What’s fixed in this PTF

There are no fixes for 3-DNS Controller in version 4.5 PTF-03.

Enhancements and fixes released in prior PTFs

Version 4.5 PTF-02

Enhancements to load balancing
This PTF adds two new load balancing modes, Drop Packet and Explicit IP. We recommend that you use these new load balancing modes only for the fallback method. The 3-DNS Controller uses the fallback method when the preferred and alternate load balancing modes do not provide at least one virtual server to return as an answer to a query. When you specify the Drop Packet mode, the 3-DNS Controller does nothing with the packet, and simply drops the request. (Note that a typical LDNS server iteratively queries other authoritative name servers when it times out on a query.) When you specify the Explicit IP mode, the 3-DNS Controller returns the IP address that you specify as the fallback IP as an answer to the query. Note that the IP address that you specify is not monitored for availability before being returned as an answer. When you use the Explicit IP mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server.

You can configure the new load balancing modes for the fallback method either using the Configuration utility or from the command line. For information on configuring the fallback method with the new load balancing modes, see the Configuring the Drop Packet and Explicit IP load balancing modes section of this PTF note.

Large configurations and misleading error messages (CR19843)
When the 3dnsd process is loading a large configuration, you may see a warning message now, instead of an error message.

Updated 3-DNS Reference Guide PDF (CR22017)
The 3-DNS Reference Guide has been updated to include Appendix A, 3-DNS Configuration File. The updates to this appendix include the revised data structures and the new configuration options for routers and links.

UDP checksums and TFTP packets  (CR22113, CR25181)
In rare instances, the checksums for TFTP packets were incorrect. This issue has been resolved.

Apache web server and the CERT Coordination Center vulnerability, VU#672683 (CR24689)
This PTF addresses the vulnerability in the Tomcat package for the Apache web server that is described in Vulnerability Note VU#672683 on the CERT® Coordination Center website. For more information on the vulnerability, see http://www.kb.cert.org/vuls/id/672683.

Turning off automatic synchronization and persistent LDNS requests (CR24869)
When you turn off automatic synchronization on a 3-DNS Controller, and if the 3dnsd process on that controller loses network communications with the other 3dnsd processes in the network, the controller now synchronizes LDNS requests that occur during the time that the 3dnsd process is offline.

iControl BaseServer::get_interfaces function and the 3dnsd process (CR24912)
The following iControl function, ITCMGlobalLB::BaseServer::get_interfaces, no longer causes the 3dnsd process to stop running when you specify an invalid type within the function.

Synchronization and the netIana.inc file (CR24928)
The include geoloc "netIana.inc" directive is now synchronized between the members of a sync group.

Root servers list for BIND (CR25064)
The root servers list file for BIND, root.hint, has been updated to include the most current list of root servers.

Errors on the System - General screen in the Configuration utility (CR25143)
You can now change any of the settings on the System - General screen in the Configuration utility, and you no longer see error messages when you do so.

Invalid metrics statistics and graphs for down remote links (CR25146)
The Link Statistics screen, in the Configuration utility, no longer displays very large, invalid values for remote links that are down (red ball). The link statistics graphs now accurately display the data for both the link that is down, and any available links.

Path probing requests and data centers with no defined router (CR25155)
If a data center contains at least one 3-DNS Controller, BIG-IP system, or EDGE-FX system, the big3d agent now issues path probing requests to that data center, regardless of whether you have defined a router for the data center.

Using a serial terminal as a console (CR25183)
This PTF fixes the serial terminal as the console functionality, as described in the 3-DNS Reference Guide, Chapter 6, Monitoring and Administration, so that it works with all 2U controller platforms.

Version 4.5 PTF-01

CA-2002-31, Multiple Vulnerabilities in BIND
This PTF addresses the security vulnerabilities that are listed in CERT® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.

Configuration changes

The following section provides information about both required and optional configuration changes.

Required configuration changes

Updated big3d agent for version 4.5 and later (CR25255)
The big3d agent has been updated, and is not compatible with the previously-released big3d agents. Therefore, you must distribute the updated big3d agent to the BIG-IP systems in your network so that the metrics collection on the 3-DNS Controller functions properly. For details on distributing the updated big3d agent, see the Updating the big3d agent section of the installation instructions for this PTF.

Optional configuration changes

Configuring the Drop Packet and Explicit IP load balancing modes

You can configure the fallback method using the new load balancing modes either by using the Configuration utility, or by editing the wideip.conf file from the command line. You can specify either the Drop Packet load balancing mode, or the Expicit IP load balancing mode. Note that if you specify the Expicit IP mode, you also specify a fallback IP address.

To configure the fallback method with the Drop Packet mode using the Configuration utility

1. In the navigation pane, click Wide IPs.
   The Wide IP List screen opens.
   
   
2. In the Wide IP column, click the name of the wide IP that you want to modify.
   The Modify Wide IP screen opens.
   
   
3. On the toolbar, click Modify Pool.
   The Modify Wide IP Pools screen opens.
   
   
4. In the Pool Name column, click the name of the pool that you want to modify.
   The Modify Load Balancing screen opens.
   
   
5. In the Load Balancing Modes, Fallback box, select Drop Packet.
   
   
6. Click Update.
   The Configuration utility updates the configuration with the changes.
   
   

To configure the fallback method with the drop_packet mode from the command line

1. To ensure that the configuration files contain the same information as the memory cache, type the following command:
   3ndc dumpdb
   
   
2. Open the /etc/wideip.conf file in a text editor (either vi or pico).
   
   
3. Use the syntax highlighted below to configure the fallback method with the drop_packet mode.
   
   
4. Save and close the file.
   
   
5. Commit the changes to the configuration by typing:
   3ndc reload
   
   

To configure the fallback method with the Explicit IP mode using the Configuration utility

1. In the navigation pane, click Wide IPs.
   The Wide IP List screen opens.
   
   
2. In the Wide IP column, click the name of the wide IP that you want to modify.
   The Modify Wide IP screen opens.
   
   
3. On the toolbar, click Modify Pool.
   The Modify Wide IP Pools screen opens.
   
   
4. In the Pool Name column, click the name of the pool that you want to modify.
   The Modify Load Balancing screen opens.
   
   
5. In the Load Balancing Modes, Fallback box, select Explicit IP.
   
   
6. In the Fallback IP box, type the IP address for the server or host to which you want the 3-DNS Controller to forward the packet.
7. Click Update.
   The Configuration utility updates the configuration with the changes.
   
   

To configure the fallback method with the explicit_ip mode from the command line

1. To ensure that the configuration files contain the same information as the memory cache, type the following command:
   3ndc dumpdb
   
   
2. Open the /etc/wideip.conf file in a text editor (either vi or pico).
   
   
3. Use the syntax highlighted below to configure the fallback method with the explicit_ip mode.
   
   
4. Save and close the file.
   
   
5. Commit the changes to the configuration by typing:
   3ndc reload
   
   

Known issues

The following items are the known issues identified since the release of 3-DNS Controller, version 4.5. For a list of the known issues in the 4.5 release, refer to the 3-DNS Controller, version 4.5 release note on AskF5.

Invalid OID for the shutdown trap in the SNMP MIB (CR25059)
The shutdown trap, in the SNMP MIB, has an invalid object identifier (OID) associated with it. Therefore, this trap does not function properly.

Broken links on the Configuration utility welcome screen (CR25249)
In the Configuration utility, under Additional Software Downloads on the welcome screen, the following links are broken: 3-DNS MIB and DNS MIB. Note that this does not affect the MIBs themselves, which you can view from the command line in the following directory: /usr/local/share/snmp/mibs. For information on working with the MIBs, see Working with SNMP on the 3-DNS Controller, in the 3-DNS Reference Guide, Chapter 5, Probing and Metrics Collection.

BIG-IP virtual server status and node connection limits (CR25473)
When you have configured a node connection limit for a BIG-IP virtual server, the 3-DNS Controller may show that virtual server as down (red ball), if the node connection limit is set to zero (0).

Synchronization and removing The include geoloc "netIana.inc" directive (CR25402)
If you have a sync group configured, and you remove the include geoloc "netIana.inc" directive from one of the sync group members because you are not using Topology load balancing for any pool or wide IP, the synchronization process does not remove the directive from the other members of the sync group. This does not affect performance of the controller.

Error messages for the checkd process on standalone 3-DNS Controllers (CR25476)
If you have a standalone 3-DNS Controller, you may see the following error message in the /var/log/bigd file for the checkd process: checkd: SSL accelerator proxies are not available. The error is benign because the 3-DNS Controller does not use the checkd process. You can safely turn the checkd process off using the Turning off the checkd process work-around following this section of the PTF note.

Interoperating with SEE-IT® Network Manager (CR25573)
In 3-DNS Controller, version 4.5, the format of the /VERSION file changed, resulting in an incompatability with the SEE-IT Network Manager. You can fix the incompatability using the work-around described in the Reformatting the /VERSION file section following this section of the PTF note.

Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

Work-arounds for known issues

The following items describe work-arounds for known issues.

Turning off the checkd process

You can safely turn off the checkd process on a standalone 3-DNS Controller using the following steps.

Important:  If you are running the 3-DNS Controller module on a BIG-IP system, do not turn off this process.

To turn off the checkd process

1. From the command line, type the following command, and press Enter:
   pidof checkd
   
   The controller displays the process ID number for the checkd process (so you know that the process is running).
   
   
2. Type the following command:
   kill -9 `pidof checkd`
   
   The controller stops the checkd process, and stops entering error messaages in the \var\log\bigd file.
   
   

Note:  If you reboot the controller, you need to repeat this procedure.

Reformatting the /VERSION file

If you use the SEE-IT Network Manager application to monitor you 3-DNS Controller, make the following change to the /VERSION file on the 3-DNS Controller so that the file is compatible with the SEE-IT application.

1. From the command line, open the /VERSION file in a text editor (either vi or pico):
   <vi | pico> /VERSION
   
   
2. Move the Version: parameter to the top line of the file.
   
   
3. Save and close the file.
   The SEE-IT Network Manager should no longer experience errors when you are monitoring 3-DNS Controller, version 4.5.