Release Notes : 3-DNS Controller, Release Note

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.2.0
Release Notes
Updated Date: 04/18/2019

Summary:

This release note documents version 4.2 of the 3-DNS system. You can apply the software upgrade to crypto version 3.0 and later. For information about installing the software upgrade, please refer to the instructions below.

Contents:

Installing the upgrade

The instructions for installing version 4.2 upgrade are different depending on whether you are installing the upgrade on a system running 3-DNS, version 3.0 or later, or 3-DNS, version 4.2BETA. If you are running 3-DNS, version 3.0 or later, click here. If you are running 3-DNS, version 4.2BETA, click here.

Important! If you are running the 3-DNS module on a BIG-IP, do not apply this upgrade. Instead refer to the installation instructions for BIG-IP, version 4.2, as published in the BIG-IP version 4.2 release note.

Minimum system requirements

This section describes the minimum system requirements for this release.

  • Intel® Pentium® II 266MHz processor
  • 1GB disk drive
  • 128MB RAM

Installing the upgrade to systems running version 3.0 and later

Important!  Do not apply this upgrade to a 3-DNS running a version prior to 3.0.

The following instructions explain how to install the 3-DNS, version 4.2 onto existing crypto systems running version 3.0 and later.

  1. On the 3-DNS, change to the /var/tmp/ directory:
    cd /var/tmp/
  2. Connect to the F5 Networks FTP site at ftp.f5.com.

  3. Download the upgrade file, Upgrade-4.2-4.0.1.tgz, to the /var/tmp/ directory on the 3-DNS.

  4. Download the md5 file to the /var/tmp/ directory on the 3-DNS.
  5. Verify the integrity of the upgrade file by typing the md5 command where Upgrade-4.2-4.0.1.tgz is the name of the upgrade file:
    md5 Upgrade-4.2-4.0.1.tgz

    If the md5 numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.

  6. Extract the kit file in the /var/tmp/ directory by typing the following command:
    tar -xvzf Upgrade-4.2-4.0.1.tgz
  7. Start the upgrade process by typing the following command from the /var/tmp directory:
    ./upgrade_install

  8. Note: The upgrade process saves the configuration files in the /config, /3dns, and /root directories, and most files from the /etc directory, and then performs a clean installation of 3-DNS, version 4.2. Once the 4.2 installation is complete, the upgrade script imports the saved configuration files. The upgrade process does not preserve any non-standard files that you may have on your 3-DNS. If you want to retain any non-standard files during this upgrade, then you need to save the files to a remote location before you run the upgrade script, and manually restore the non-standard files after the upgrade process is complete.

  9. Press Enter.
    The upgrade script saves all the configuration files in the /config, /3dns, and /root directories, and several files from the /etc directory. (If you are running version 3.0, the upgrade script also saves the files in the /var/3dns directory.)
  10. Next, the upgrade script asks if you want to save the rollback tar file to a remote location. (The rollback tar file contains all the configuration files necessary to perform a complete rollback to the existing 3-DNS version.)

    • Type Y if you want to save your configuration files in a rollback tar file on a remote location. A shell opens, where you can use ftp or scp to copy the rollback tar file to a remote location.


    • Otherwise, type N to continue the upgrade process.
  11. Note: The upgrade process automatically copies the saved configuration files and installs them in the 4.2 version of 3-DNS. You would need to use this remote rollback file to restore a configuration only if the upgrade procedure fails, and the 3-DNS is left in a non-recoverable state. If this were to happen, you would reinstall 3-DNS, version 4.0.1 using a CD-ROM. You could then use the remote copy of the rollback tar file to return the system to its pre-upgrade state. Be aware that it is highly unlikely that you will need the remote rollback tar file.

  12. The upgrade script next prompts you to re-enter all of the passwords for all system user accounts, web administration user accounts, and NameSurferTM user accounts because the encryption method used by 3-DNS has changed.

    • When you update the system user accounts and the web administration user accounts, you are prompted to re-enter the password for each existing user account. Type Y if you want to re-enter the existing passwords, or type N to proceed with the upgrade without resetting the passwords. Note that if you decide to continue with the upgrade without resetting the passwords, the upgrade script resets all current passwords to default for the system user accounts and the web administration user accounts.


    • When you update the user accounts for NameSurfer, you are not prompted to update a specific existing account. Rather, you can either add user accounts for NameSurfer, or continue with the upgrade process. You can add multiple NameSurfer users until you choose to continue with the upgrade process.
  13. Once you have finished updating all the passwords, the remainder of the upgrade process continues without further user intervention. Note that the final stages of the upgrade process take several minutes, and your system is offline during this time. Depending on your system's configuration, this stage can take from 5 to over 20 minutes. Do not take any action on the 3-DNS until you see the login prompt, as interfering with the upgrade process during this phase may put your 3-DNS in a non-recoverable state.
  14. After the 3-DNS upgrade installation has completed, you need to install the new version of the big3d agent on all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems known to the 3-DNS, as follows:

    1. Log on to the 3-DNS at the command line.
    2. Type 3dnsmaint to open the 3-DNS Maintenance menu.
    3. Select Install and Start big3d, and press Enter.
      The 3-DNS detects all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in the network and updates their big3d agents.
    4. Press Enter to return to the 3-DNS Maintenance menu.
    5. Type Q to quit.

Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and the new configuration options.

[ Top ]

Installing the upgrade to systems running version 4.2BETA

The following instructions explain how to install the 3-DNS, version 4.2 onto existing crypto systems running version 4.2BETA.

Important! If you are running the 3-DNS module on a BIG-IP, do not apply this upgrade. Instead refer to the installation instructions for BIG-IP, version 4.2, as published in the BIG-IP, version 4.2 release note.

  1. On the 3-DNS, change to the /var/tmp/ directory:
    cd /var/tmp/
  2. Connect to the F5 Networks FTP site at ftp.f5.com.

  3. Download the upgrade file, Upgrade-4.2-0-BSD_OS-4.1.im , to the /var/tmp/ directory on the 3-DNS.

  4. Download the md5 file to the /var/tmp/ directory on the 3-DNS.
  5. Verify the integrity of the upgrade file by typing the md5 command where Upgrade-4.2-0-BSD_OS-4.1.im is the name of the upgrade file:
    md5_Upgrade-4.2-0-BSD_OS-4.1.im

    If the md5 numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.

  6. Note: To ensure that the upgrade does not overwrite any LDNS configuration information you may have on the 3-DNS, you should back up the 3-DNS configuration before you run the upgrade. To back up the 3-DNS configuration, open the 3-DNS Maintenance menu (type 3dnsmaint), and choose Backup the 3-DNS.

  7. Start the upgrade process by typing the following command from the /var/tmp directory:
    im Upgrade-4.2-0-BSD_OS-4.1.im

  8. After the 3-DNS upgrade installation has completed, you need to install the new version of the big3d agent on all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems known to the 3-DNS, as follows:

    1. Log on to the 3-DNS at the command line.
    2. Type 3dnsmaint to open the 3-DNS Maintenance menu.
    3. Select Install and Start big3d, and press Enter.
      The 3-DNS detects all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in the network and updates their big3d agents.
    4. Press Enter to return to the 3-DNS Maintenance menu.
    5. Type Q to quit.

Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and the new configuration options.

[ Top ]

New features and enhancements

Base network configuration
The base network configuration for the 3-DNS is now configured using some or all of the following objects: VLANs, self IP addresses, trunks, and interfaces. A VLAN is a logical grouping of network devices. You can use a VLAN to logically group devices that are on different network segments. Self IP addresses are the IP addresses owned by the 3-DNS. Interfaces are the network interface cards installed in the 3-DNS and are designated by a number that specifies their physical position in the 3-DNS. A trunk is a group of interfaces associated for link aggregation and fail-over.

For information on VLANs and trunks, see the 3-DNS Administrator Guide , Chapter 5, Configuring the Base Network.

You can also review the online help for the Network screens. To view the Network screens, in the navigation pane, click Network, and then click VLANs, VLAN Groups, Self IP Addresses, Trunks or Interfaces on the toolbar.

bigpipe utility
The bigpipe utility is a command line utility that you can use to configure several platform-level settings for the 3-DNS. To view the available bigpipe commands, type bigpipe at the command line. For information on syntax and usage, refer to the 3-DNS Reference Guide, Appendix C, bigpipe Command Reference.

ECV prober factory
The probing factories now include ECV, or extended content verification, factories. The big3d agent uses ECV factories to gather metrics from virtual servers. By default, five ECV factories are enabled. For more information, see the online help for the Add a <server type> or Modify a <server type> screens for 3-DNS, BIG-IP, GLOBAL-SITE, or EDGE-FX Cache.

Log file and messaging enhancements
The following pairs of log files (in the /var/log directory) have been consolidated: 3dns and 3dns.log are now 3dns, and syncd and syncd.log are now syncd. Due to the consolidation, the log files may contain messages that are intended for support personnel, in addition to messages intended for system administrators. If you want to filter out the support messages in either the 3dns or syncd log files, run the 3dns_filter_log <3dns | syncd> script.

Menu-driven Setup utility
The 3-DNS now offers a menu-driven Setup utility for all setup activities such as defining the default route, assigning IP addresses to the interfaces, and configuring remote access and administrative accounts. Several options on the Setup utility incorporate the configuration steps of the First-Time Boot utility from previous releases. To open the Setup utility, type config from the command line. Note that the Setup utility replaces all config_<option> and config <option> commands.

For more information on working with the Setup utility, refer to the 3-DNS Administrator Guide, Chapter 4, Working with the Setup Utility.

Pool types NS or CDN upgraded to new pool type, CNAME
If you have any pools that are type NS or CDN in your configuration, the 3-DNS converts them automatically to the new pool type, CNAME. For information on configuring the CNAME pool type, see the online help for the Add a New Wide IP Pool screen, in the Configuration utility. To view the Add a Wide IP Pool screen, click Wide IPs in the navigation pane, and then click the Add Pool button on the toolbar.

Search string in ECV monitors for wide IPs
You can now specify a regular expression text string that you want to verify with an ECV monitor on a wide IP. You can use any of the following regular expression characters in the search string.

Character Description
^ Specifies the start of a line.
$ Specifies the end of a line.
* Specifies a match of 0 (zero) or more characters.
? Specifies one instance of any character.
\ Releases any regular expression interpretation of the following character.
! Implies that if the string is not found, the wide IP status is up. Use at the beginning of the search string.

For more information, see the online help for the Modify Wide IP screen in the Configuration utility. If you want to configure an ECV search string from the command line, see the Configuring an ECV monitor search string from the command line section of this release note.

SSH version
The 3-DNS now uses SSh3, by default, for file transfers and synchronization.

System configuration tools
3-DNS, version 4.2 includes several new system-level configuration options, such as gateway pools, quiet boot, auto last hop, watchdog timer, and the option to save or restore system configuration files.

  • For information on gateway pools, see the online help for the System-Gateway Pool screen. To view the System-Gateway Pool screen, in the navigation pane, click System, and then click Gateway Pool on the toolbar.


  • For information on quiet boot, auto last hop, watchdog timer, and the option to save or restore system configuration files, see the online help for the System-Default Platform screen. To view the System-Platform screen, in the navigation pane click System, and then click Platform on the toolbar.

Note: If you are working with the 3-DNS module on a BIG-IP, these configuration tools are available in the BIG-IP Configuration utility.

Updated operating system
The 3-DNS is now running on a customized version of the BSDI operating system.

User-defined regions
When you use the Topology load balancing mode, you can now configure user-defined regions. By specifying user-defined regions, you can customize the topology statement to best meet your traffic management needs. For more information on user-defined regions, refer to the online help on the Regions List screen in the Configuration utility. To view the Regions List screen, click Topology in the navigation pane, and then click Manage User-Defined Regions on the toolbar.

[ Top ]

Fixes

The following issues are resolved in the current release.

Removing virtual server dependencies entries (CR11414)
You no longer see an error if you remove seven or more entries at one time from a Virtual Server Dependencies List (in the Configuration utility), and you are running Internet Explorer 5.0.

Fully qualified domain names in wide IPs (CR12314)
When you add or modify a wide IP definition, either by using the Configuration utility or by editing the wideip.conf file, the 3-DNS checks that the FQDN does not already exist in the configuration. If you try to use the same FQDN more than once, you see a warning that advises you that your configuration already contains the FQDN.

Modify Virtual Server Translations screen and proper data display (CR14029)
If you have configured more than one virtual server translation using the Configuration utility (for BIG-IP virtual servers only), the Modify Virtual Server Translations screen now refreshes properly when you remove a virtual server translation.

RSH configuration and the hosts.allow file (CR15549)
The hosts.allow file now understands IP addresses written in CIDR format; for example, 192.168.0.0/16.

Sync groups and renaming pools or wide IPs (CR16457)
When you have three or more 3-DNS systems in a sync group, and you rename a pool or wide IP more than once, the renamed pools or wide IPs now are synchronized properly.

The 3dpipe utility and sync group names (CR16672)
When you use the syncgroup commands in the 3dpipe utility, you can now use the show all command to see any configured sync groups.

The bigpipe command and rerunning the config utility (CR16788)
When you rerun the config utility, you no longer see the bigpipe error before the license screen appears.

The bleed_requests variable (CR17316)
The bleed_requests variable has been renamed the drain_requests variable in the 3-DNS Reference Guide, Appendix A, 3-DNS Configuration File.

Discovery factories and discovery ACLs have been removed (CR17557)
The 3-DNS no longer uses port discovery probes or factories to gather path data and metrics for local DNS servers.

Adding virtual servers to pools that have port lists configured (CR17691)
If you have pools configured with port lists, and you are adding additional virtual servers to those pools, the Configuration utility now lists only those virtual servers that use the same ports as those in the pool's port list.

Using ADAM with the 3-DNS (CR18162)
If you are using A Distributed Application Manager (ADAM) with the 3-DNS, you can now log in as the 3-DNS administrative user that you defined in the Configuration utility when you set up the 3-DNS.

Blue screens during upgrade installation (CR18192)
You no longer see blue screens during the disk access phase of the upgrade installation process.

Disabling data centers with 3dpipe and proper virtual server status display (CR18341)
When you use the 3dpipe utility to disable a data center, the status for any virtual servers in that data center now correctly displays as disabled by parent.

Deleting objects using the Configuration utility and synchronization (CR18858)
When you use the Configuration utility to delete objects, such as servers and virtual servers, the resulting changes are now properly synchronized to sync group members.

The bigpipe failover command and error messages (CR18865)
The bigpipe failover active command no longer returns an error message.

Upgrading from version 3.0 to version 4.2 and zone files (CR18876)
When you upgrade from 3-DNS, version 3.0 to version 4.2, the upgrade script now properly migrates the zone files that are managed by NameSurfer.

The 3-DNS now searches for a directory entry in /etc/named.conf that points to /var/namedb, and changes it to /config/3dns/namedb. The 3-DNS also attempts to move zone files from /var/namedb to /config/3dns/namedb. There are two circumstances, which combined, would cause this attempt to fail: first, if your 3-DNS was purchased with version 4.0.1 pre-installed, your /config directory is a partition. If you manage enough separate zones that the zone file data does not fit in the /config directory, the 3-DNS attempts to put the zone files under /3dns, another separate partition, and makes a link from /config/3dns/namedb to /3dns/namedb. If there is not enough room in the /3dns directory, the 3-DNS gives up and makes a link from /config/3dns/namedb to /var/namedb.

We have also changed 3dns_backup to parse the directory entry from /etc/named.conf so that if you choose not to follow our directory conventions, the 3-DNS still backs up your zone data.

User-defined regions and adding data center region member types (CR19019)
In the Configuration utility, you can now add the same data center region member type more than once to a single user-defined region.

User-defined regions and using the ISP region member type AOL (CR19029)
When you you specify AOL as an ISP region member type using the Configuration utility, you no longer experience difficulties with adding and removing the AOL region member in the region member list.

Using TCP as the iQuery protocol with firewalls or switches (CR19034)
When you use TCP as the iQuery protocol, and you have a firewall or switch between the 3-DNS and any big3d agents, the connection between the 3-DNS and the remote big3d agents is no longer shut off improperly by the firewall or switch. This issue arose when the switch or firewall was configured for short-lived TCP connections, and stopped passing packets before the iQuery connection was closed.

Using data center server location endpoints in a topology statement and the Topology load balancing mode within a pool (CR19037)
When you specify a data center as a server location endpoint in a topology statement, and you use the Topology load balancing mode within a pool, the 3-DNS now load balances as expected.

Dynamic persistence functionality (CR19045)
Dynamic persistence now works as expected.

The local DNS server IP don’t fragment setting and 3-DNS load balancing (CR19060)
When a local DNS server has set the IP don’t fragment bit to yes, the 3-DNS no longer forwards the packets straight to named for a response.

Topology records and using the isp.AOL designator (CR19112)
The Topology load balancing mode now recognizes topology records that use the isp.AOL designator for local DNS servers.

The ECV search string and large files (CR19127)
If you are using the search string option for an FTP ECV monitor, the search no longer fails if you are monitoring a large file.

Using the Configuration utility to change the pool order when the pool load balancing mode is Global Availability (CR19151)
You can now use the Configuration utility to change the pool order when the pool load balancing mode (Pool LB Mode) is set to Global Availability.

Using TCP iQuery connections and modifying the configuration using the Configuration utility (CR19212)
When you set the iQuery protocol to TCP, and you use the Configuration utility to modify any configuration settings, the 3-DNS no longer unnecessarily marks the servers and virtual servers as down (red ball), and it no longer breaks the TCP/IP connection.

Renaming existing wide IPs or wide IP aliases (CR19266, CR19274)
When you rename an existing wide IP or alias that is in a 3-DNS sync group, the change is now properly migrated to NameSurfer.

new since release Synchronization and deleting virtual server dependencies and virtual server translations (CR20208)
Deleting virtual server translations and virtual server dependencies is now properly synchronized when your 3-DNS systems are in a sync group.

CERT Advisory CA-2002-03, Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
The security vulnerability that is outlined in CERT Advisory CA-2002-03, Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP), has been fixed.

[ Top ]

Configuring and using the new software

The following sections provide configuration details on any required changes in version 4.2, as well as configuration details for several of the new features.

Required configuration changes

The current release has the following required configuration changes.

Configuring SSH between 3-DNS systems

Once you have installed the version 4.2 upgrade on all 3-DNS systems in your network, you need to reconfigure the SSH communications between those devices.

To configure SSH communications

  1. From the command line, type the following:
    3dnsmaint

    The 3-DNS Maintenance menu opens.


  2. Using the arrow keys, select Configure SSH communication with remote devices, and press Enter.
    The script asks if you want to configure SSH communications for all 3-DNS, BIG-IP, GLOBAL-SITE, and EDGE-FX Cache systems known to the 3-DNS.


  3. Type y for yes.
    The script reconfigures SSH communications for all known 3-DNS, BIG-IP, GLOBAL-SITE, and EDGE-FX Cache systems.


  4. When the script has finished, type Q to exit the 3-DNS Maintenance menu.

Re-establishing iQuery communications after you upgrade to version 4.2

The following instructions detail how to re-establish iQuery communications in your network if you have more than one 3-DNS in your network, and they are not all running 3-DNS, version 4.2. You can use one of the following options to re-establish your iQuery communications:

  • Upgrade all 3-DNS systems in your network to version 4.2
  • Change the iQuery protocol to TCP
  • Copy the 4.2 version of the big3d agent to the other 3-DNS systems in your network

Note: If you do not re-establish iQuery communications with the other 3-DNS systems in your network, then metrics collection will not function properly.

If you want to change the iQuery protocol to TCP, use the following instructions. (Note that UDP is the preferred iQuery protocol.)

To change the iQuery protocol using the Configuration utility

  1. In the navigation pane, expand the Servers item, and then click 3-DNS.
    The 3-DNS List screen opens.


  2. In the 3-DNS Name column, click the name of the 3-DNS that you want to modify.
    The Modify 3-DNS screen opens.


  3. Change the iQuery Protocol setting from UDP to TCP, and click Update.
    The change is added to the configuration.

If you want to distribute the 4.2 version of the big3d agent to the other 3-DNS systems in your network, use the following instructions.

To copy the updated big3d agent to version 3.0 and version 4.0.1 systems

Note: Perform the following tasks on the 3-DNS that has been updated to version 4.2.

  1. Reconfigure the SSH communications between your 3-DNS systems using the instructions in the 500 Internal Server Error

    Internal Server Error

    Cannot serve request to /content/kb/en-us/archived_products/3-dns/releasenotes/product/relnotes4_2.html on this server


    Apache Sling