F5 Logo MyF5
Search
  1. MyF5 Home
  2. End-of-Life Products
  3. 3-DNS
  4. 3-DNS Controller version 4.6.2
Release Notes : 3-DNS Controller version 4.6.2

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.6.2
Release Notes
Software Release Date: 08/12/2004
Updated Date: 04/18/2019

Summary:

This release note documents version 4.6.2 of the 3-DNS® Controller. You can apply the software upgrade to version 4.5 and later. For information about installing the software, please refer to the instructions below.

F5 now offers both maintenance and feature releases. Version 4.6.2 is a feature release that is based on version 4.5.10 code. For more information on our new release polices, please see Description of the F5 Networks software version number format.

Warning: This is a feature release, not a maintenance release. Unless you need specific features that are new to this feature release, please upgrade to the latest maintenance release instead.

Contents:

Minimum system requirements

The minimum system requirements for this release are:

  • Intel® Pentium® III 550MHz processor
  • 512MB disk drive or CompactFlash® card
  • 256MB RAM

The supported browsers for the Configuration utility are:

  • Microsoft® Internet Explorer 5.0, 5.5, and 6.0
  • Netscape® Navigator 4.7x

Note: The IM package for this release is quite large. If the disk drive in your platform does not meet the minimum requirement, you may not be able to successfully install this release.

[ Top ]

Installing the software

Important: If you are upgrading a 3-DNS Controller that belongs to a sync group, you must remove the controller from the sync group before you apply the upgrade. Failure to do so may cause irrevocable damage to the controllers in the sync group that are running older versions of the software. Once you have upgraded all controllers to the same version, you can then re-create the sync group. For details on removing a controller from a sync group, see Removing a controller from a sync group. Once you have removed the controller from the sync group, you can proceed with the upgrade installation.

Note:  If you are updating the 3-DNS Controller module on a BIG-IP system, refer to the BIG-IP version 4.6.2 note for instructions on installing the upgrade. Applying the upgrade for BIG-IP version 4.6.2 also applies the upgrade to the 3-DNS module. The enhancements, fixes, and known issues for the 3-DNS Controller, however, are available only in the 3-DNS Controller version 4.6.2 release note.

The following instructions explain how to install the 3-DNS Controller version 4.6.2 onto existing systems running version 4.5 PTF-03 and later. The installation script saves your current configuration.

  1. Go to the Downloads site and locate the 3-DNS version 4.6.2 upgrade file, BIGIP_4.6.2_Upgrade.im.

    3-DNS is not listed as a product line on the Downloads site; the image file is listed under the BIG-IP 4.x product line.

  2. Download the software image and the BIGIP_4.6.2_Upgrade.md5 file.

    For information about how to download software, refer to SOL167: Downloading software from F5 Networks.

  3. If you downloaded the image file to a directory other than /var/tmp, copy the image file to the /var/tmp/ directory on your 3-DNS system.

     

  4. Check the md5 of the upgrade file by typing the following command:
    md5 BIGIP_4.6.2_Upgrade.im
    cat BIGIP_4.6.2_Upgrade.md5

    The two md5 values should be identical.



  5. Install the upgrade by typing the following command:
    im BIGIP_4.6.2_Upgrade.im.

The 3-DNS Controller automatically reboots once it completes installation.

Updating the big3d agent

After the PTF installation has completed, you need to install the new version of the big3d agent on all BIG-IP systems and EDGE-FX Cache systems known to the 3-DNS Controller, as follows:

  1. Log on to the 3-DNS Controller at the command line.

  2. Type 3dnsmaint to open the 3-DNS Maintenance menu.

  3. Select Install and Start big3d, and press Enter.
    The 3-DNS Controller detects all BIG-IP systems and EDGE-FX systems in the network, and updates their big3d agents with the appropriate version of the agent.

  4. Press Enter to return to the 3-DNS Maintenance menu.

  5. Type Q to quit.

For more information about the big3d agent, see the 3-DNS Reference Guide.

[ Top ]

Activating the license

Once you install the upgrade and connect the controller to the network, you need a valid license certificate to activate the software. To obtain a license certificate, you need to provide two items to the license server: a registration key and a dossier. The registration key  is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license. The dossier  is obtained from the software, and is an encrypted list of key characteristics used to identify the platform. If you do not have a registration key, please contact your vendor.

You can obtain a license certificate using one of the following methods:

  • Automatic license activation
    You perform automatic license activation from the command line or from the web-based Configuration utility of an upgraded controller. This method automatically retrieves and submits the dossier to the F5 Networks license server, as well as installs the signed license certificate. In order for you to use this method, the controller must be installed on a network with Internet access.

  • Manual license activation
    You perform manual license activation from the Configuration utility, which is the browser-based user interface. With this method, you submit the dossier to, and retrieve the signed license file from, the F5 Networks license server manually. In order for you to use this method, the administrative work station must have Internet access.

Note:  You can open the Configuration utility using either Netscape Navigator 4.7x, or Microsoft Internet Explorer 5.0, 5.5, or 6.0.

To automatically activate a license from the command line for first time installation

  1. Type the user name root and the password default at the logon prompt.

  2. At the prompt, type license. The following prompts appear:
    IP:
    Netmask:
    Default Route:
    Select interface to use to retrieve license:
    The 3-DNS Controller uses this information to make an Internet connection to the license server.

  3. After you type the Internet connection information, continue to the following prompt:
    The Registration Key should have been included with the software or given when the order was placed. Do you have your Registration Key? [Y/N]:

    Type Y, and the following prompt displays:
    Registration Key:

  4. Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  5. You are asked to accept the End User License Agreement (EULA). Note that the system is not fully functional until you accept the EULA.

  6. Press Enter to reboot the system. The system is not fully functional until you reboot.

  7. If the licensing process is not successful, contact your vendor's technical support team.

To automatically activate a license from the command line for upgrades

  1. Type your user name and password at the logon prompt.

  2. At the prompt, type setup.

  3. Choose menu option (L) License Activation.

  4. The following prompt displays:
    Number of keys: 1
    If you have more than one registration key, enter the appropriate number, and press Enter.

  5. The following prompt displays:
    Registration Key:

    Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  6. If the licensing process is not successful, contact your vendor.

To manually activate a license using the Configuration utility

You can use the Configuration utility to manually activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must logon to the Configuration utility.

To open the Configuration utility for an existing 3-DNS Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the logon prompt, and click OK.
    The Configuration utility home screen displays.

To open the Configuration utility for a new 3-DNS Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the logon prompt, and click OK.
    The Configuration utility home screen displays.

Once you have successfully logged on to the Configuration utility, you can proceed with the manual license activation.

To manually activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Manual Authorization.

  3. At the Manual Authorization screen, retrieve the dossier using one of the following methods:

    • Copy the entire contents of the Product Dossier box.

    • Click Download Product Dossier, and save the dossier to the hard drive.

  4. Click the link in the License Server box.
    The Activate F5 License screen opens in a new browser window.

  5. From the Activate F5 License screen, submit the dossier using one of the following methods:

    • Paste the data you just copied into the Enter your dossier box, and click Activate.

    • At the Product Dossier box, click Browse to locate the dossier on the hard drive, and then click Activate.


    The screen returns a signed license file.

  6. Retrieve the license file using one of the following methods:

    • Copy the entire contents of the signed license file.

    • Click Download license, and save the license file to the hard drive.


  7. Return to the Manual Authorization screen, and click Continue.

  8. At the Install License screen, submit the license file using one of the following methods:

    • Paste the data you copied into the License Server Output box, and click Install License.

    • At the License File box, click Browse to locate the license file on the hard drive, and then click Install License.


    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  9. Click License Terms, review the EULA, and accept it.

  10. At the Reboot Prompt screen, select when you want to reboot the platform.
    You must reboot the controller to complete the license activation.

To automatically activate a license using the Configuration utility

You can use the Configuration utility to automatically activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.

To open the Configuration utility for an existing 3-DNS Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the logon prompt, and click OK.
    The Configuration utility home screen displays.

To open the Configuration utility for a new 3-DNS Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the logon prompt, and click OK.
    The Configuration utility home screen displays.

Once you have successfully logged on to the Configuration utility, you can proceed with the automatic license activation.

To automatically activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.

    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  3. Click License Terms, review the EULA, and accept it.

  4. At the Reboot Prompt screen, select when you want to reboot the platform.
    You must reboot the controller to complete the license activation.
[ Top ]

New features and fixes in this release

This release includes the following new features and fixes.

System statistics screen  (CR28085)
This release includes a System Graph Statistics screen in the Configuration utility that displays statistics about the 3-DNS system in a graphical format so that you can view changes and trends in statistics over time. The System Graph Statistics screen displays statistics including CPU usage and memory usage.
To view the System Graph Statistics screen, in the left pane of the Configuration utility, click Statistics and then click System Graphs.

Support for BIND 9.2.2 and Namesurfer version 3.0.6 
This version of the 3-DNS software includes the BIND DNS server version 9.2.2 and Namesurfer TM version 3.0.6. This version of the BIND software contains security enhancements as well as DNS protocol enhancements. For added security, the named utility now runs in a chroot environment. Namesurfer version 3.0.6 supports some, but not all of the BIND 9.2.2 feature set. It does not support Views or ACLs. This version of the 3-DNS software does not support A6 or ipv6 (AAAA) records, and it does not support DHCP.

Important:  If you are currently using BIND version 8, be aware that the file system layout has changed and there are new executables and scripts in version 9. If you have named.conf or zone-files stored in non-standard locations, you need to move these files before you upgrade to this version of the software. For more information see, BIND 9 file system migration in the Required configuration changes section of this release note.

BIND MIB removed   (CR38482)
In previous releases, the 3-DNS system exposed the BIND rfc1611 MIB. This MIB is removed in this release.

RSA SecurID authentication 
This version of the 3-DNS software includes support for RSA SecurID® authentication, the remote authentication protocol used by RSA ACE/Server® software. RSA SecurID authentication is a two-part authentication mechanism that requires both a user ID and a passcode that changes every 60 seconds. For more information on RSA SecurID authentication, please see http://www.rsasecurity.com/node.asp?id=1156. To configure RSA SecurID authentication, see Configuring RSA SecurID authentication in the Optional configuration changes section of this release note.

Version rollback script 
This release includes a rollback script that allows you to return to the previous version of the 3-DNS software, after you upgrade. This script is designed to allow you to rollback the software version in instances where you upgrade before you discover that the new version of the software is incompatible with your specific network configuration. You can use the script to return only within the major version (see SOL4476: BIG-IP Software Lifecycle Policy) of the BIG-IP software that was installed on the system prior to the upgrade. Any configuration changes you make after the upgrade are lost when you run the rollback script.

To use the rollback feature you must create a rollback IM package before you upgrade to a different version of the software. To create the rollback IM package in /var/tmp/rb, use the following procedure:

  1. Change your directory to /var/tmp by typing the following command:
    cd /var/tmp

  2. Extract the mkrb file from the 4.6.2 upgrade package by typing the following command:
    tar C / -xzf BIGIP_4.6.2_Upgrade.im usr/local/bin/mkrb

  3. Create the necessary rollback files by typing the following command:
    ./usr/local/bin/mkrb BIGIP_4.6.2_Upgrade.im

This creates an IM package that you can run on the 3-DNS system if you want to return to the previous version of the software. The IM upgrade package you create is located in the /var/tmp/rb directory.
To install the rollback IM package, type the following commands:
cd /var/tmp/rb
im <rollback_im_package_name>.im

Note:  If you install the rollback package created by the script and decide that you want to upgrade to a later version of the software in the future, you will need to use the im -force /var/tmp/rb/<rollback_im_package_name>.im command to install the IM package.

named watchdog 
A new variable is included in this release that initiates a failover and restarts the named utility if the named utility fails for any reason. You can enable this variable using the command line utility. Use the following command to enable this feature:

bigpipe db set "Common.Bigip.Failover.OnNamedFail" = true

After you enable or disable this variable, we recommend that you start, stop, and restart the named utility using the following commands:

bigstart startup named
bigstart shutdown named
bigstart restart named

Support for TFTP 
This version of the 3-DNS software supports TFTP (Trivial File Transport Protocol rev 2 - rfc1350) traffic control.

[ Top ]

Features and fixes released in prior releases

The current release includes the features and fixes that were distributed in prior feature releases, as listed below.

Version 4.6.1

This release includes the following fix.

The OpenSSL package has been upgraded to version 0.9.7d (CR33306) (CR33755)
The OpenSSL package has been upgraded to version 0.9.7d. This upgrade addresses several recent security issues with OpenSSL described in Technical Cyber Security Alert TA04-078A. This version addresses CERT vulnerabilities VU#288574 and VU#484726. For more information on the resolved security issues, see http://www.us-cert.gov/cas/techalerts/TA04-078A.html.

Version 4.6

The 4.6 release contains several new features for the BIG-IP and Link Controller software.

[ Top ]

Required configuration changes

Once you have installed the software, you must make the following required configuration changes, if appropriate.

BIND 9 file system migration
If you are currently using BIND version 8, be aware that the file system layout has changed and there are new executables and scripts included in version 9. If you have named.conf or zone-files stored in non-standard locations, you need to move these files before you upgrade to this version of the software. If you have edited the named.conf or zone-files by hand, the named.conf files may not work properly when you upgrade. The BIG-IP system runs a check after upgrade to make sure that the named.conf and zone-files are working correctly. If the BIG-IP system detects problems converting these files, the system displays an error message in the Configuration utility, and logs error messages to the /var/named/etc/conversion.log log file. The table below lists the F5 standard file locations for BIND versions 8 and 9.

BIND 8 BIND 9 File
/etc/named.conf /var/named/etc/named.conf Main configuration file
/etc/namedb /var/named/etc/namedb Zone files
ndc rdnc ndc utility


BIND 9 does not support the ndc utility. The ndc utility is replaced with the rndc utility in this release. You can use the rndc utility to stop or re-load the configuration. However, we do not recommend using the rndc utility to start named. You should use the bigstart named or sod-named commands to start named.

[ Top ]

Removing a controller from a sync group

If you are upgrading a 3-DNS Controller that belongs to a sync group, you must remove the controller from the sync group before you apply the upgrade. Once you have upgraded all controllers to the same version, you can then re-create the sync group. Once you have removed the controller from the sync group, you can proceed with the upgrade installation.

Note: You can re-create the sync group once you have upgraded the software for all of the controllers that belong to the sync group.

To remove a controller from a sync group using the Configuration utility

  1. In the navigation pane, click 3-DNS Sync.
    The Synchronization screen opens.

  2. In the Remove column, next to the controller that you want to remove from the sync group, click the Remove button.
    A popup screen opens to confirm the removal of the controller.

  3. Click OK.
    The screen refreshes, and the controller is no longer listed as a member of the sync group.

  4. Repeat these tasks for any additional sync group members that you want to remove from the sync group.

Alternately, you can remove the entire sync group, instead of removing the controllers one at a time.

To remove a sync group using the Configuration utility

  1. In the navigation pane, click 3-DNS Sync.
    The Synchronization screen opens.

  2. On the toolbar, click Remove this Group.
    A popup screen opens to confirm the removal of the sync group.

  3. Click OK.
    The screen refreshes, and the Add a New Sync Group screen opens, where you can re-create your sync group once you have upgraded the software on all of the controllers that belong to the sync group.

 

[ Top ]

Optional configuration changes

Once you have installed the software, you can use any of the following new configuration options to update your configuration.

Configuring RSA SecurID authentication
You can now configure an external (remote) RSA SecurID authentication server to manage user authentication for the 3-DNS system. When you enable RSA SecurID authentication, all users subsequently attempting to log on to a 3-DNS system must enter a user ID and PASSCODE that changes every 60 seconds, which are checked against user data stored on the RSA SecurID authentication server. If the user password and authenticator are found and verified on the RSA SecurID authentication server, the user is authenticated. In the event that authentication fails with an external RSA SecurID authentication server, you can log in with accounts locally, such as the root and admin accounts.

Use the following procedure to configure RSA SecurID authentication on the BIG-IP system.

  1. At the command line utility, type config.
    The Initial Setup menu displays.

  2. Select, C to configure remote authentication.

  3. When prompted whether you want to change your current configuration, type Y to continue.

  4. You are asked to select the type of remote authentication used on the system. Select SecurID and press Enter.

  5. Follow the prompts and type Q to quit the Setup utility.

  6. If you chose to configure RSA SecurID Authentication (Web UI) / RADIUS (CLI/iControl) then you need to type the following db key, at the command line:
    bigpipe db set Local.Bigip.FTB.authType = "SECURID"

  7. Once you enable RSA SecurID authentication on the 3-DNS system, you must use the Configuration utility to complete the configuration. Open a browser session, and in the left pane of the Configuration utility, click System Admin.
    The User Administration screen displays.

  8. Click the RSA SecurID® Authentication Configuration link. This link displays only if RSA SecurID authentication is enabled on the 3-DNS system.
    The SecurID Configuration screen displays.

  9. To configure remote RSA SecurID authentication, you need to install the RSA SecurID authentication sdconf.rec configuration file on the 3-DNS system. This file is generated on the RSA ACE/Server, and is usually called sdconf.rec. You need to transfer the sdconf.rec file to your windows system before you can import it to the 3-DNS system.
    On the SecurID Configuration screen, click the Browse button to locate the sdconf.rec file, and click Install to config/ace/sdconf.rec to upload the configuration file. For information on generating the sdconf.rec file, please see the ACE/Server documentation included with the ACE/Server.

  10. Once you upload the sdconf.rec file to the 3-DNS system, you need to restart httpd from the command line. Restart httpd, by typing the following command:

    bigstart restart httpd


  11. After you enable RSA SecurID authentication and upload the configuration file, you need to set the authorization level, or role, for each user you want to allow to access the 3-DNS system. Add an account and role for each user in the User Administration screen of the Configuration utility. Since the RSA SecurID authentication server handles the password authentication, you do not need to enter a password for these users. For detailed instructions on setting roles for users, see the 3-DNS Reference Guide.

[ Top ]

Known issues

The following items are known issues in the current release.

Multiple Configuration utility sessions and modifying a configuration (CR9333)
The 3-DNS Configuration utility does not refresh properly when you have multiple Configuration utility sessions open for more than one F5 system, and you make a change to the 3-DNS Controller's configuration. The Configuration utility for the controller that you are not modifying updates automatically, while the Configuration utility for the controller that you are modifying does not update automatically. Note that this happens only when you are either enabling or disabling objects, or setting limits for an object. You can avoid this issue by opening only one browser session at a time when you are modifying a configuration.

Statistics screens and viewing 3-DNS status (CR9452)
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens (in the disabled system's Configuration utility only) display an inaccurate status (a red ball) for all of the other 3-DNS systems in the same sync group. You can see the correct status of the systems in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.

Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure to view the Histograms or Metrics.

  1. In the navigation pane, expand the Statistics item, and click Probers.
  2. In the Prober Statistics screen, click either Metrics or Histogram.
    A dialog box appears.
  3. Select Save this file to disk and click OK.

The browser saves the file, and you can now open the file using Microsoft Excel.

ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server.

The kilobytes per second rate as displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be. The total byte count returned from the ArrowPoint MIB is 16 times smaller than the total byte count that was actually handled.

Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map.

Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape Navigator. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map.

Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box. We recommend that you do not configure a production rule with the Date/Time time variable.

Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error, and you may not be able to delete the sync group, if you use special characters in the sync group names. To avoid this error, use only alphanumeric, underscore ( _ ), hyphen ( - ) or space characters in the sync group names.

Adding servers using the Configuration utility and the Back button in Internet Explorer (CR15345)
Occasionally, when you add a new server to the 3-DNS configuration using the Configuration utility, and you are using the Configuration utility in a Microsoft® Internet Explorer browser session, you may get an error when you use the Back button to return to a previous screen. The error is benign, and you can click any item in the navigation screen to clear the error.

Opening PDF files from the 3-DNS Controller home screen (CR15901)
Occasionally, when you open any of the PDF files available on the home screen of the Configuration utility, the CPU usage for your work station may spike to 100%. To avoid this problem, right-click the name of the PDF file that you want to open, and choose Save Target As to save the PDF file on your workstation. You can then open the PDF file using Adobe® Acrobat® Reader, version 3.0 and later.

Enabling the IP classifier (CR18264)
If you use the Topology load balancing feature, you must make the following change to the wideip.conf file so the 3-DNS Controller can classify continent and country of origin for local DNS servers.

  1. From the command line, type the following command to ensure that the configuration files contain the same information as the memory cache.
    3ndc dumpdb
  2. Open the /etc/wideip.conf file using either the pico or vi text editor.

  3. Add the following line to the include statement in the wideip.conf file.
    include geoloc "netIana.inc"
    The include statement loads the IP classifier so Topology load balancing can classify LDNS requests.

  4. Save and close the wideip.conf file.

  5. Commit the change to the configuration:
    3ndc reload

Note: If you have a sync group configured, you must enable the IP classifier on each member of the sync group.

Upgrading the software and the MindTerm SSH Console (CR18436)
When you upgrade the software for 3-DNS Controller, you cannot use the MindTerm SSH Console, because the upgrade stops and restarts the SSH service. To upgrade the software, use a serial console instead.

Using the 3-DNS Controller in bridge mode (CR18873)
You cannot configure the 3-DNS Controller in bridge mode using a remote connection or using the Configuration utility. You must configure bridge mode using a local connection. For details on configuring bridge mode, see the Configuring bridge mode section of this release note.

Special characters in pool names and viewing the Network Map (CR19756)
When you use the colon character ( : ) in a pool name, and then try to view the Network Map, the Network Map does not display. To avoid this error, do not use the colon character in pool names.

The 3dpipe utility and pool names (CR20183)
The 3dpipe utility does not properly parse pool names that contain numbers only.

CPU usage statistics for EDGE-FX Caches (CR21325)
On the EDGE-FX Cache Statistics screen, in the Configuration utility, the 3-DNS Controller incorrectly reports the CPU usage statistic for the EDGE-FX Cache.

Time-to-live (TTL) values for resource records (CR22025)
If you set the pool TTL to a value that is different from the wide IP TTL, the dig command displays the wide IP TTL rather than the pool TTL in the answer packet. This occurs only when all the virtual servers in the pool are unavailable. Resource records in the DNS configuration are set with the wide IP TTL instead of the pool TTL. If you change the pool TTL, the TTL for the resource records does not change to the updated TTL. Therefore, when the 3-DNS Controller is unable to load balance a request, and returns the request to DNS, the resource record contains the wide IP TTL rather than the pool TTL.

Clean installations of the 3-DNS Controller software and the Default data center (CR23028)
When you install the 3-DNS Controller version 4.5 software, and you do not have a previous configuration file, the controller creates a default data center labeled Default. To move any objects that are in the Default data center to a data center that you create, see Moving objects from the Default data center to a newly-created data center section of this release note. Note that this occurs only on a BIG-IP system with the 3-DNS module.

Renaming a wide IP that has aliases using the Configuration utility and synchronization (CR23224)
When you rename a wide IP, and the wide IP has aliases, the order of the wide IP name and alias may appear in reverse order when you look at the wide IP in the Configuration utility of another controller in the sync group. Note that this error does not affect domain name resolution.

Configuring production rules (CR23327)
In the Configuration utility, when you create a production rule, you cannot use the Description box to add a description of the production rule. If you type text into the Description box, the controller ignores it, and the text is not saved.

Upgrading the software and home screen errors in the Configuration utility (CR23710)
When you are upgrading a 3-DNS Controller from version 4.2 to version 4.5, you may see the BIG-IP system home screen instead of the 3-DNS home screen. This occurs only once: after you upgrade the software and before you upgrade the license file using the new licensing process. Note that this does not affect the 3-DNS Controller module on the BIG-IP system.

Graph titles on the P95 Billing Estimate statistics screen (CR23770)
When you change the date or time range on the P95 Billing Estimate statistics screen in the Link Statistics, the titles on the graphs do not update to reflect the changes. If you are using Internet Explorer, you can update the titles by holding down the Control key, right-clicking in the screen, and then clicking Refresh. If you are using Netscape Navigator, you can update the titles by holding down the Shift key, right-clicking in the screen, and then clicking Refresh.

Date ranges on the P95 statistics screen (CR23784)
The graphs on the P95 statistics screen do not check for dates in the future. If you enter a date that is past today's current date, you may get inaccurate graphs.

Synchronization and modifying the configuration (CR24081)
If you are updating a configuration using the Configuration utility, and another member of the sync group initiates the synchronization process, you get a notification screen that indicates that you cannot update the configuration. To work around this issue, wait for a minute, click the browser's Back button, and continue updating the configuration. Note that this issue is most likely to occur when you are using multiple browser sessions to update the sync group's configuration. We recommend that you use only one browser session (and controller) to update the sync group's configuration.

Unit ID numbers for a redundant system and the auto-configuration process (Discovery) (CR24734)
The auto-configuration process does not recognize the unit ID numbers for the units in redundant system. The process does, however, properly add the configuration information for both units.

The Network Map and viewing wide IP information (CR24750)
In the Network Map, in the Configuration utility, when you highlight a wide IP, the information table displays an IP address for the wide IP. The IP address is not a valid IP address; rather it is a randomly generated number. Note that this error is benign because the 3-DNS Controller no longer associates an IP address with a wide IP.

The Network Map and viewing the enabled/disable status of a virtual server (CR24751)
When you disable a virtual server that is in a wide IP that has manual resume enabled, the information table in the Network Map does not display the correct status for the virtual server. To view the correct status for the virtual server, in the navigation pane, expand the Statistics item, and then click Virtual Servers. The E/D column displays the correct status for the virtual server.

Viewing wide IPs created in the 3-DNS Controller module from the Link Controller module (CR24842)
Wide IPs that you create in the 3-DNS Controller module that contain more than one pool display only the first pool of the wide IP in the Inbound LB screen in the Link Controller module. You may encounter this known issue only when you are running a BIG-IP system with both the 3-DNS Controller module and the Link Controller module.

Single data center configuration and default gateway probing  (CR25507, CR29281)
By default, the 3-DNS Controller, or another F5 product on behalf of a 3-DNS Controller, polls its default gateway with big3d using ICMP every two seconds. If no response is received from the default gateway, the 3-DNS Controller may mark all systems in the data center down. This behavior may be considered undesirable in a single data center configuration. If you have this type of configuration we recommend that you check to make sure that all 3-DNS Controllers, or F5 products probing on behalf of the 3-DNS Controller, are able to reach the default gateway through ICMP. If you are unable to configure all 3-DNS Controllers or F5 products probing on behalf of a 3-DNS Controller with ICMP access to the default gateway, we recommend that you limit probing to a single F5 product that is able to reach the default gateway through ICMP.

Configuring SSH access host restrictions (CR25530)
In previous versions, the /etc/ssh3/sshd2_config and /etc/sshd_config files controlled SSH access. Upgrading to version 4.5 ignores previously-configured SSH access restrictions configured in the /etc/ssh3/sshd2_config and /etc/sshd_config files. This upgrade reverts to an SSH access level that allows all hosts to connect. If you require restricted SSH access to certain networks/IP addresses, you need to reconfigure these restrictions once you have completed the upgrade. To do this, type the following command to start the Setup utility, and then press Enter:
setup
Choose option (S) Configure SSH, and set the restrictions you prefer.

Adding support access after initial setup (CR25821)
If you add support access with the (Y) Set support access option in the Setup utility after you complete the initial setup of the system, the support IP addresses are not added to the hosts.allow file. To correct this situation, run the (S) Configure SSH option in the Setup utility to re-initialize the SSH information on the system.

VLAN names and syntax errors (CR25890)
VLAN names that start with the text vlan, and are followed by any number of digits (for example, vlan123), cause a syntax error. We recommend that you do not use the text, vlan, as the initial portion of a VLAN name.

Creating invalid interface names (CR25950)
It is possible to create invalid interface names in your configuration by entering an invalid VLAN name from the command line. For more information about invalid VLAN names, see (CR25890).

Changing iControl settings and restarting the CORBA portal (CR26384)
If you use the Setup utility (setup) to change iControl settings, you must manually restart the CORBA portal. To restart the CORBA portal, type the following commands from the command line:

bigstart shutdown portal
bigstart startup

LDAP group name naming conventions (CR26418)
LDAP authentication for groups does not work properly when there are spaces in the group name. To avoid authentication issues with groups when you use LDAP authentication, do no use spaces in the group names.

Disabling the SNMP Auth Trap Enable setting using the Configuration utility (CR26610)
If you try to disable the Auth Trap Enable setting on the SNMP Administration screen in the Configuration utility, the SNMP configuration file, /etc/snmpd.conf , is modified with an incorrect setting of 0 (zero), and the following error is generated in the SNMP log:
"/etc/snmpd.conf: line ##: Error: authtrapenable must be 1 or 2To correct this error and disable the Auth Trap Enable setting, you can edit the /etc/snmpd.conf file, and change the authtrapenable value to 2, disable.

Losing connectivity during configuration of second unit in a redundant system (CR26705)
When you configure a unit from the command line Setup utility (setup), we recommend that you reboot the unit after you complete the configuration. This activates the license and allows traffic to pass through the system. Also, before you reboot the system, the unit is in the active mode and unlicensed. While the unit is in the active mode, the other unit in the redundant system is placed in standby mode. If left in this state, traffic cannot pass through the system.

Sync groups and upgrading software versions (CR26784)
When you are upgrading the software on 3-DNS Controllers that belong to a sync group, you must temporarily remove the controller you are upgrading from the sync group before you apply the upgrade. This is because the synchronization process cannot synchronize controllers that are running different software versions, including different PTF versions. See the Removing a controller from a sync group work-around, following the Known issues section of this release note, for configuration details.

The 3dns_add script and mixed versions of the 3-DNS software (CR26884)
If you are adding a new 3-DNS Controller to an existing sync group, the new 3-DNS Controller must be running the same version of the 3-DNS software as the controllers that are already in the sync group. If the controllers are running mixed versions of the 3-DNS software (for example, 3-DNS Controller, version 4.2 PTF-09, and 3-DNS Controller, version 4.5 PTF-03), the 3dns_add script fails because the script does not check versions. For more information on working with the 3dns_add script, see the 3-DNS Administrator Guide, version 4.5.

Changing the system IP address and updating the IP address for the CORBA portal in bigdb (CR27037)
If you change the IP address of the system using the Configuration utility, the system does not update the IP address for IIOP and FSSL for the CORBA portal in the bigdb. To change the CORBA address for IIOP and FSSL, run the Setup utility (setup) from the command line, and choose the option (I) Initialize iControl portal.

CompactFlash® media drives and logging for the named daemon (CR27132)
When the named daemon is running, it generates status and usage messages as part of its normal behavior. If you are running the named daemon on a system with a CompactFlash media drive, these messages may fill up the /var/log/messages file. To avoid this, periodically delete the status and usage messages for the named daemon.

RADIUS server configuration and Netscape  (CR27212)
If you configure remote login for RADIUS, and you set an invalid IP address for the primary RADIUS server, and a valid IP address for the secondary RADIUS server, you may not be able to log in using a Netscape browser. This can also happen if your primary RADIUS server is down. We recommend that you use an alternative browser with this type of configuration.

User administration for remote authentication using the Configuration utility  (CR27223)
With remote authentication configured, if you use the Configuration utility to add a new user, you may receive an internal server error message when you press Enter, and then click the Done button. The user is added when you press Enter. When using local authorization, the Enter key is ignored, and you must click the Done button in order to add a new user.

Auto-discovery and 127.0.0.X addresses (CR27252)
The auto-discovery process discovers all addresses on a BIG-IP system, even those in a non-routable address space (for example 127.0.0.X). This may cause the 3dnsd daemon to stop running. To avoid this issue, turn off auto-discovery for the BIG-IP systems that manage resources on a non-routable subnet, as detailed in the Turning off the auto-discovery process for a BIG-IP system work-around, which follows the Known issues section of this release note.

Deleting the default gateway pool using the Setup utility (CR27260)
The command line Setup utility, (setup), does not delete the default gateway pool when you remove all of the pool's members. To work around this issue, delete the default gateway pool using the browser-based Configuration utility.

User roles in a redundant system configuration  (CR27477)
If you modify the default role for a user on one unit in a redundant system, when you synchronize the configuration, the modified role setting is not copied over to the other unit. In order to have the same user roles specified on both units, you must configure this setting on both units in the redundant system.

Installing the PTF from CD and 3dnsd utility error messages (CR27501)
When you install the version 4.5 PTF-05 software from a CD, you may see the following error message just before you run the Setup utility:
ERR: An instance of 3dnsd (pid:xxx) is already running! Exiting.

The error message is benign and does not affect the software installation in any way.

SNMP probing with Foundry systems  (CR27667)
If you configure a Foundry system as a host and then use SNMP probing to get virtual server information from the Foundry system, the 3-DNS Controller may report a non-existent virtual server on the Foundry system.

SNMP version 2 with Foundry systems  (CR27758)
The 3-DNS Controller does not currently support using SNMP version 2 probing with Foundry systems.

Copper gigabit NICs and setting media speeds  (CR27772)
If you want to set media speeds, and you have a copper gigabit NIC, you must configure auto-negotiate between the 3-DNS Controller and the connected switches.

Using the Setup utility to configure the media type for an interface  (CR27793)
When you use the Setup utility to configure the media type for an interface, the BIG-IP system does not save this setting when you rerun the Setup utility. You must configure this setting each time you run the Setup utility.

Installing iQuery keys and errors in the install-key script  (CR27799)
The install-key script may display the following error message during the key exchange process:
ERROR: Cannot connect to any of the following selfIP(s) for a server:
This error message is incorrect and does not affect the iQuery key exchange process.

HTTP ECV service checks and file names (CR27823)
When you configure an HTTP ECV service check for a wide IP using the Configuration utility, the Configuration utility incorrectly adds a slash ( / ) to the beginning of the file name. To work around this issue, you can either configure the HTTP ECV service check in the wideip.conf file from the command line, or you can edit the wideip.conf file and remove the slash.

NameSurfer application and PTR records (CR27832)
The NameSurfer application deletes PTR records when you change the time-to-live (TTL) value.

MindTerm SSH console, Java™ Virtual Machine, and the Configuration utility (CR27864)
The Configuration utility may become unresponsive, when all of the following conditions are met:

  • You have Java Virtual Machine enabled on a Windows® workstation

  • You are using the Configuration utility to configure the system

  • You open a MindTerm SSH console session from the navigation pane

  • You return to the Configuration utility without closing the MindTerm SSH console

If you experience this problem, you must use the Windows Task Manager to close the browser session and the SSH session. To avoid this issue, we recommend that you either disable Java Virtual Machine while you are configuring the system, or that you close the MindTerm SSH console session before returning to the Configuration utility.

Hops calculations for Hops load balancing mode (CR27878)
The 3-DNS Controller is inaccurately calculating the number of hops for the Hops load balancing mode for inbound load balancing. This results in all configured links appearing to use the same number of router hops for inbound traffic. We recommend that you use one of the other load balancing modes for inbound load balancing. Note that this also affects the data for average router hops on the Internet Weather Map screen, in the Configuration utility.

Running 3-DNS Maintenance menu commands and 3dparse warning messages (CR27910)
If the wideip.conf file contains configuration errors (for example, you have a wide IP pool configured that does not contain any virtual servers), and you run one of the following commands in the 3-DNS Maintenance menu:  Install and start big3d, Check remote versions of big3d, or Configure SSH communication with remote devices, you see 3dparse warning messages on the console. The warning messages are benign, and do not affect the functionality of the commands.

Network Map and the enabled or disabled status for pool virtual servers (CR27923)
The Network Map does not display the correct enabled or disabled status for virtual servers, in the context of a wide IP pool. To see the correct enabled or disabled status of the virtual servers, view the Disabled Objects statistics screen.

SNMP version and probing (CR27971)
If you have enabled SNMP probing for a host or similar device, and you specify SNMP version 2, the SNMP probing may fail if the host or device is using SNMP version 1. This happens because SNMP version 2 uses 64-bit counters and SNMP version 1 uses 32-bit counters. To avoid this error, ensure that you specify the SNMP version (1 or 2) that corresponds with the SNMP version on the device that is being probed.

Setup utility and VLAN tag configuration  (CR28027)
If you use the Setup utility to configure VLAN tags or add new VLANs with tags and self IPs, and you use the command line utility to modify interfaces after VLAN tags are added, all of the tagged interfaces and associated data (self and shared IPs) are removed from the configuration files. You may need to reconfigure these settings, or use the backup file to restore these settings.

D35 system with system halt command  (CR28079)
If you use the system halt command on a D35 system and then press the Enter key to reboot the system, the system reboots, but it enters into a netboot cycle. If you have this issue, we recommend that you power cycle the system, or push the reset button.

Probing from the BIG-IP system  (CR28099)
When a BIG-IP system is the only F5 system in a data center, and you disable all factories in the BIG-IP definition, the BIG-IP system continues to probe the router in its data center. To avoid this issue, you can create a prober access control list (ACL) and add the router to the ACL.

Creating user-defined regions using the Configuration utility (CR28101)
In the Configuration utility, when you create a user-defined region for Topology load balancing, you get a syntax error if you add more than 39 entries to the custom region. To avoid this error if you are creating a large user-defined region (with more than 39 entries), we recommend that you create the custom region from the command line, by editing the wideip.conf file.

Reconfiguring a standalone system as a unit in a redundant system (CR28116)
If you have a standalone system that you later decide to reconfigure as a unit in a redundant system, the system may experience failures when you reconfigure the networking and IP addresses.

ECV check and SNMP traps  (CR28210)
If you configure an ECV check and enable SNMP traps on a BIG-IP system with a 3-DNS module, if the ECV check fails, SNMP traps messages for ECV failures are logged in the 3-DNS log file, but not in BIG-IP log file. The system logs trap messages for the failure of the associated virtual servers and wide IPs correctly.

Viewing toolbars in the Configuration utility and resizing the screen (CR28330)
If you resize the browser window when viewing the Configuration utility, you may not be able to see the entire toolbar on some of the screens. We recommend that, to avoid this problem, you maximize the browser window, and use a screen resolution of at least 1024 X 768.

Disabling the default data center (CR28348)
In the Configuration utility, you cannot disable the data center, Default. This data center is automatically created by the controller when you are running the 3-DNS Controller module on a BIG-IP system. We recommend that you create a new data center and move the servers from the data center, Default, to the newly-created data center. To do this, see the workaround Moving objects from the Default data center to a newly-created data center following this section of the release note.

Replacing 3-DNS systems and resetting the SSH key (CR28408)
Installing a replacement unit into your network breaks the trust relationship between the 3-DNS Controller and any devices with which it interacts. As a result, synchronization between the systems in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer SSH key (on the replacement unit), and synchronizing the updated 3-DNS Controller with other 3-DNS Controllers or BIG-IP systems. Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the systems in your network. Note that you must reset the SSH key before you run the Configure SSH communication with remote devices command, on the 3-DNS Maintenance menu.

Modifying a data center configuration and memory errors (CR28459)
You may see a memory error in the Configuration utility, when all of the following conditions are met:

  • You have more than one data center configured.

  • You try to modify the configuration of the first data center listed on the Data Centers List screen.

If you need to modify the configuration of the first listed data center, we recommend that you do so by editing the wideip.conf file, from the command line.

The named-xfer command and transferring zone files (CR28497)
If you use the named-xfer command to transfer zone files from the command line, the command incorrectly translates the ORIGIN address as the CNAME address.

Displaying data centers with 1000 or more defined servers (CR28529)
If you have 1000 or more servers defined for a certain data center, the 3-DNS Controller Configuration utility may, when displaying the defined servers, display an error. Disregard this error, as the screen eventually displays correctly all of the defined servers.

bigpipe commands that contain invalid trailing arguments  (CR28581)
If you type a bigpipe command that contains an invalid trailing argument, the bigpipe utility produces a syntax error, but may run the command anyway. In this situation, the command should fail.

Rerunning the Configure DNS option in the Setup utility and overwriting an existing named.conf file  (CR28614)
In the Setup utility (setup), when you rerun the Configure DNS (D) option, you overwrite the existing named.conf file with an empty named.conf file. To avoid this issue, before you rerun the Configure DNS (D) option in the Setup utility, we recommend that you create a backup copy of the named.conf file. Once you have rerun the Configure DNS (D) option, you can copy the contents of the backup copy of the named.conf file into the new named.conf file.

The NameSurfer log file does not get rotated by the system  (CR28615)
The NameSurfer™ application, /var/log/namesurfer.log, does not get rotated. This can result in the log file becoming large. If you find that the NameSurfer log file has become too large, you can remove the file from the system, and then run the bigstart restart namesurfer command.

Setting the length of time to disable a pool  (CR28901)
In the Configuration utility, when you disable a pool, you can specify an unrealistic time for the Length of time to disable setting. The Configuration utility does not enforce an upper limit for this setting. We recommend that you use caution when you specify a length of time to disable a pool.

Disabling the auto-discovery process and self IP addresses for servers  (CR29599)
When you have disabled, or turned off, the auto-discovery process for a particular server, the auto-discovery process ignores the setting and updates the server's configuration with new self IP addresses. To avoid this, we recommend that you disable auto-discovery by setting the autoconf option to no in the globals statement in the wideip.conf file.

Using the Sun ® Java® client and working with Topology  (CR29626)
If you have the Sun Java client (version 1.4.x) installed on your workstation, and you are using the browser-based Configuration utility to modify the topology statement, you cannot delete topology records. To work around this issue, we recommend that you modify the topology statement from the command line.

Error message in Configuration utility and valid range for VLAN tags  (CR29793)
The allowable values for VLAN tags are 1 through 4094. However, if you inadvertently specify a value that is outside of the allowable range, you see the following error message:
Error 335953 -- You have entered an invalid VLAN tag value. VLAN tags must be between 1 and 4096.
The error message incorrectly specifies a range of 1 through 4096, rather than 1 through 4094.

Reporting state for a proxy on a BIG-IP system  (CR30139)
When you have a proxy configured on a BIG-IP system, and the proxy is configured with a target server (rather than a target virtual server), the 3-DNS Controller reports the monitoring state of the proxy as unknown (a blue ball in the Configuration utility statistics screens).

Updating the big3d agent and BIG-IP version 3.1 systems  (CR30242)
Updating the big3d agent fails if you have BIG-IP systems that meet both of the following conditions:

  • The BIG-IP system is running version 3.1 software.

  • You have never updated the big3d agent on the system.

You can avoid this issue by stopping the big3d agent on the BIG-IP system before you perform the update. To stop the big3d agent, see the Stopping the big3d agent on a BIG-IP system, version 3.1 workaround following the Known issues section.

Inaccurate log message for virtual server status  (CR30235)
When a virtual server is marked down (red), the 3-DNS Controller sends a log message that says no nodes up. Instead, the log message should indicate that the virtual server is down.

Viewing data on the BIG-IP Statistics screen  (CR30464)
Occasionally, in the Configuration utility, the BIG-IP Statistics screen displays the BIG-IP data incorrectly.

LDNS statistics  (CR31239)
If you use the Configuration utility to clear LDNS statistics from the LDNS Statistics screen, the LDNS statistics are not cleared correctly. We recommend that you use the command line utility to clear LDNS statistics.

Principal 3-DNS Controller in a sync group  (CR31551)
If you disable a data center that includes the principal 3-DNS Controller in a sync group, the 3-DNS Controller is disabled by inheritance. This disables probing, which in turn causes all objects in the network to be marked as down.

Default gateway pools  (CR31928)
You can not configure a default gateway pool on the 3-DNS Controller.

sync groups and zone file configuration  (CR32148)
In rare instances, if you have a 3-DNS Controller configured in a sync group, when the system copies over the zone file configuration, the sync_zones utility may fail to start.

Configuring BIG-IP virtual servers  (CR32250)
If you add a duplicate IP address when configuring a BIG-IP virtual server, you receive the error message, Error 331776 -- Unspecified error. All fields on this page are required. This error message should indicate that you have entered a duplicate IP address.

Select Data Center screen  (CR32254)
When you add a new BIG-IP system to the configuration, if you make an invalid entry on the Select Data Center screen, you are not able to advance to the next screen after you correct the error. The Next button is not displayed. To work around this issue, we recommend that you click the Back button, and then return to the Select Data Center screen.

Random load balancing method  (CR32762)
If you configure a Wide IP and use Random as the load balancing method for pools, the load is incorrectly distributed in a way that is similar to Ratio load balancing.

One-time auto-discovery option  (CR32975)
The one-time auto-discovery option in the Setup utility runs each time you use the Setup utility. This option also runs each time 3dnsd is restarted. This option should only run the first time the Setup utility is started.

Wide IP port numbers replaced by service names and configuration errors  (CR32977)
In the Configuration utility, the Link Controller is automatically replacing wide IP port numbers with service names. If you subsequently modify any settings for the wide IP, you see an invalid port error message when you click Update. To work around this issue, when you modify the wide IP, change the wide IP port setting back to the port number before you click Update.

Autoconf and BIG-IP virtual servers  (CR33161)
Autoconf does not compile a complete list of BIG-IP virtual servers in all cases.

NameSurfer and remote Radius authentication  (CR33665)
If you are using Namesurfer and you have remote Radius authentication enabled, if you log in to the 3-DNS system using the Configuration utility, you must log in again in order to configure Namesurfer settings. If you want to return to the 3-DNS Configuration utility you must close the browser, open a new browser, and log in again.

Incorrect pending values in the Configuration utility  (CR33666)
In certain circumstances when a link goes down, the Configuration displays an incorrect "Pending" value for the link. This value may display in the Configuration utility until you use the 3ndc restart command.

Static depends configuration  (CR33671)
If you enable or disable Static Depends, you must use the 3ndc restart command in order for the virtual server to be updated correctly.

3dpipe syncgroup <syncgroup_name> show servers command  (CR34472)
If you use the 3dpipe syncgroup <syncgroup_name> show servers command, the system incorrectly displays the principal 3-DNS system as a receiver.

Virtual server dependency list  (CR34786)
If you use the Configuration utility to edit the Virtual Server Dependency list, before you can make changes to this list, you must remove all of the virtual servers from the Virtual Server Dependency box.

Incorrect virtual server status icons  (CR35061)
If you have Autoconf enabled and you use the Configuration utility to delete a BIG-IP system from the network configuration, in certain circumstances the virtual server status icons for the BIG-IP system display as gray. The icons may incorrectly remain in a gray state until you restart the 3dnsd utility.

Error messages logged in /var/log/3dns  (CR35714)
If you use the bigstart restart all command, the following error messages may be stored in the /var/log/3dns log:
sod-portal: One or more of the corba daemons has been incorrectly restarted.
sod-portal: Killing corba daemons in order to insure clean restart.
sod-portal: Restarting corba daemons.
You can disregard these error messages.

TTL settings for zones associated with wide-IPs  (CR35963)
If you are using NameSurfer and you add a wide-IP to a zone, the wide-IP time-to-live (TTL) setting is used instead of any previously configured TTL setting for that zone. If you add two wide-IPs with different TTL settings to the same zone, the second wide-IP TTL is used.

Modifying zones that are associated with wide-IPs  (CR35963)
If you use NameSurfer to add records to a zone associated with one or more wide-IPs, if you use the Configuration utility to modify one of the wide-IPs, the records may be overwritten. In addition, if you use the Configuration utility to change the TTL for a zone, the records will be overwritten.

NTP settings  (CR36782)
If you run the Setup utility and you re-configure the NTP settings, you must use the bigstart restart ntpd command in order for your changes to take effect.

Principal controllers in redundant systems  (CR36864)
If you have two 3-DNS Controllers or Link Controllers in a redundant configuration and you shut down the principal system (3ndc stop), the standby Link Controller or 3-DNS Controller does not become principal system.

Virtual server capacity load balancing  (CR36926)
If you use virtual server capacity load balancing mode, the 3-DNS system does not check whether virtual servers are disabled and may load balance traffic to disabled virtual servers.

Selecting links for probing  (CR36998)
If you have links defined, in certain cases the 3dnsd utility picks the best data center to handle probing instead of the best link. In most cases, the data center is adequate for probing.

Traps and logging (CR39325)
If you configure the system to send out traps, rapid logging may cause traps and log messages to be dropped. This type of rapid logging may occur when you load a configuration of several hundred nodes. At that time all of the nodes are checked and their status is logged. You can avoid this issue by adjusting the log levels for syslog configuration items. In addition, you may want to edit the /etc/snmptrap.conf files and comment out traps that are unimportant for your configuration.

Round trip time and hops no longer work together, nor do UDP and ICMP (CR42529)
The round trip time (RTT) and latency (Hops) Quality of Service (QOS) coefficients no longer work together for QOS probing. If RTT and Hops are configured at the same time, the 3-DNS Controller uses RTT.

For local DNS (LDNS) probing, the 3-DNS Controller does not support using both UDP and ICMP. If you select UDP and ICMP, the 3-DNS Controller removes UDP from the list, and uses ICMP.

Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.

3-DNS Controllers and CD upgrades
When you rebuild a 3-DNS Controller (or a BIG-IP system) using a CD, the SSH key changes. This breaks the trust relationship between the updated 3-DNS Controller and any devices with which it interacts. As a result, synchronization between the systems in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer SSH key and synchronizing the updated 3-DNS Controller with other 3-DNS Controllers or BIG-IP systems. Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the systems in your network.

Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS SNMP Statistics screen the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.

[ Top ]

Workarounds for known issues

The following sections describe workarounds for the corresponding known issues listed in the previous section.

Configuring bridge mode (CR18873)

If you want to configure the 3-DNS Controller to run in bridge mode, you need to do so using a local connection to the 3-DNS Controller. First, you create a VLAN group that includes both the internal and external VLANs. Next, you delete the self IP address for the 3-DNS Controller, and re-assign the IP address to the newly-created VLAN group. Finally, you save the configuration. The following instructions detail how to configure bridge mode.

To configure bridge mode

  1. Open the Setup utility by typing setup from the command line.

  2. Type D, and press Enter, to configure the 3-DNS mode.

  3. Using the arrow keys, choose Bridge, and press Enter.

  4. Type Q to close the Setup utility.

  5. To create a VLAN group, type the following command:
    b vlangroup <vlan group name> vlans add <vlan 1> <vlan 2>

    where <vlan 1> and <vlan 2> are the names of the two networks you want to link with bridge mode.

  6. To delete the self IP address of the 3-DNS interface, type the following command:
    b self <ip address> delete

    where <ip address> is the IP address that you want to assign to the newly-created VLAN group.

  7. To assign the IP address that you deleted as the self IP address in the previous step to the VLAN group, type the following command:
    b self <ip address> vlan <group name> netmask <netmask>

  8. To save the changes you just made, type the following command:
    b save

  9. Last, to save the entire base network configuration, type the following command:
    b base save

The 3-DNS Controller saves the changes and you can now use the 3-DNS Controller in bridge mode.

[ Top ]

Moving objects from the Default data center to a newly-created data center (CR23028, CR28348)

The following instructions describe how to move objects from the default data center to a data center that you create.

To move objects from the data center, Default, to a newly-created data center

  1. In the navigation pane, click Data Centers. The Data Centers screen opens.

  2. On the toolbar, click Add Data Center.
    The Add New Data Center screen opens.

  3. Add the settings for your new data center, and click Add.
    The new data center is added to the configuration, and the Data Centers screen opens.

  4. On the Data Centers screen, click the Remove button for the Default data center.
    A popup screen opens, where you can select the new data center for any objects that are currently in the Default data center.

  5. In the Data Center column, select the data center that you just created, and click Update. Note that you must do this for each of the listed objects.
    The Data Centers screen opens, and the Default data center is no longer listed.

[ Top ]

Removing a controller from a sync group (CR26784)

If you are upgrading the software on 3-DNS Controllers that are in a sync group, you must remove the controllers from the sync group before you apply the software. This is because the synchronization process cannot synchronize controllers that are running different software versions, including different PTF versions.

Note: You can re-create the sync group once you have upgraded the software for all of the controllers that belong to the sync group.

To remove a controller from a sync group using the Configuration utility

  1. In the navigation pane, click 3-DNS Sync.
    The Synchronization screen opens.

  2. In the Remove column, next to the controller that you want to remove from the sync group, click the Remove button.
    A popup screen opens to confirm the removal of the controller.

  3. Click OK.
    The screen refreshes, and the controller is no longer listed as a member of the sync group.

  4. Repeat these tasks for any additional sync group members that you want to remove from the sync group.

Alternately, you can remove the entire sync group, instead of removing the controllers one at a time.

To remove a sync group using the Configuration utility

  1. In the navigation pane, click 3-DNS Sync.
    The Synchronization screen opens.

  2. On the toolbar, click Remove this Group.
    A popup screen opens to confirm the removal of the sync group.

  3. Click OK.
    The screen refreshes, and the Add a New Sync Group screen opens, where you can re-create your sync group once you have upgraded the software on all of the controllers that belong to the sync group.

[ Top ]

Resetting the SSH key (CR28408)

The following instructions describe how to reset the SSH key for a system that you have upgraded using a CD.

To reset the SSH key for an updated 3-DNS Controller

  1. From the command line of each 3-DNS Controller in the sync group that has not been upgraded, change to the /root/.ssh/ directory.

  2. In the known_hosts file, the authentication_keys file, and the authentication_keys2 file, remove the SSH key for the upgraded system. (The upgraded system's IP address is part of the key name in the file.)

  3. Run the Configure SSH Communication with Remote devices command using the 3dnsmaint utility to update the SSH keys between devices.

[ Top ]

Stopping the big3d agent on a BIG-IP system, version 3.1 (CR30242)

Before you can update the original big3d agent for a BIG-IP system, version 3.1, to the current version, you must stop all instances of the agent. Note that you can do this from the command line only.

To stop the big3d agent on the BIG-IP system

  1. At the command prompt, type the following, and then press Enter:
    ps -ax | grep big3d
    The system generates a list of all big3d instances, with process IDs (PID).

  2. Type the following command:
    kill -9 [pid]
    where [pid] is the process ID in the list you generated in step 1.

    Note:  Repeat this step until you have stopped all instances of the big3d agent.

  3. Once you have stopped the big3d agent, you can then update the big3d agent to the current version, as described in the Updating the big3d agent section of this PTF note.
[ Top ]

Turning off the auto-discovery process for a BIG-IP system (CR27252)

You can turn off auto-discovery for a BIG-IP system using the following process. We recommend that you do not use auto-discovery when you are managing a non-routable address space with the BIG-IP system.

To turn off auto-discovery for a BIG-IP system

  1. In the navigation pane, expand the Servers item, and then click BIG-IP.
    The BIG-IP List screen opens.

  2. In the BIG-IP name column, click the name of the BIG-IP system that you want to modify.
    The Modify BIG-IP screen opens.

  3. In the Discovery box, select OFF.

  4. Click Update.
    The Configuration utility updates the configuration with the changes.
[ Top ]

Copyright © 2002-2005, F5 Networks, Inc., Seattle, Washington. All rights reserved.
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, GLOBAL-SITE, SEE-IT, EDGE-FX, FireGuard, Internet Control Architecture, IP Application Switch, iRules, PACKET VELOCITY, SYN Check, CONTROL YOUR WORLD, ZoneRunner, OneConnect, uRoam, and FirePass are registered trademarks or trademarks of F5 Networks, Inc., in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. F5 Networks' trademarks may not be used in connection with any product or service except as permitted in writing by F5.

Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information