Release Notes : 3-DNS Controller, Release Note

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.2.0
Release Notes
Updated Date: 04/18/2019

Summary:

This release note documents version 4.2 of the 3-DNS system. You can apply the software upgrade to crypto version 3.0 and later. For information about installing the software upgrade, please refer to the instructions below.

Contents:

Installing the upgrade

The instructions for installing version 4.2 upgrade are different depending on whether you are installing the upgrade on a system running 3-DNS, version 3.0 or later, or 3-DNS, version 4.2BETA. If you are running 3-DNS, version 3.0 or later, click here. If you are running 3-DNS, version 4.2BETA, click here.

Important! If you are running the 3-DNS module on a BIG-IP, do not apply this upgrade. Instead refer to the installation instructions for BIG-IP, version 4.2, as published in the BIG-IP version 4.2 release note.

Minimum system requirements

This section describes the minimum system requirements for this release.

  • Intel® Pentium® II 266MHz processor
  • 1GB disk drive
  • 128MB RAM

Installing the upgrade to systems running version 3.0 and later

Important!  Do not apply this upgrade to a 3-DNS running a version prior to 3.0.

The following instructions explain how to install the 3-DNS, version 4.2 onto existing crypto systems running version 3.0 and later.

  1. On the 3-DNS, change to the /var/tmp/ directory:
    cd /var/tmp/
  2. Connect to the F5 Networks FTP site at ftp.f5.com.

  3. Download the upgrade file, Upgrade-4.2-4.0.1.tgz, to the /var/tmp/ directory on the 3-DNS.

  4. Download the md5 file to the /var/tmp/ directory on the 3-DNS.
  5. Verify the integrity of the upgrade file by typing the md5 command where Upgrade-4.2-4.0.1.tgz is the name of the upgrade file:
    md5 Upgrade-4.2-4.0.1.tgz

    If the md5 numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.

  6. Extract the kit file in the /var/tmp/ directory by typing the following command:
    tar -xvzf Upgrade-4.2-4.0.1.tgz
  7. Start the upgrade process by typing the following command from the /var/tmp directory:
    ./upgrade_install

  8. Note: The upgrade process saves the configuration files in the /config, /3dns, and /root directories, and most files from the /etc directory, and then performs a clean installation of 3-DNS, version 4.2. Once the 4.2 installation is complete, the upgrade script imports the saved configuration files. The upgrade process does not preserve any non-standard files that you may have on your 3-DNS. If you want to retain any non-standard files during this upgrade, then you need to save the files to a remote location before you run the upgrade script, and manually restore the non-standard files after the upgrade process is complete.

  9. Press Enter.
    The upgrade script saves all the configuration files in the /config, /3dns, and /root directories, and several files from the /etc directory. (If you are running version 3.0, the upgrade script also saves the files in the /var/3dns directory.)
  10. Next, the upgrade script asks if you want to save the rollback tar file to a remote location. (The rollback tar file contains all the configuration files necessary to perform a complete rollback to the existing 3-DNS version.)

    • Type Y if you want to save your configuration files in a rollback tar file on a remote location. A shell opens, where you can use ftp or scp to copy the rollback tar file to a remote location.


    • Otherwise, type N to continue the upgrade process.
  11. Note: The upgrade process automatically copies the saved configuration files and installs them in the 4.2 version of 3-DNS. You would need to use this remote rollback file to restore a configuration only if the upgrade procedure fails, and the 3-DNS is left in a non-recoverable state. If this were to happen, you would reinstall 3-DNS, version 4.0.1 using a CD-ROM. You could then use the remote copy of the rollback tar file to return the system to its pre-upgrade state. Be aware that it is highly unlikely that you will need the remote rollback tar file.

  12. The upgrade script next prompts you to re-enter all of the passwords for all system user accounts, web administration user accounts, and NameSurferTM user accounts because the encryption method used by 3-DNS has changed.

    • When you update the system user accounts and the web administration user accounts, you are prompted to re-enter the password for each existing user account. Type Y if you want to re-enter the existing passwords, or type N to proceed with the upgrade without resetting the passwords. Note that if you decide to continue with the upgrade without resetting the passwords, the upgrade script resets all current passwords to default for the system user accounts and the web administration user accounts.


    • When you update the user accounts for NameSurfer, you are not prompted to update a specific existing account. Rather, you can either add user accounts for NameSurfer, or continue with the upgrade process. You can add multiple NameSurfer users until you choose to continue with the upgrade process.
  13. Once you have finished updating all the passwords, the remainder of the upgrade process continues without further user intervention. Note that the final stages of the upgrade process take several minutes, and your system is offline during this time. Depending on your system's configuration, this stage can take from 5 to over 20 minutes. Do not take any action on the 3-DNS until you see the login prompt, as interfering with the upgrade process during this phase may put your 3-DNS in a non-recoverable state.
  14. After the 3-DNS upgrade installation has completed, you need to install the new version of the big3d agent on all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems known to the 3-DNS, as follows:

    1. Log on to the 3-DNS at the command line.
    2. Type 3dnsmaint to open the 3-DNS Maintenance menu.
    3. Select Install and Start big3d, and press Enter.
      The 3-DNS detects all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in the network and updates their big3d agents.
    4. Press Enter to return to the 3-DNS Maintenance menu.
    5. Type Q to quit.

Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and the new configuration options.

[ Top ]

Installing the upgrade to systems running version 4.2BETA

The following instructions explain how to install the 3-DNS, version 4.2 onto existing crypto systems running version 4.2BETA.

Important! If you are running the 3-DNS module on a BIG-IP, do not apply this upgrade. Instead refer to the installation instructions for BIG-IP, version 4.2, as published in the BIG-IP, version 4.2 release note.

  1. On the 3-DNS, change to the /var/tmp/ directory:
    cd /var/tmp/
  2. Connect to the F5 Networks FTP site at ftp.f5.com.

  3. Download the upgrade file, Upgrade-4.2-0-BSD_OS-4.1.im , to the /var/tmp/ directory on the 3-DNS.

  4. Download the md5 file to the /var/tmp/ directory on the 3-DNS.
  5. Verify the integrity of the upgrade file by typing the md5 command where Upgrade-4.2-0-BSD_OS-4.1.im is the name of the upgrade file:
    md5_Upgrade-4.2-0-BSD_OS-4.1.im

    If the md5 numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.

  6. Note: To ensure that the upgrade does not overwrite any LDNS configuration information you may have on the 3-DNS, you should back up the 3-DNS configuration before you run the upgrade. To back up the 3-DNS configuration, open the 3-DNS Maintenance menu (type 3dnsmaint), and choose Backup the 3-DNS.

  7. Start the upgrade process by typing the following command from the /var/tmp directory:
    im Upgrade-4.2-0-BSD_OS-4.1.im

  8. After the 3-DNS upgrade installation has completed, you need to install the new version of the big3d agent on all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems known to the 3-DNS, as follows:

    1. Log on to the 3-DNS at the command line.
    2. Type 3dnsmaint to open the 3-DNS Maintenance menu.
    3. Select Install and Start big3d, and press Enter.
      The 3-DNS detects all BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in the network and updates their big3d agents.
    4. Press Enter to return to the 3-DNS Maintenance menu.
    5. Type Q to quit.

Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and the new configuration options.

[ Top ]

New features and enhancements

Base network configuration
The base network configuration for the 3-DNS is now configured using some or all of the following objects: VLANs, self IP addresses, trunks, and interfaces. A VLAN is a logical grouping of network devices. You can use a VLAN to logically group devices that are on different network segments. Self IP addresses are the IP addresses owned by the 3-DNS. Interfaces are the network interface cards installed in the 3-DNS and are designated by a number that specifies their physical position in the 3-DNS. A trunk is a group of interfaces associated for link aggregation and fail-over.

For information on VLANs and trunks, see the 3-DNS Administrator Guide , Chapter 5, Configuring the Base Network.

You can also review the online help for the Network screens. To view the Network screens, in the navigation pane, click Network, and then click VLANs, VLAN Groups, Self IP Addresses, Trunks or Interfaces on the toolbar.

bigpipe utility
The bigpipe utility is a command line utility that you can use to configure several platform-level settings for the 3-DNS. To view the available bigpipe commands, type bigpipe at the command line. For information on syntax and usage, refer to the 3-DNS Reference Guide, Appendix C, bigpipe Command Reference.

ECV prober factory
The probing factories now include ECV, or extended content verification, factories. The big3d agent uses ECV factories to gather metrics from virtual servers. By default, five ECV factories are enabled. For more information, see the online help for the Add a <server type> or Modify a <server type> screens for 3-DNS, BIG-IP, GLOBAL-SITE, or EDGE-FX Cache.

Log file and messaging enhancements
The following pairs of log files (in the /var/log directory) have been consolidated: 3dns and 3dns.log are now 3dns, and syncd and syncd.log are now syncd. Due to the consolidation, the log files may contain messages that are intended for support personnel, in addition to messages intended for system administrators. If you want to filter out the support messages in either the 3dns or syncd log files, run the 3dns_filter_log <3dns | syncd> script.

Menu-driven Setup utility
The 3-DNS now offers a menu-driven Setup utility for all setup activities such as defining the default route, assigning IP addresses to the interfaces, and configuring remote access and administrative accounts. Several options on the Setup utility incorporate the configuration steps of the First-Time Boot utility from previous releases. To open the Setup utility, type config from the command line. Note that the Setup utility replaces all config_<option> and config <option> commands.

For more information on working with the Setup utility, refer to the 3-DNS Administrator Guide, Chapter 4, Working with the Setup Utility.

Pool types NS or CDN upgraded to new pool type, CNAME
If you have any pools that are type NS or CDN in your configuration, the 3-DNS converts them automatically to the new pool type, CNAME. For information on configuring the CNAME pool type, see the online help for the Add a New Wide IP Pool screen, in the Configuration utility. To view the Add a Wide IP Pool screen, click Wide IPs in the navigation pane, and then click the Add Pool button on the toolbar.

Search string in ECV monitors for wide IPs
You can now specify a regular expression text string that you want to verify with an ECV monitor on a wide IP. You can use any of the following regular expression characters in the search string.

Character Description
^ Specifies the start of a line.
$ Specifies the end of a line.
* Specifies a match of 0 (zero) or more characters.
? Specifies one instance of any character.
\ Releases any regular expression interpretation of the following character.
! Implies that if the string is not found, the wide IP status is up. Use at the beginning of the search string.

For more information, see the online help for the Modify Wide IP screen in the Configuration utility. If you want to configure an ECV search string from the command line, see the Configuring an ECV monitor search string from the command line section of this release note.

SSH version
The 3-DNS now uses SSh3, by default, for file transfers and synchronization.

System configuration tools
3-DNS, version 4.2 includes several new system-level configuration options, such as gateway pools, quiet boot, auto last hop, watchdog timer, and the option to save or restore system configuration files.

  • For information on gateway pools, see the online help for the System-Gateway Pool screen. To view the System-Gateway Pool screen, in the navigation pane, click System, and then click Gateway Pool on the toolbar.


  • For information on quiet boot, auto last hop, watchdog timer, and the option to save or restore system configuration files, see the online help for the System-Default Platform screen. To view the System-Platform screen, in the navigation pane click System, and then click Platform on the toolbar.

Note: If you are working with the 3-DNS module on a BIG-IP, these configuration tools are available in the BIG-IP Configuration utility.

Updated operating system
The 3-DNS is now running on a customized version of the BSDI operating system.

User-defined regions
When you use the Topology load balancing mode, you can now configure user-defined regions. By specifying user-defined regions, you can customize the topology statement to best meet your traffic management needs. For more information on user-defined regions, refer to the online help on the Regions List screen in the Configuration utility. To view the Regions List screen, click Topology in the navigation pane, and then click Manage User-Defined Regions on the toolbar.

[ Top ]

Fixes

The following issues are resolved in the current release.

Removing virtual server dependencies entries (CR11414)
You no longer see an error if you remove seven or more entries at one time from a Virtual Server Dependencies List (in the Configuration utility), and you are running Internet Explorer 5.0.

Fully qualified domain names in wide IPs (CR12314)
When you add or modify a wide IP definition, either by using the Configuration utility or by editing the wideip.conf file, the 3-DNS checks that the FQDN does not already exist in the configuration. If you try to use the same FQDN more than once, you see a warning that advises you that your configuration already contains the FQDN.

Modify Virtual Server Translations screen and proper data display (CR14029)
If you have configured more than one virtual server translation using the Configuration utility (for BIG-IP virtual servers only), the Modify Virtual Server Translations screen now refreshes properly when you remove a virtual server translation.

RSH configuration and the hosts.allow file (CR15549)
The hosts.allow file now understands IP addresses written in CIDR format; for example, 192.168.0.0/16.

Sync groups and renaming pools or wide IPs (CR16457)
When you have three or more 3-DNS systems in a sync group, and you rename a pool or wide IP more than once, the renamed pools or wide IPs now are synchronized properly.

The 3dpipe utility and sync group names (CR16672)
When you use the syncgroup commands in the 3dpipe utility, you can now use the show all command to see any configured sync groups.

The bigpipe command and rerunning the config utility (CR16788)
When you rerun the config utility, you no longer see the bigpipe error before the license screen appears.

The bleed_requests variable (CR17316)
The bleed_requests variable has been renamed the drain_requests variable in the 3-DNS Reference Guide, Appendix A, 3-DNS Configuration File.

Discovery factories and discovery ACLs have been removed (CR17557)
The 3-DNS no longer uses port discovery probes or factories to gather path data and metrics for local DNS servers.

Adding virtual servers to pools that have port lists configured (CR17691)
If you have pools configured with port lists, and you are adding additional virtual servers to those pools, the Configuration utility now lists only those virtual servers that use the same ports as those in the pool's port list.

Using ADAM with the 3-DNS (CR18162)
If you are using A Distributed Application Manager (ADAM) with the 3-DNS, you can now log in as the 3-DNS administrative user that you defined in the Configuration utility when you set up the 3-DNS.

Blue screens during upgrade installation (CR18192)
You no longer see blue screens during the disk access phase of the upgrade installation process.

Disabling data centers with 3dpipe and proper virtual server status display (CR18341)
When you use the 3dpipe utility to disable a data center, the status for any virtual servers in that data center now correctly displays as disabled by parent.

Deleting objects using the Configuration utility and synchronization (CR18858)
When you use the Configuration utility to delete objects, such as servers and virtual servers, the resulting changes are now properly synchronized to sync group members.

The bigpipe failover command and error messages (CR18865)
The bigpipe failover active command no longer returns an error message.

Upgrading from version 3.0 to version 4.2 and zone files (CR18876)
When you upgrade from 3-DNS, version 3.0 to version 4.2, the upgrade script now properly migrates the zone files that are managed by NameSurfer.

The 3-DNS now searches for a directory entry in /etc/named.conf that points to /var/namedb, and changes it to /config/3dns/namedb. The 3-DNS also attempts to move zone files from /var/namedb to /config/3dns/namedb. There are two circumstances, which combined, would cause this attempt to fail: first, if your 3-DNS was purchased with version 4.0.1 pre-installed, your /config directory is a partition. If you manage enough separate zones that the zone file data does not fit in the /config directory, the 3-DNS attempts to put the zone files under /3dns, another separate partition, and makes a link from /config/3dns/namedb to /3dns/namedb. If there is not enough room in the /3dns directory, the 3-DNS gives up and makes a link from /config/3dns/namedb to /var/namedb.

We have also changed 3dns_backup to parse the directory entry from /etc/named.conf so that if you choose not to follow our directory conventions, the 3-DNS still backs up your zone data.

User-defined regions and adding data center region member types (CR19019)
In the Configuration utility, you can now add the same data center region member type more than once to a single user-defined region.

User-defined regions and using the ISP region member type AOL (CR19029)
When you you specify AOL as an ISP region member type using the Configuration utility, you no longer experience difficulties with adding and removing the AOL region member in the region member list.

Using TCP as the iQuery protocol with firewalls or switches (CR19034)
When you use TCP as the iQuery protocol, and you have a firewall or switch between the 3-DNS and any big3d agents, the connection between the 3-DNS and the remote big3d agents is no longer shut off improperly by the firewall or switch. This issue arose when the switch or firewall was configured for short-lived TCP connections, and stopped passing packets before the iQuery connection was closed.

Using data center server location endpoints in a topology statement and the Topology load balancing mode within a pool (CR19037)
When you specify a data center as a server location endpoint in a topology statement, and you use the Topology load balancing mode within a pool, the 3-DNS now load balances as expected.

Dynamic persistence functionality (CR19045)
Dynamic persistence now works as expected.

The local DNS server IP don’t fragment setting and 3-DNS load balancing (CR19060)
When a local DNS server has set the IP don’t fragment bit to yes, the 3-DNS no longer forwards the packets straight to named for a response.

Topology records and using the isp.AOL designator (CR19112)
The Topology load balancing mode now recognizes topology records that use the isp.AOL designator for local DNS servers.

The ECV search string and large files (CR19127)
If you are using the search string option for an FTP ECV monitor, the search no longer fails if you are monitoring a large file.

Using the Configuration utility to change the pool order when the pool load balancing mode is Global Availability (CR19151)
You can now use the Configuration utility to change the pool order when the pool load balancing mode (Pool LB Mode) is set to Global Availability.

Using TCP iQuery connections and modifying the configuration using the Configuration utility (CR19212)
When you set the iQuery protocol to TCP, and you use the Configuration utility to modify any configuration settings, the 3-DNS no longer unnecessarily marks the servers and virtual servers as down (red ball), and it no longer breaks the TCP/IP connection.

Renaming existing wide IPs or wide IP aliases (CR19266, CR19274)
When you rename an existing wide IP or alias that is in a 3-DNS sync group, the change is now properly migrated to NameSurfer.

new since release Synchronization and deleting virtual server dependencies and virtual server translations (CR20208)
Deleting virtual server translations and virtual server dependencies is now properly synchronized when your 3-DNS systems are in a sync group.

CERT Advisory CA-2002-03, Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
The security vulnerability that is outlined in CERT Advisory CA-2002-03, Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP), has been fixed.

[ Top ]

Configuring and using the new software

The following sections provide configuration details on any required changes in version 4.2, as well as configuration details for several of the new features.

Required configuration changes

The current release has the following required configuration changes.

Configuring SSH between 3-DNS systems

Once you have installed the version 4.2 upgrade on all 3-DNS systems in your network, you need to reconfigure the SSH communications between those devices.

To configure SSH communications

  1. From the command line, type the following:
    3dnsmaint

    The 3-DNS Maintenance menu opens.


  2. Using the arrow keys, select Configure SSH communication with remote devices, and press Enter.
    The script asks if you want to configure SSH communications for all 3-DNS, BIG-IP, GLOBAL-SITE, and EDGE-FX Cache systems known to the 3-DNS.


  3. Type y for yes.
    The script reconfigures SSH communications for all known 3-DNS, BIG-IP, GLOBAL-SITE, and EDGE-FX Cache systems.


  4. When the script has finished, type Q to exit the 3-DNS Maintenance menu.

Re-establishing iQuery communications after you upgrade to version 4.2

The following instructions detail how to re-establish iQuery communications in your network if you have more than one 3-DNS in your network, and they are not all running 3-DNS, version 4.2. You can use one of the following options to re-establish your iQuery communications:

  • Upgrade all 3-DNS systems in your network to version 4.2
  • Change the iQuery protocol to TCP
  • Copy the 4.2 version of the big3d agent to the other 3-DNS systems in your network

Note: If you do not re-establish iQuery communications with the other 3-DNS systems in your network, then metrics collection will not function properly.

If you want to change the iQuery protocol to TCP, use the following instructions. (Note that UDP is the preferred iQuery protocol.)

To change the iQuery protocol using the Configuration utility

  1. In the navigation pane, expand the Servers item, and then click 3-DNS.
    The 3-DNS List screen opens.


  2. In the 3-DNS Name column, click the name of the 3-DNS that you want to modify.
    The Modify 3-DNS screen opens.


  3. Change the iQuery Protocol setting from UDP to TCP, and click Update.
    The change is added to the configuration.

If you want to distribute the 4.2 version of the big3d agent to the other 3-DNS systems in your network, use the following instructions.

To copy the updated big3d agent to version 3.0 and version 4.0.1 systems

Note: Perform the following tasks on the 3-DNS that has been updated to version 4.2.

  1. Reconfigure the SSH communications between your 3-DNS systems using the instructions in the Configuring SSH between 3-DNS systems section of this release note.


  2. Change to the store directory by typing:
    cd /usr/local/3dns/store


  3. Copy the big3dfreebsd.gz tar file to the remote 3-DNS.
    scp big3dfreebsd.gz <ip_address>:/var/tmp


  4. Open an ssh session to the remote 3-DNS.
    ssh <ip_address>


  5. Stop the currently running big3d agent.
    big3d -stop


  6. Move the current big3d agent to big3d.old.
    mv /usr/sbin/big3d /usr/sbin/big3d.old


  7. Install the updated big3d agent.
    gunzip -c /var/tmp/big3dfreebsd.gz /usr/sbin/big3d


  8. Make the big3d agent executable.
    chmod 755 /usr/sbin/big3d


  9. Restart the updated big3d agent.
    big3d


[ Top ]

Additional configuration options

Configuring an ECV monitor search string from the command line

You can configure an ECV monitor search string using either the configuration utility, or from the command line. If you want to add a search string to an ECV monitor from the command line, use the following instructions.

To add a search string to an ECV monitor from the command line

  1. From the command line, open the 3-DNS Maintenance menu by typing:
    3dnsmaint

    The 3-DNS Maintenance menu opens.


  2. Choose Edit 3-DNS Configuration from the menu, and press Enter.


  3. Use the following syntax to add an ECV monitor with a search string to an existing wide IP definition.

    wideip {
       address           192.168.10.10
       port              80 // http
       ttl               30
       name              "wip.domain.com" 
    
       ecv {
          protocol           http
          filename           "index.html"
          scan_level         first
          search_string      "!404"
       }
    
       pool {
          name           "home_site"
          ratio          1
          last_resort    no
          limit { /* none */ }
          ttl            30
          preferred      rr
    
          address           11.22.33.1
       }
    }
    


Working with the Setup utility

You can use the Setup utility to configure network, communications, and several system settings for your 3-DNS. The Setup utility starts automatically when you turn on a 3-DNS for the very first time. You can also run the Setup utility at any time by typing config at the command line.

When you open the Setup utility, you see the following menu:

INITIAL SETUP MENU  
(A) All configuration steps (R) Steps for redundant systems
   
REQUIRED  
(E) Set default gateway pool (V) Configure VLANs & networking
(H) Set host name (W) Configure web servers
(P) Set root password  
   
OPTIONAL  
(D) Configure DNS (O) Configure remote access
(F) Configure FTP (S) Configure SSH
(I) Initialize iControl portal (T) Configure Telnetd
(K) Set keyboard type (U) Configure RSH
(M) Define time servers (Z) Set time zone
(N) Configure NameSurfer (Q) Quit
   
Enter choice:  

Type the letter that corresponds to the option you want to run. Each option in the Setup utility contains help text on the screen. Note that you can run all the configuration steps by typing A.

Note: The upgrade script automatically converts the existing settings on your 3-DNS to the appropriate settings in the Setup utility.

[ Top ]

Known issues

The following items are known issues in the current release.

Statistics screens and viewing 3-DNS status (CR9452)
When you disable a 3-DNS that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens in the disabled system's Configuration utility display an inaccurate status (a red ball) for all of the other 3-DNS systems in the same sync group. You can see the correct status of the systems in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS in the sync group.

Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure to view the Histograms or Metrics.

  1. In the navigation pane, expand the Statistics item, and click Probers.
  2. In the Prober Statistics screen, click either Metrics or Histogram.
    A dialog box appears.
  3. Select Save this file to disk and click OK.

The browser saves the file, and you can now open the file using Microsoft Excel.

ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server.

The kilobytes per second rate as displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be. The total byte count returned from the ArrowPoint MIB is 16 times smaller than the total byte count that was actually handled.

Java applets and the Configuration utility (CR10381)
Parts of the Configuration utility for the 3-DNS use Java applets and require the presence of the Java Virtual Machine (JVM) on your local machine. However, some default installations of Internet Explorer do not contain the JVM. If your version of Internet Explorer does not contain a JVM, you can obtain a JVM by going to the Tools menu, choosing the Windows Update link, selecting PRODUCT UPDATES, and looking in the Additional Windows Features section. Alternately, you can go to the Internet Explorer section of Microsoft's web site.

Screen resolution and the Configuration utility (CR10518)
If the screen resolution on your monitor is set to less than 1024 x 768 pixels, you may not see the entire 3-DNS toolbar in the Configuration utility. If your monitor allows it, we recommend that you set your screen resolution to 1024 x 768 pixels.

Netscape Navigator 6.0 (CR11008)
The Configuration utility does not currently support Netscape 6.0.

Non-crypto EDGE-FX Caches (CR11035)
When using an RSH session to connect to an EDGE-FX Cache that does not have SSH available (a non-crypto EDGE-FX Cache), you may get a connection refused error message.
To use an RSH session with a non-crypto EDGE-FX Cache

  1. Use Telnet or a terminal console to connect to the EDGE-FX Cache.
  2. In the /etc/inetd.conf file, remove the comment (#) character from the line:
    #shell stream tcp nowait root /usr/libexec/rshd rshd
  3. Type the following command:
    kill -HUP `cat /var/run/inetd.pid`
    This causes the inetd daemon to re-read its configuration.

Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map.

Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map.

Synchronization and prior 3-DNS versions (CR11186)
3-DNS, version 4.2 does not synchronize with 3-DNS systems that are running versions prior to 4.2.

Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box. We recommend that you do not configure a production rule with the Date/Time time variable.

MindTerm SSH Client and multiple Netscape browser sessions (CR12121)
If you have more than one MindTerm SSH Client session open, and you are running Netscape, you can close only one session. We recommend that you open only one instance of the MindTerm SSH Client.

MindTerm SSH Client with Netscape Navigator on UNIX systems (CR12132)
If you are running Netscape on a UNIX (Linux, *BSD, Solaris) system, the MindTerm SSH Client item is not available in the navigation pane of the Configuration utility. Instead you can access the 3-DNS command line utility using a standard SSH connection.

Global Availability or Ratio load balancing within a pool (CR13112)
When you create a pool for a new or for an existing wide IP, and you use the Global Availability or Ratio load balancing method, you may experience problems under the following circumstances:

  • You are using Internet Explorer 5.0 or 5.5.
  • You select Global Availability or Ratio in the Load Balancing Modes, Preferred list on the Configure Load Balancing for New Pool screen.
  • You have a large quantity of virtual servers in your configuration.
If you want to use the Global Availability or Ratio load balancing method, and you meet the previous criteria, please see the Using Global Availability or Ratio load balancing for pools work-around following this table.

The 3-DNS Maintenance menu and new installations (CR14777)
When you are working with a new 3-DNS, before you can use the Edit 3-DNS Configuration command on the 3-DNS Maintenance menu, you need to add a data center and a 3-DNS to the configuration using the Configuration utility.

Non-crypto systems and RSH (CR14832)
If you have non-crypto systems, you must configure RSH from the command line to establish secure communications between the 3-DNS and other F5 systems. If you have a mixed environment, with crypto and non-crypto systems, you must configure RSH as well as SSH on the crypto systems, so that they can communicate with the non-crypto systems. For details on how to configure the rsh utility, see the Configuring RSH on non-crypto systems work-around.

BIG-IP systems with the 3-DNS module, and copying iQuery keys (CR14926)
When you use the Generate and Copy iQuery Encryption Key command on the 3-DNS Maintenance menu, the command sometimes fails to copy the key from a previously configured BIG-IP on to a newly configured BIG-IP with the 3-DNS module. The command may also copy the key to the local system and fail to copy the key to any remote system. If the copy fails (in either instance), re-run the command, and select either the Keep option (which retains the local system's key and copies it out to the other systems), or the Build option (which creates a new key and copies it out to the other systems). 

Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error, and you may not be able to delete the sync group, if you use special characters in the sync group names. To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the sync group names.

Data center names in the Configuration utility (CR14990)
In the Configuration utility, you may get an internal server error, and you may not be able to delete the data center, if you use special characters in the data center names. To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the data center names.

Opening PDF files from the 3-DNS home screen (CR15901)
Occasionally, when you open any of the PDF files available on the home screen of the Configuration utility, the CPU usage for your work station may spike to 100%. To avoid this problem, right-click the name of the PDF file that you want to open, and choose Save Target As to save the PDF file on your workstation. You can then open the PDF file using Adobe® Acrobat® Reader, version 3.0 and later.

Adding servers using the Configuration utility and the Back button in Internet Explorer (CR17504)
Occasionally, when you add a new server to the 3-DNS configuration using the Configuration utility, and you are using the Configuration utility in a Microsoft® Internet Explorer browser session, you may get an error when you use the Back button to return to a previous screen. The error is benign, and you can click any item in the navigation screen to clear the error.

Enabling the IP classifier (crypto systems only) (CR18264)
If you use the Topology load balancing feature, you must make the following change to the wideip.conf file so the 3-DNS can classify continent and country of origin for local DNS servers.

  1. From the command line, open the 3-DNS Maintenance menu:
    3dnsmaint
  2. Using the arrow keys, choose Edit 3-DNS Configuration and press Enter.
  3. Add the following line to the include statement in the wideip.conf file.
    include geoloc "netIana.inc"
    The include statement loads the IP classifier so Topology load balancing can classify LDNS requests.

Upgrading multiple 3-DNS systems and iQuery communications (CR18870)
When you have more than one 3-DNS in your network, and you are upgrading to version 4.2, iQuery communications between the upgraded 3-DNS and the other systems in your network are temporarily interrupted because version 4.2 has a newer version of iQuery. See Re-establishing iQuery communications after you upgrade, in the Required configuration changes section of this release note.

Using the 3-DNS in bridge mode (CR18873)
In version 4.2, you cannot configure the 3-DNS in bridge mode using a remote connection or using the Configuration utility. You must configure bridge mode using a local connection. For details on configuring bridge mode, see the Configuring bridge mode in version 4.2 section of this release note.

Using the web-based Setup utility to configure bridge or router mode (CR18892)
If you want to configure the 3-DNS in bridge or router mode, you cannot use the web-based Setup utility. You can, however, use the Setup utility from the command line to configure bridge or router mode.

Deleting and renaming objects using the Configuration utility, and synchronization (CR19443)
When you delete or rename objects (such as data centers and wide IPs) using the Configuration utility, the resulting changes are not properly synchronized to sync group members. Note that the synchronization feature works best if you make all configuration changes on one system, and then wait at least a minute before you verify the changes on the remaining sync group members.

Synchronizing configuration changes across multiple systems (CR19521)
When you change a configuration (using the Configuration utility) on a system in a sync group, there is a delay before the changes are synchronized to the other members in the sync group. You should wait at least thirty (30) seconds before you use the Configuration utility of another sync group member to make changes to the configuration.

Running the web-based Setup utility more than once (CR19627)
When you run the web-based Setup utility more than once, you may encounter runtime errors. The errors are benign. If you need to rerun the Setup utility, we recommend that you do so from the command line, by typing config.

Using the web-based Setup utility for initial configuration (CR19672)
When you use the web-based Setup utility for the initial configuration of the 3-DNS, you use a default IP address in the URL to log in, for example, http://192.168.1.245. Once you have completed the configuration, refreshing the browser does not open the login screen for the 3-DNS. Instead, you need to replace the default IP address in the URL with the IP address that you assigned to the 3-DNS. If you are running a crypto 3-DNS, you also need to change to the HTTPS protocol in the URL. For example, if you configure a crypto 3-DNS with the 192.168.11.22 address, you would type https://192.168.11.22 in the address bar of the browser.

Configuring a single VLAN in the Setup utility (CR19705)
During the initial configuration (using the Setup utility), when you configure a single VLAN with a single interface, you get the following error message when the 3-DNS reboots:

/config/bigip_base.conf: The requested VLAN was not found." in line 20

To avoid this error, you can do one of two things:

  • You can configure two VLANs on the 3-DNS
  • You can remove the default vlan internal definition from the bigip_base.conf file, using the following bigpipe command:
    b vlan internal delete

Special characters in pool names and viewing the Network Map (CR19756)
When you use the colon character ( : ) in a pool name, and then try to view the Network Map, the Network Map does not display. To avoid this error, do not use the colon character in pool names.

new since release SNMP probes and host servers (CR19784)
SNMP probes to host servers always use SNMP, version 1.

new since release The Dump 3-DNS Statistics command on the 3-DNS Maintenance menu and viewing EDGE-FX Cache statistics (CR20000)
When you use the Dump 3-DNS Statistics command on the 3-DNS Maintenance menu, and you choose EDGE-FX, the command exits without a warning when you have no EDGE-FX Caches defined in your configuration.

new since release The Restore a 3-DNS from a backup command on the 3-DNS Maintenance menu and the 3dnsd daemon (CR20024)
When you use the Restore a 3-DNS from a backup command on the 3-DNS Maintenance menu, you must manually restart the 3dnsd daemon after the restore process has completed. To restart the 3dnsd daemon, type 3ndc restart from the command line.

new since release The 3-DNS Maintenance menu: the Dump 3dnsd Statistics command and wide IP statistics (CR20140)
When you select Wide IPs on the Dump 3dnsd Statistics command in the 3-DNS Maintenance menu, the statistics you see are not the same as the statistics that you see on the Wide IP Statistics screen in the Configuration utility.

new since release Synchronization and viewing server status (CR20173)
When you make configuration changes on a receiver 3-DNS Controller in a sync group, and then view server and virtual server status on the principal 3-DNS Controller, the servers and virtual servers are inaccurately marked as down (red ball) until the next data refresh occurs. (The data refresh interval is a maximum of 30 seconds.) To avoid this error, make all configuration changes on the principal 3-DNS Controller in the sync group.

new since release The 3dpipe utility and pool names (CR20182, CR20183)
The 3dpipe utility does not properly parse pool names that contain numbers only, or pool names that contain hyphens.

new since release Denial of service (DOS) attacks and the UDP protocol for iQuery (CR20195)
The 3dnsd daemon may mark the big3d agent (running on the same system) as down, under the following conditions:

  • The iQuery protocol is set to UDP (the default)
  • The DNS port experiences a DOS attack
  • The DNS attack generates more than 50,000 requests per second
When these conditions are met, the 3-DNS cannot properly handle persistent requests until you run the 3ndc restart command from the command line.  To avoid this issue, you can use the TCP protocol for iQuery.

Note:  This issue does not occur with SYN attacks or PING floods.

New since release  The named daemon and memory resources (CR21460)
The named daemon stops running when it consumes more memory resources than are allocated to the daemon by the operating system.  To restart the named daemon, type ndc restart at the command line.  To allocate more memory to the named daemon, see the Allocating memory resources for the named daemon section of this release note.

Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.

Crypto 3-DNS systems and CD upgrades
(This applies only to crypto 3-DNS systems.)  When you rebuild a 3-DNS (or a BIG-IP) using a CD, the SSH key is changed. This breaks the trust relationship between the updated 3-DNS and any devices with which it interacts. As a result, synchronization between the systems in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer SSH key and synchronizing the updated 3-DNS with other 3-DNS or BIG-IP systems. Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the systems in your network.

Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS to an interval greater than 60 seconds.

[ Top ]

Work-arounds for known issues

The following sections describe work-arounds for some of the known issues listed in the previous section.

Allocating memory resources for the named daemon

You can allocate more memory resources for the named daemon using the following instructions.

  1. From the command line, open the /etc/named.conf file with the text editor of your choice (vi or pico).


  2. In the options statement, add the following line:
    datasize 128M;


  3. Save and close the /etc/named.conf file.


  4. Update the system with the changes.
    • If the named daemon is running, type this command:
      ndc reload


    • If the named daemon is not running, type this command:
      ndc start

The named daemon now can use up to 128MB of RAM if necessary.

[ Top ]

Configuring bridge mode in version 4.2

If you want to configure the 3-DNS to run in bridge mode, you need to do so using a local connection to the 3-DNS. First, you create a VLAN group that includes both the internal and external VLANs. Next, you delete the self IP address for the 3-DNS, and re-assign the IP address to the newly-created VLAN group. Finally, you save the configuration. The following instructions detail how to configure bridge mode for version 4.2.

To configure bridge mode in 3-DNS, version 4.2

  1. Open the Setup utility by typing config from the command line.


  2. Type D, and press Enter, to configure the 3-DNS mode.


  3. Using the arrow keys, choose Bridge, and press Enter.


  4. Type Q to close the Setup utility.


  5. To create a VLAN group, type the following command:
    b vlangroup <vlan group name> vlans add <vlan 1> <vlan 2>

    where <vlan 1> and <vlan 2> are the names of the two networks you want to link with bridge mode.


  6. To delete the self IP address of the 3-DNS interface, type the following command:
    b self <ip address> delete

    where <ip address> is the IP address that you want to assign to the newly-created VLAN group.


  7. To assign the IP address that you deleted as the self IP address in the previous step to the VLAN group, type the following command:
    b self <ip address> vlan <group name> netmask <netmask>


  8. To save the changes you just made, type the following command:
    b save
  9. Last, to save the entire base network configuration, type the following command:
    b base save

The 3-DNS saves the changes and you can now use the 3-DNS in bridge mode.


[ Top ]

Configuring RSH on non-crypto systems

The following instructions describe how to configure the rsh utility from the command line. You need to configure the rsh utility on all the non-crypto systems for which you want to establish secure communications, as well as crypto systems that communicate with non-crypto systems.

To set up the rsh utility from the command line

  1. Change to the /root directory.


  2. In the /root directory, create an .rhosts file.


  3. Add the IP address for the remote system to the newly-created .rhosts file.


  4. Save and close the file.


  5. For the .rhosts file, set the file permissions using the chmod 600 command.


You can now use the rsh utility to run commands on the remote system.


[ Top ]

Resetting the SSH key

The following instructions describe how to reset the SSH key for a system that you have upgraded using a CD.

To reset the SSH key for an updated 3-DNS

  1. From the command line of each 3-DNS in the sync group that has not been upgraded, change to the /root/.ssh/ directory.


  2. In either the known_hosts file or the known_hosts2 file, remove the SSH key for the upgraded system. (The upgraded system's IP address is part if the key file name.)


  3. On the system that you upgraded, type 3dnsmaint at the command line to open the 3-DNS Maintenance menu.


  4. Choose Configure SSH communication with remote devices, and press Enter.
    The 3-DNS updates all sync group members with the SSH key of the upgraded system.


  5. Press Enter to return to the 3-DNS Maintenance menu.


  6. Press Q to quit.



[ Top ]

Using the Global Availability or Ratio load balancing mode within a pool

The following instructions describe how to configure the Global Availability or Ratio load balancing mode within a pool. You need to use these instructions only if you meet the criteria listed in the Using the Global Availability or Ratio load balancing mode within a pool item in the Known Issues section.

To configure Global Availability or Ratio load balancing within a pool in a new wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.


  2. On the toolbar, click Add Wide IP.
    The Add a New Wide IP screen opens.


  3. Type the settings for the new wide IP, and click Next.
    The Configure Load Balancing for New Pool screen opens.


  4. Select a load balancing mode other than Global Availability in all of the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings, rather than changing the settings.


  5. Click Next.
    The Select Virtual Servers screen opens.


  6. Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.


  7. On the Wide IP List screen, select the wide IP that you just created.


  8. On the toolbar, click Modify Pool.
    The Modify Wide IP Pools screen opens.


  9. Click the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.


  10. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.


To configure Global Availability or Ratio load balancing within a pool in an existing wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.


  2. On the toolbar, click Add Pool.
    The Configure Load Balancing for New Pool screen opens.


  3. Select a load balancing mode other than Global Availability in the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings; you do not have to change the settings.


  4. Once you have finished configuring the pool, click Finish to save your changes.
    The Wide IP List screen opens.


  5. In the Pools column, select the pools for the wide IP that you just modified.
    The Modify Wide IP Pools screen opens.


  6. In the Pool Name column, click the name of the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.


  7. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.
[ Top ]