.
CA-2002-31, Multiple Vulnerabilities in BIND (CR25088)
This PTF addresses the security vulnerabilities that are listed in CERT® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.
SNMP probes and host servers (CR19784)
The 3-DNS Controller now uses the version of SNMP that is appropriate for the host that the controller is probing, rather than always using SNMP, version 1.
The Tomcat package and the Java daemon (CR21652, CR22561)
The Tomcat package and the Java daemon (javad) have been removed from the software. The 3-DNS Controller does not currently use either of these components.
UDP checksums and TFTP packets (CR22113)
In rare instances, the checksums for TFTP packets were incorrect. This problem has beem fixed.
SNMP traffic no longer passing through a VLAN that has port lockdown enabled (CR22677)
A VLAN configured with port lockdown enabled no longer allows SNMP traffic when you have not explicitly enabled the SNMP port using the open_snmp_port global setting.
Disabling SNMP and rebooting the controller (CR22762)
When you disable SNMP using the Configuration utility and you reboot the controller, the bigstart script no longer generates a new snmp.conf file.
Updating the big3d agent (CR23458)
The big3d agent in this PTF (PTF08) resolves the issues with the big3d agent for BIG-IP systems running version 4.2 and later. Be sure to update the big3d agent for all of your systems, as described in the Updating the big3d agent section of the PTF installation instructions.
Topology load balancing enhancement (CR24059)
When you set the load balancing mode to Topology, and no topology records match an incoming request, the 3-DNS Controller no longer randomly selects a virtual server for the response. Instead, the controller tries to use the alternate or fallback load balancing mode.
Enhancements to probing (CR24981)
The 3-DNS Controller now staggers the host probing and the ECV probing processes so that the controller resources are not overburdened. Additionally, if a host or a host virtual server is down for more than four sequential probing cycles, the polling period for that host or host virtual server is extended to three times the normal polling period.
big3d agent memory leak and probing large quantities of hosts (CR25007)
The big3d agent no longer experiences a memory leak when the 3-DNS Controller is probing a large number of hosts (for example, more than 500).
Root servers list for BIND (CR25063)
The root servers list file for BIND, root.hint, has been updated to include the most current list of root servers.
CERT Advisory CA-2002-23, Multiple Vulnerabilities In OpenSSL
The security vulnerabilities that are outlined in CERT Advisory CA-2002-23, Multiple Vulnerabilities In OpenSSL, have been fixed.
CERT Advisory CA-2002-18, OpenSSH Vulnerabilities in Challenge Response Handling
The OpenSSH software running on the 3-DNS Controller has been upgraded to version 3.4p1 to address the security vulnerability that is outlined in CERT Advisory CA-2002-18.
BSDI security vulnerability (CR16430)
A potential denial of service vulnerability in the C library (libc) of BSDI has been addressed. For information about the vulnerability, see Vulnerability Note VU#808552, Multiple ftpd implementations contain buffer overflows, which is available on the CERT website at http://www.cert.org.
Manually re-enabling virtual servers when they change status from down to up (CR21894)
Previously, when a virtual server changed status from down to up, the virtual server was immediately available for load balancing. You can now choose to manually re-enable virtual servers for load balancing availability when their status changes from down to up by activating the Manual Resume setting. If you activate the Manual Resume setting, when a virtual server changes status from up to down, the controller also disables the virtual server. When the virtual servers status changes back to up, you have to re-enable the virtual server before it is actually available for load balancing.
For details on configuring the Manual Resume setting, see the Optional configuration changes section of this PTF note.
The named daemon no longer experiences fatal errors when there are more than 500 IP addresses configured on a BIG-IP system running the 3-DNS Controller module (CR22075, CR22911)
The named daemon no longer experiences fatal errors under the following conditions:
- You are running the 3-DNS module on a BIG-IP system, and
- You have more than 500 IP addresses in the BIG-IP configuration
The 3dns_action script and deleting action commands on the local system (CR22108, CR22109)
The 3dns_action script now deletes action commands, which are generated by the local systems 3dnsd daemon, from the /tmp/sync_wideip_cmds directory on the local system. There is also a cron job that deletes files and action commands that are older than one day from the /tmp directory.
Updating persistence records when the 3dnsd daemon restarts (CR22380)
In situations where the 3dnsd daemon restarts, for example, when you reboot the 3-DNS Controller, the controller now synchronizes any persistent connections with another controller in the sync group.
The Return to DNS load balancing mode and floating self IP addresses (CR22570)
The Return to DNS load balancing mode now works properly with floating self IP addresses. Previously, the 3-DNS Controller was unable to properly use the Return to DNS load balancing mode to route packets when the controller had a floating self IP address.
New SNMP OIDs for enable and disable actions (CR22631)
When you enable or disable an object in the 3-DNS configuration, this action now generates an SNMP trap based on new object identifiers (OIDs) in the 3-DNS MIB. You can view the 3-DNS MIB from the home screen of the Configuration utility.
EDNS0 requests from BIND 8.3.3 and BIND 9 name servers (CR22697)
The 3-DNS can now process EDNS0 requests that originate from BIND 8.3.3 and BIND 9 name servers. When the 3-DNS receives an EDNS0 request, the controller embeds the additional EDNS0 record in the DNS response packet.
Synchronizing among sync group members when a controller reboots (CR22912)
When a 3-DNS Controller that is a member of a sync group reboots, the controller no longer loses the ability to synchronize with the other controllers in the sync group.
CERT Advisory CA-2002-17, Apache Web Server Chunk Handling Vulnerability
The security vulnerability that is outlined in CERT Advisory CA-2002-17, Apache Web Server Chunk Handling Vulnerability, has been fixed.
Updated big3d agents (CR21360, CR21637)
The big3d agent has been updated. To ensure that the BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in your network are running the most recent big3d agent, be sure to follow the instructions in the Updating the big3d agent section of this PTF note.
The named daemon and memory usage (CR21420)
The named daemon no longer stops running when it uses more than 16MB of RAM.
Unexpectedly closed TCP connections with outstanding path probes (CR21530)
When the TCP connection for a large number of active iQuery path probes is unexpectedly closed or dropped, the big3d agent no longer stops running.
SNMP trap IDs and 3-DNS MIB descriptions for server status changes (CR21590)
The descriptions in the 3-DNS MIB for changes in server status (for example, RED to GREEN, or GREEN to RED) now correspond correctly to the SNMP trap IDs.
SNMP traps for server status and virtual server status have been improved (CR21591)
The SNMP traps for server status and virtual server status now properly inherit their status from threednsTraps in the 3-DNS MIB.
big3d agent SNMP probing failures and misconfigured Alteon switches (CR21638)
On an Alteon switch that is misconfigured with a group that doesn't exist in the MIB, the big3d agent no longer fails when probing for virtual server status using SNMP.
Updated version of BIND (CR21639)
BIND has been updated from version 8.2.3 to version 8.3.1.
big3d argument with missing values and server errors (CR21647)
When a big3d argument requires a value, and you do not define a value, the 3-DNS Controller no longer experiences server errors.
There are no fixes or enhancements for 3-DNS Controller in version 4.2PTF05.
SNMP versions and host probing (CR19784, CR20916)
The 3-DNS Controller now uses the correct version of SNMP (1 or 2) depending on which version is supported by the SNMP agent on the host.
Support for iControl, version 2.1 (CR19847, CR20178)
This PTF includes support for iControl, version 2.1.
New command argument for 3ndc (CR19886)
You can now monitor DNS transactions without using tcpdump by using the 3ndc querylog command. For additional information, refer to the 3ndc man page.
Using snmpwalk and the 3-DNS MIB (CR19989, CR19994)
You no longer receive an OID error when you use snmpwalk on the 3-DNS MIB, and the following condition exists: the string length (shorter to longer) and the lexicographic sort (a to z) of wide IP names and/or data center names in the MIB are in opposite order.
Synchronization and viewing server status (CR20170)
When you make configuration changes on a receiver 3-DNS Controller in a sync group, and then view server and virtual server status on the principal 3-DNS Controller, the servers and virtual servers are no longer inaccurately marked as down (red ball).
IP Application Switch platform and probing hosts using TCP (CR20244)
Host probing no longer fails when you are running the 3-DNS Controller module on the IP Application Switch platform, and the big3d agents probe protocol is set to TCP.
Configuring default settings for SNMP (CR20258)
You can now reset the SNMP timeouts and retries to their default values.
Compilation errors in 3-DNS MIB (CR20466)
The 3-DNS MIB no longer causes compilation errors with some SNMP management tools.
Netmask on the public IP address when the 3-DNS Controller is behind a firewall (CR20792)
When the 3-DNS Controller is behind a firewall, and the public IP address is defined on the external VLAN, the netmask is now applied correctly; the public IP address is no longer improperly associated with the loopback device.
Removing virtual servers (CR20814)
Removing a virtual server that belongs to a pool that uses the Round Robin load balancing mode no longer causes server errors.
Getting up or down status for 3-DNS, GLOBAL-SITE, and EDGE-FX Cache systems from SNMP (CR21041)
You can now get the proper up or down status from the 3-DNS MIB for 3-DNS, BIG-IP, GLOBAL-SITE, and EDGE-FX Cache systems.
iQuery and backward compatibility for encryption (CR21270)
iQuery encryption between 3-DNS Controller, version 4.2 and 3-DNS Controller, version 4.0.1 now works properly.
There are no fixes or enhancements for 3-DNS Controller in version 4.2PTF03.
There are no fixes or enhancements for 3-DNS Controller in version 4.2PTF02.
There are no fixes or enhancements for 3-DNS Controller in version 4.2PTF01.
The following section provides information about both required and optional configuration changes.
There are no required configuration changes in this PTF.
Working with the Manual Resume setting
Use the following instructions to activate the Manual Resume setting. Note that this setting affects all of the virtual servers in a wide IP.
To activate the Manual Resume setting using the Configuration utility
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens.
- In the Wide IP Name column, click the name of the wide IP that you want to modify.
The Modify Wide IP screen opens.
- Check the Manual Resume box.
- Click Update.
The Configuration utility updates the configuration with the changes.
When you activate the Manual Resume setting on a wide IP, all of the virtual servers in that wide IPs pools are affected. When a virtual server changes status from up to down, the virtual server remains disabled even after it changes status from down to up. The following instructions describe how to determine whether a virtual server is disabled by the Manual Resume setting, and how to re-enable the virtual server.
To determine how a virtual server is disabled using the Configuration utility
- On the navigation pane, expand the Statistics item, and then click Disabled.
The Disabled Objects screen opens.
- Using the Object Type and ID columns, locate the virtual server that you are reviewing.
- The Disabled By column for the virtual server that you want to review displays the method by which the virtual server was disabled. For example, if you see manual_resume, the virtual server is disabled by the Manual Resume setting, and will remain disabled indefinitely.
The following instructions describe how to re-enable a virtual server that has been disabled by the Manual Resume setting. Note that you re-enable the virtual server in the context of the pool and wide IP that it belongs to, not in the context of the server that it belongs to.
To re-enable a virtual server that is disabled by the Manual Resume setting using the Configuration utility
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens.
- In the Pools column, click # Pools for the wide IP that disabled the virtual server you want to re-enable.
The Modify Pools screen opens.
- In the Virtual Servers column, click # Virtual Servers for the pool that disabled the virtual server you want to re-enable.
The Modify Virtual Servers screen opens.
- Click the Status button for the virtual server that you want to re-enable.
A popup screen appears to confirm that you want to enable the virtual server.
- Click OK.
The screen refreshes and the virtual server is enabled.
The following items are known issues in the current release.
Updating the Return to DNS counter (CR20139)
The Return to DNS counter does not update when none of the specified load balancing methods for a wide IP is able to select a pool and virtual server to respond to a query.
CPU usage statistics for EDGE-FX Caches (CR21325)
On the EDGE-FX Cache Statistics screen, in the Configuration utility, the 3-DNS Controller incorrectly reports the CPU usage statistic for the EDGE-FX Cache.
Modifying wide IPs and errors in the Configuration utility (CR22038)
When you modify a wide IP using the Configuration utility, you may see error 331845. The error is benign, and occurs only if the NameSurfer® application is not enabled. Note that this known issue is not applicable to the 3-DNS Controller module on a BIG-IP system.
Syntax errors on the big3d man page (CR22071)
The syntax is incorrect for the following arguments on the command line version of the big3d man page:
Setting the Quality of Service load balancing mode and the QOS coefficients (CR22131)
In the Configuration utility, when you change the load balancing mode within a pool to Quality of Service, occasionally the Configuration utility may not properly update the QOS coefficients. Instead, you may see very large values for some of the coefficients, or you may see new values for coefficients that you did not change. To work around this issue, see the Setting the Quality of Service load balancing mode section of this PTF note.
Disabling Round Robin LDNS and synchronization (CR22324)
If you have 3-DNS Controllers in a sync group, and you disable Round Robin LDNS (RR LDNS) in a pool on one of the controllers, the disable operation does not synchronize properly to the other members of the sync group. To work around this issue, after you have disabled RR LDNS on one controller, on the remaining controllers in the sync group, type 3ndc restart from the command line.
Resetting the base configuration before you run the Setup utility causes fatal errors at the Configure Interfaces step (CR22331)
When you reset the base configuration (with the command bigpipe base reset), and then run the Setup utility (by typing setup), the controller experiences fatal errors when you get to the Configure Interfaces step in the utility. To avoid the errors, do not reset the base configuration before you run the Setup utility.
Setup utility may fail when the systems broadcast address is not compatible with the systems IP address/netmask (CR22675)
When you configure the system's IP address and netmask, and you change the broadcast address so that it does not match the IP address/netmask combination, the Setup utility may experience fatal errors when you enter a default route. To avoid this error, we recommend that you accept the default broadcast address.
SNMP callbacks are not cleared when a session ends (CR22856)
Occasionally, the 3dnsd daemon may stop running when an SNMP session does not end gracefully. If this occurs, restart the 3dnsd daemon at the command line, by typing 3dnsd restart.
Deleting objects using the Configuration utility and sync groups (CR24102)
Occasionally, when you delete an object using the Configuration utility for the principal controller in a sync group, the object still appears in the Configuration utility for any receiver controllers in the sync group. If you then try to edit the deleted object, the Configuration utility may experience fatal errors. To work around this issue, see the Clearing the browser cache and restarting the 3ndc utility section of this PTF note.
Viewing the Probers statistics screen and Netscape Navigator (CR24844)
If you are using Netscape Navigator to view the Configuration utility, and you have probers in your configuration, you cannot see the Probers statistics screen. If you want to view this screen, open the Configuration utility in an Microsoft Internet Explorer browser session.
Editing the license file and parsing errors (CR25309)
If you edit the license file (which is not supported), and you add spaces rather than tabs, the 3-DNS Controller experiences parsing errors. We recommend that you do not edit the license file.
Changing the ratio setting for virtual servers in pools (CR25329)
When you modify the ratio setting (to a value other than 1) for a virtual server in a pool, you cannot set the ratio back to 1. If you want to reset the ratio for a virtual server back to 1, you must first delete, and then re-add, the virtual server with the ratio set to 1.
The following items are work-arounds for known issues in the previous section of the PTF note.
In the Configuration utility, if you change the load balancing mode in a pool to Quality of Service and the values for the QOS coefficients do not maintain your settings, use the following instructions.
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens.
- In the Wide IP Name column, select the wide IP that contains the pool that you want to modify.
The Modify Wide IP screen opens.
- From the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens.
- In the Pool Name column, click the pool that you want to modify.
The Modify Load Balancing for [pool name] screen opens.
- In the Load Balancing Modes, Preferred box, select Quality of Service.
- Click Update.
Note: Do not change the values of the QOS coefficients at this time.
- In the Quality of Service coefficients section of the screen, type the values that you want to set for the QOS coefficients.
- Click Update.
The QOS coefficients should remain at the values that you typed.
If you have a sync group configured, and you see deleted objects in the Configuration utility for your receiver controllers, then use the following instructions to clear your browser's cache, and restart the 3ndc utility.
To clear the browser cache and restart the 3ndc utility
- From the Configuration utility of the receiver controller, right-click within the Configuration utility.
A popup menu appears.
- Click Refresh.
The screen refreshes.
- If you still see the deleted object, then repeat the previous steps, but hold the SHIFT key when you click Refresh.
- If step 3 clears the deleted object from the screen, you are done. If step 3 does not clear the deleted object from the screen, then you need to restart the 3ndc utility, as described in the following steps.
- Close the current browser session for the Configuration utility.
- From the command line, type 3ndc restart.
- Open a new browser session for the Configuration utility.
The deleted object should no longer appear.