Required configuration changes

There are no required configuration changes in this release.

Optional configuration changes

Configuring a BIG-IP running the 3-DNS module

In the 3-DNS Controller configuration, you treat the BIG-IP platform and the 3-DNS module as if they were separate devices.  You can add the two server types either by using the Configuration utility or by editing the wideip.conf file.  The following instructions describe how to add a BIG-IP with the 3-DNS module with the name combo.domain.net and the IP address 192.168.100.100.

To add a BIG-IP with the 3-DNS module using the Configuration utility

1. In the navigation pane, click the Servers item, and then click BIG-IP Controllers.
   The BIG-IP Controllers screen opens.
2. On the toolbar, click Add BIG-IP Controller.
   The Add BIG-IP Controller screen opens.
3. In the BIG-IP Controller Name box, type combo.domain.net.
4. In the BIG-IP IP Address box, type 192.168.100.100.
5. Add the rest of the settings as needed.

When you have finished configuring the BIG-IP Controller, you can add the 3-DNS module to the configuration.

1. In the navigation pane, click the Servers item, and then click 3-DNS Controllers.
   The 3-DNS Controllers screen opens.
2. On the toolbar, click Add 3-DNS Controller.
   The Add 3-DNS Controller screen opens.
3. In the 3-DNS Controller Name box, type combo.domain.net.
4. In the 3-DNS IP Address box, type 192.168.100.100.
5. Add the rest of the settings as needed.

Note that both server types use the same name and IP address, as indicated by the highlighted text in the following example.  If you are configuring a redundant system, you use the shared IP address.  For assistance, contact technical support.

To add the BIG-IP Controller with the 3-DNS module from the command line

1. At the command line, type 3dnsmaint.
   The 3-DNS Maintenance menu opens.
2. Using the arrow keys, choose Edit 3-DNS Configuration.
3. Add the following syntax to the wideip.conf file:

server { // datacenter=DC1, #VS=1
   type     bigip
   address    192.168.100.68
   name    "birch.win.net"
   limit { /* none */ }
   iquery_protocol udp
   remote {
     secure    yes
     user    "root"
   }
   factories {
     snmp    1
   }
   prober    127.0.0.1
}


server { // datacenter=DC1, #VS=0
   type     3dns
   address    192.168.100.68
   name    "birch.win.net"
   limit { /* none */ }
   iquery_protocol udp
   remote {
     secure    yes
     user    "root"
   }
   factories {
     snmp    1
   }
}

Fixes

The following issues are resolved in the current release.

The 3dnsd daemon and the IP classifier (CR10556)
When you restart the 3dnsd daemon, you no longer experience a delay due to the size of the IP classifier.

The 3dnsd daemon memory leak (CR16237)
The memory leak in the 3dnsd daemon has been fixed.

Adding hosts and virtual server quantity CR13643
When you add a host using the Configuration utility, the virtual server quantity now displays correctly on the Host Servers screen.

Enabling disabled objects in the Configuration utility (CR16410)
You can now reenable disabled objects using the Configuration utility.

ECV status changes (CR12394)
The 3-DNS Controller now issues a message to the 3-DNS Log when the status of an ECV service check changes from up to down, or down to up.

First-Time Boot Utility in the Configuration Utility (CR14979)
On BIG-IP Controllers with the 3-DNS module enabled, the browser-based First-Time Boot Utility now properly configures the 3-DNS module.

Foundry ServerIron and big3d agent probes (CR15983)
The big3d agent no longer causes internal errors when probing a Foundry server with an SNMP prober.

Fully qualified domain names in wide IPs (CR12314)
If you try to use the same fully-qualified domain name as a wide IP name in one wide IP definition, and as an alias in another wide IP definition, the Configuration utility now issues a warning instead of stops working.

Global Availability and Ratio load balancing modes in the Configuration Utility (CR14978)
On the Modify Load Balancing for [pool name] screen, when you select the Global Availability or Ratio load balancing modes, the popup screens where you configure either the order (for Global Availability) or the ratio (for Ratio) now appear as they should.

Probing Alteon servers (CR15983)
The 3-DNS Controller no longer experiences internal errors when probing Alteon servers.

Secure/Non-secure warnings in the Configuration utility (CR13878)
When you are using Internet Explorer 5.X, the Configuration utility no longer displays a popup screen with a warning message about secure and non-secure items.

Known issues

The following items are known issues in the current release.

3-DNS Maintenance menu and new installations (CR14777)
When you are working with a new 3-DNS Controller, you need to add a data center and a 3-DNS Controller to the configuration using the Configuration utility, before you can use the Edit 3-DNS Configuration command on the 3-DNS Maintenance menu.

ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server. 

The kilobytes per second rate displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be.  The total byte counts returned from the ArrowPoint MIB are 16 times smaller than the number of bytes that were actually handled.

BIG-IP Controllers with the 3-DNS module and copying iQuery keys (CR14926)
When you use the Generate and Copy iQuery Encryption Key command on the 3-DNS Maintenance menu, the command sometimes fails to copy the key from a previously configured BIG-IP Controller on to a newly configured BIG-IP Controller with the 3-DNS module.  The command may also copy the key to the local controller and fail to copy the key to any remote controller.  If the copy fails (in either instance), re-run the command, and select either the Keep option (which retains the local system's key and copies it out to the other systems), or the Build option (which creates a new key and copies it out to the other systems). 

Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.

Crypto 3-DNS Controllers and CD upgrades
(This applies only to crypto 3-DNS Controllers.)  When you rebuild a 3-DNS Controller (or BIG-IP Controller) using a CD, the RSA key for sshd is changed.  This breaks the trust relationship between the updated controller and any devices with which it interacts.  As a result, synchronization between the controllers in the sync group stops, and you cannot update the big3d agent.  You can correct this situation by removing the newer RSA key and synchronizing the updated controller.  Refer to the Resetting the RSA key work-around to reset the RSA key and synchronize the controllers in your network.

Data center names in the Configuration utility (CR14990)
In the Configuration utility, you may get an internal server error if you use special characters in the data center names.  To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the data center names.

Global Availability load balancing within a pool (CR13112)
When you create a pool for a new or for an existing wide IP, and you use the Global Availability load balancing method, you may experience problems under the following circumstances:

• You are using Internet Explorer 5.0 or 5.5.
• You select Global Availability in the Load Balancing Modes, Preferred list on the Configure Load Balancing for New Pool screen.
• You have a large quantity of virtual servers in your configuration.

If you want to use the Global Availability load balancing method, and you meet the previous criteria, please see the Using Global Availability load balancing for pools work-around following this table.

Java applets and the Configuration utility (CR10381)
Parts of the Configuration utility for the 3-DNS Controller use Java applets and require the presence of the Java Virtual Machine (JVM) on your local machine.  However, some default installations of Internet Explorer do not contain the JVM.  If your version of Internet Explorer does not contain a JVM, you can obtain a JVM by going to the Tools menu, choosing the Windows Update link, selecting PRODUCT UPDATES, and looking in the Additional Windows Features section.  Alternately, you can go to the Internet Explorer section of Microsoft's web site.

MindTerm SSH Console and multiple Netscape browser sessions (CR12121)
If you have more than one MindTerm SSH Console session open, and you are running Netscape, you can close only one session.  We recommend that you open only one instance of the MindTerm SSH Console.

Modify Virtual Server Translations screen and proper data display (CR14029)
If you have configured more than one virtual server translation using the Configuration utility (for BIG-IP Controller virtual servers only), the Modify Virtual Server Translations screen does not refresh properly when you remove a virtual server translation.  To view the correct information on the Modify Virtual Server Translations screen, after you have removed a virtual server translation, click the Refresh button on the browser toolbar, and then go back to the Modify Virtual Server Translations screen.

  The named daemon and memory resources (CR21460)
The named daemon stops running when it consumes more memory resources than are allocated to the daemon by the operating system.  To restart the named daemon, type ndc restart at the command line.  To allocate more memory to the named daemon, see the Allocating memory resources for the named daemon section of this release note.

Netscape Navigator 6.0 (CR12116)
The Configuration utility does not currently support Netscape 6.0.

Netscape Navigator on UNIX systems (CR12132)
If you are running Netscape on a UNIX (Linux, *BSD, Solaris) system, the MindTerm SSH Client item is not available in the navigation pane of the Configuration utility.  Instead you can access the 3-DNS Controller command line utility using a standard SSH connection.

Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform.  We recommend that you use a Windows-based browser to view large network configurations with the Network Map.

Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape.  This error only occurs if the additional browser sessions use Java applets.  We recommend that you close any additional browser sessions before viewing the Network Map.

Non-crypto controllers and RSH (CR14832)
If you have non-crypto controllers, you must configure RSH from the command line to establish secure communications between the controller and other F5 devices.  If you have a mixed environment, with crypto and non-crypto controllers, you must configure RSH as well as SSH on the crypto controllers, so that they can communicate with the non-crypto controllers.  For details on how to configure the rsh utility, see the Configuring RSH on non-crypto controllers work-around.

Non-crypto EDGE-FX Caches (CR11035)
When using an RSH session to connect to an EDGE-FX Cache that does not have SSH available (a non-crypto EDGE-FX Cache), you may get a connection refused error message.
To use an RSH session with a non-crypto EDGE-FX Cache

1. Use Telnet or a terminal console to connect to the EDGE-FX Cache.
2. In the /etc/inetd.conf file, remove the comment (#) character from the line:
   #shell stream tcp nowait root /usr/libexec/rshd rshd
3. Type the following command:
   kill -HUP `cat /var/run/inetd.pid`
   This causes the inetd daemon to re-read its configuration.

Prior 3-DNS Controller versions and synchronization (CR11186)
The 3-DNS Controller, version 4.1 does not synchronize with 3-DNS Controllers that are running versions prior to 4.0.

Probe protocol for local DNS servers
We recommend that you use the ICMP, DNS_REV, or DNS_DOT probing methods, and that you do not use the Port Discovery probing method, to probe local DNS servers.

Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later.  We recommend using the following procedure to view the Histograms or Metrics:

1. In the navigation pane, expand the Statistics item, and click Probers.
2. In the Prober Statistics screen, click either Metrics or Histogram.
   A dialog box appears.
3. Select Save this file to disk and click OK.

The browser saves the file, and you can now open the file using Microsoft Excel.

Screen resolution and the Configuration utility (CR10518)
If the screen resolution on your monitor is set to less than 1024 x 768 pixels, you may not see the entire 3-DNS Controller toolbar in the Configuration utility.  If your monitor allows it, we recommend that you set your screen resolution to 1024 x 768 pixels.

Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds.  As a result, in the 3-DNS Controller SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value.  If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.

The snmpd.conf file and the 3dns.log file
If you have SNMP configured on the 3-DNS Controller, the 3dns.log file may fill up quickly.  To correct this, you must edit the snmpd.conf file from the command line, as explained in the Editing the snmpd.conf file work-around.

Statistics screens and viewing 3-DNS Controller status (CR9452)
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens in the disabled controller's Configuration utility display an inaccurate status (a red ball) for all of the other 3-DNS Controllers in the same sync group.  You can see the correct status of the controllers in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.

Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error if you use special characters in the sync group names.  To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the sync group names.

Virtual server dependencies entries (CR11414)
If you remove seven or more entries at one time from a Virtual Server Dependencies List and you are running Internet Explorer 5.0, you may get an error.  To avoid this error, remove fewer entries at a time.

Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box.

Wide IP production rules (CR11202)
When you create a wide IP production rule using the Configuration utility, in the Select Local DNS screen, you must type the IP address and subnet mask in the appropriate boxes.  You cannot use the CIDR format (for example, 192.168.10.10/24) in these boxes.

Work-arounds for known issues

The following sections describe work-arounds for some of the known issues listed in the previous section.

Allocating memory resources for the named daemon

You can allocate more memory resources for the named daemon using the following instructions.

1. From the command line, open the /etc/named.conf file with the text editor of your choice (vi or pico).



2. In the options statement, add the following line:
   datasize 128M;



3. Save and close the /etc/named.conf file.



4. Update the system with the changes.
   
   • If the named daemon is running, type this command:
     ndc reload
   
   
   
   • If the named daemon is not running, type this command:
     ndc start

The named daemon now can use up to 128MB of RAM if necessary.

Configuring RSH on non-crypto controllers

The following instructions describe how to configure the rsh utility from the command line.  You need to configure the rsh utility on all the non-crypto controllers for which you want to establish secure communications, as well as crypto controllers that communicate with non-crypto controllers.

To set up the rsh utility from the command line

1. On the local controller, open the /etc/hosts file.
2. Add the host name and IP address of the remote controller (the controller from which you want to log on) to the file.
3. Save and close the file.
4. Next, open the /etc/hosts.equiv file.
5. Add the host name and user name for the remote controller to the /etc/hosts.equiv file.  The host name is the same as the one you added to the /etc/hosts file.  The user name is the login name of the user on the local controller that you want to allow access to the remote controller.  Add the host name and user name to the file in the following format:
   hostname     username
6. Save and close the file.
7. Last, change to the /root directory.
8. In the /root directory, create a .rhosts file.  The syntax is the same as the /etc/hosts.equiv file.
9. For the .rhosts file, set the file permissions using the chmod 600 command.
10. Save and close the file.

You can now use the rsh utility to run commands on the remote controller.

Editing the snmpd.conf file

Use the following instructions to edit the snmpd.conf file so the the 3dns.log file no longer fills up too quickly.

To edit the snmpd.conf file

1. At the command line, change to the /etc/snmpd.conf directory.
2. Using the text editor of your choice, locate the following line in the file:
   trapsink 192.168.101.62
3. Comment out the line by adding the comment (#) character in front of trapsink.

Resetting the RSA key

The following instructions describe how to reset the RSA key for a controller that you have upgraded using a CD.

To reset the RSA key for an updated 3-DNS Controller

1. In the /root/.ssh/known_hosts file of each controller in the sync group that has not been updated, remove the RSA key for the replaced controller.
2. Type 3dnsmaint at the command line to open the 3-DNS Maintenance menu.
3. Choose Configure secure communication between all 3-DNS and BIG-IP systems, and press Enter. 
   The 3-DNS Controller updates the RSA key with the correct information.
4. Press Enter to return to the 3-DNS Maintenance menu.
5. Press Q to quit.

Using the Global Availability load balancing mode within a pool

The following instructions describe how to configure the Global Availability load balancing mode within a pool.  You need to use these instructions only if you meet the criteria listed in the Using the Global Availability load balancing mode within a pool item in the Known Issues section.

To configure Global Availability load balancing within a pool in a new wide IP

1. In the navigation pane, click Wide IPs.
   The Wide IP List screen opens.
2. On the toolbar, click Add Wide IP.
   The Add a New Wide IP screen opens.
3. Type the settings for the new wide IP, and click Next.
   The Configure Load Balancing for New Pool screen opens.
4. Select a load balancing mode other than Global Availability in all of the following lists:
   • Load Balancing Modes, Preferred
   • Load Balancing Modes, Alternate
   • Load Balancing Modes, Fallback
   
   Note that you can accept the default settings, rather than changing the settings.
5. Click Next.
   The Select Virtual Servers screen opens.
6. Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.
7. On the Wide IP List screen, select the wide IP that you just created.
8. On the toolbar, click Modify Pool.
   The Modify Wide IP Pools screen opens.
9. Click the pool that you just created.
   The Modify Load Balancing for [pool name] screen opens.
10. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.

To configure Global Availability load balancing within a pool in an existing wide IP

1. In the navigation pane, click Wide IPs.
   The Wide IP List screen opens.
2. On the toolbar, click Add Pool.
   The Configure Load Balancing for New Pool screen opens.
3. Select a load balancing mode other than Global Availability in the following lists:
   • Load Balancing Modes, Preferred
   • Load Balancing Modes, Alternate
   • Load Balancing Modes, Fallback
   
   Note that you can accept the default settings; you do not have to change the settings.
4. Once you have finished configuring the pool, click Finish to save your changes.
   The Wide IP List screen opens.
5. In the Pools column, select the pools for the wide IP that you just modified.
   The Modify Wide IP Pools screen opens.
6. In the Pool Name column, click the name of the pool that you just created.
   The Modify Load Balancing for [pool name] screen opens.
7. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
   The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.

---