Release Notes : 3-DNS Controller version 4.6.3

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.6.3
Release Notes
Software Release Date: 04/14/2005
Updated Date: 04/18/2019

Summary:

This release note documents version 4.6.3 of the 3-DNS® Controller. You can apply the software upgrade to version 4.5 and later. For information about installing the software, please refer to the instructions below.

F5 now offers both maintenance and feature releases. Version 4.6.3 is a feature release that is based on version 4.5.12 code. For more information on our new release polices, please see Description of the F5 Networks software version number format.

Warning: This is a feature release, not a maintenance release. Unless you need specific features that are new to this feature release, please upgrade to the latest maintenance release instead.

Contents:


Minimum system requirements and supported browsers

The minimum system requirements for this release are:

  • Intel® Pentium® III 550MHz processor
  • 512MB disk drive or CompactFlash® card
  • 256MB RAM

The supported browsers for the Configuration utility are:

  • Microsoft® Internet Explorer 5.0, 5.5, and 6.0
  • Netscape® Navigator 4.7x

Note: The IM package for this release is quite large. If the disk drive in your platform does not meet the minimum requirement, you may not be able to successfully install this release.

[ Top ]

Installing the software

Important: If you are upgrading a 3-DNS Controller that belongs to a sync group, you must remove the controller from the sync group before you apply the upgrade. Failure to do so may cause irrevocable damage to the controllers in the sync group that are running older versions of the software. Once you have upgraded all controllers to the same version, you can then re-create the sync group. For details on removing a controller from a sync group, see Removing a controller from a sync group. Once you have removed the controller from the sync group, you can proceed with the upgrade installation.

Note:  If you are updating the 3-DNS Controller module on a BIG-IP system, refer to the BIG-IP version 4.6.3 note for instructions on installing the upgrade. Applying the upgrade for BIG-IP version 4.6.3 also applies the upgrade to the 3-DNS module. The enhancements, fixes, and known issues for the 3-DNS Controller, however, are available only in the 3-DNS Controller version 4.6.3 release note.

The following instructions explain how to install the 3-DNS Controller version 4.6.3 onto existing systems running version 4.5 PTF-03 and later. The installation script saves your current configuration.

  1. Go to the Downloads site and locate the 3-DNS version 4.6.3 upgrade file, BIGIP_4.6.3_Upgrade.im.

    3-DNS is not listed as a product line on the Downloads site; the image file is listed under the BIG-IP 4.x product line.

  2. Download the software image and the BIGIP_4.6.4_Upgrade.md5 file.

    For information about how to download software, refer to SOL167: Downloading software from F5 Networks.

  3. If you downloaded the image file to a directory other than /var/tmp, copy the image file to the /var/tmp/ directory on your 3-DNS system.

     

  4. Check the md5 of the upgrade file by typing the following command:
    md5 BIGIP_4.6.3_Upgrade.im
    cat BIGIP_4.6.3_Upgrade.md5

    The two md5 values should be identical.

    Note: If the sums do not match, download the BIGIP_4.6.4_Upgrade.im file again and recheck the md5 for the file.

  5. Install the upgrade by typing the following command:
    im BIGIP_4.6.3_Upgrade.im.

The 3-DNS Controller automatically reboots once it completes installation.

Updating the big3d agent

After the PTF installation has completed, you need to install the new version of the big3d agent on all BIG-IP systems known to the 3-DNS Controller, as follows:

  1. Log on to the 3-DNS Controller at the command line.

  2. Type 3dnsmaint to open the 3-DNS Maintenance menu.

  3. Select Install and Start big3d, and press Enter.
    The 3-DNS Controller detects all BIG-IP systems in the network, and updates their big3d agents with the appropriate version of the agent.

  4. Press Enter to return to the 3-DNS Maintenance menu.

  5. Type Q to quit.

For more information about the big3d agent, see the 3-DNS Reference Guide.

[ Top ]

Activating the license

Once you install the upgrade and connect the controller to the network, you need a valid license certificate to activate the software. To obtain a license certificate, you need to provide two items to the license server: a registration key and a dossier. The registration key  is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license. The dossier  is obtained from the software, and is an encrypted list of key characteristics used to identify the platform. If you do not have a registration key, please contact your vendor.

You can obtain a license certificate using one of the following methods:

  • Automatic license activation
    You perform automatic license activation from the command line or from the web-based Configuration utility of an upgraded controller. This method automatically retrieves and submits the dossier to the F5 Networks license server, as well as installs the signed license certificate. In order for you to use this method, the controller must be installed on a network with Internet access.

  • Manual license activation
    You perform manual license activation from the Configuration utility, which is the browser-based user interface. With this method, you submit the dossier to, and retrieve the signed license file from, the F5 Networks license server manually. In order for you to use this method, the administrative work station must have Internet access.

Note:  You can open the Configuration utility using either Netscape Navigator 4.7x, or Microsoft Internet Explorer 5.0, 5.5, or 6.0.

To automatically activate a license from the command line for first time installation

  1. Type the user name root and the password default at the logon prompt.

  2. At the prompt, type license. The following prompts appear:
    IP:
    Netmask:
    Default Route:
    Select interface to use to retrieve license:

    The 3-DNS Controller uses this information to make an Internet connection to the license server.

  3. After you type the Internet connection information, continue to the following prompt:
    The Registration Key should have been included with the software or given when the order was placed. Do you have your Registration Key? [Y/N]:

    Type Y, and the following prompt displays:
    Registration Key:

  4. Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  5. You are asked to accept the End User License Agreement (EULA). Note that the system is not fully functional until you accept the EULA.

  6. Press Enter to reboot the system. The system is not fully functional until you reboot.

  7. If the licensing process is not successful, contact your vendor's technical support team.

To automatically activate a license from the command line for upgrades

  1. Type your user name and password at the logon prompt.

  2. At the prompt, type setup.

  3. Choose menu option (L) License Activation.

  4. The following prompt displays:
    Number of keys: 1
    If you have more than one registration key, enter the appropriate number, and press Enter.

  5. The following prompt displays:
    Registration Key:

    Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  6. If the licensing process is not successful, contact your vendor.

To manually activate a license using the Configuration utility

You can use the Configuration utility to manually activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must logon to the Configuration utility.

To open the Configuration utility for an existing 3-DNS Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the logon prompt, and click OK.
    The Configuration utility home screen displays.

To open the Configuration utility for a new 3-DNS Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the logon prompt, and click OK.
    The Configuration utility home screen displays.

Once you have successfully logged on to the Configuration utility, you can proceed with the manual license activation.

To manually activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Manual Authorization.

  3. At the Manual Authorization screen, retrieve the dossier using one of the following methods:

    • Copy the entire contents of the Product Dossier box.

    • Click Download Product Dossier, and save the dossier to the hard drive.

  4. Click the link in the License Server box.
    The Activate F5 License screen opens in a new browser window.

  5. From the Activate F5 License screen, submit the dossier using one of the following methods:

    • Paste the data you just copied into the Enter your dossier box, and click Activate.

    • At the Product Dossier box, click Browse to locate the dossier on the hard drive, and then click Activate.


    The screen returns a signed license file.

  6. Retrieve the license file using one of the following methods:

    • Copy the entire contents of the signed license file.

    • Click Download license, and save the license file to the hard drive.


  7. Return to the Manual Authorization screen, and click Continue.

  8. At the Install License screen, submit the license file using one of the following methods:

    • Paste the data you copied into the License Server Output box, and click Install License.

    • At the License File box, click Browse to locate the license file on the hard drive, and then click Install License.


    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  9. Click License Terms, review the EULA, and accept it.

  10. At the Reboot Prompt screen, select when you want to reboot the platform.
    You must reboot the controller to complete the license activation.

To automatically activate a license using the Configuration utility

You can use the Configuration utility to automatically activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.

To open the Configuration utility for an existing 3-DNS Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the logon prompt, and click OK.
    The Configuration utility home screen displays.

To open the Configuration utility for a new 3-DNS Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the logon prompt, and click OK.
    The Configuration utility home screen displays.

Once you have successfully logged on to the Configuration utility, you can proceed with the automatic license activation.

To automatically activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.

    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  3. Click License Terms, review the EULA, and accept it.

  4. At the Reboot Prompt screen, select when you want to reboot the platform.
    You must reboot the controller to complete the license activation.
[ Top ]

Changes to existing features

This release includes the following changes in product behavior.

Solution Description
SOL739 Versions of software packages used in this release
SOL1020 Reserved words for this release
SOL3689 Routes in /config/routes and /etc/netstart are removed
SOL3747 The user is now prevented from deleting the LDAP default.key
SOL3748 The FTBU now warns that it can rewrite zone files
SOL4011 Routes are now reloaded when changes to VLANs, interfaces, or self addresses are made
SOL4366 DNS proxy port now closed by default and a new global to open it
SOL4025 sshd.conf is now backed up when an upgrade is run
SOL4100 Hops and round trip time may no longer be used together in QOS calculations
SOL4101 ICMP and UDP high port probing may no longer be used together in RTT calculations
SOL4179 Hardware platforms supported by this release
SOL4180 SEE-IT providers are no longer included in this release
SOL4189 The topology database has been updated
SOL4324 You can now configure whether or not 3-DNS probes disabled objects
SOL4376 New versions of big3d are included in this release
SOL4402 big3d will now log a message when it exits
SOL4548 Ties in VS selection will now result in randomized response
SOL4557 Allow "?" to pass the checktrap.pl content test
SOL4570 EDGE-FX is no longer supported by 3-DNS

[ Top ]

 

New features in this release

This release includes the following new features.

Connection Rate Limit settings  (CR24840)
This release of the BIG-IP system includes new Connection Rate and Rate Limit settings with which you can measure the number of connections per second. You can then use this statistic to limit the number of connections to a node address. This feature is useful if there are times when you expect to have insufficient resources to service all requests, but you also want to ensure that all available servers are performing at maximum capacity. For example, if you have a data center that has enough capacity to handle the load when all the servers are functional, but you need to bring down half of the servers at a certain time in order to update the content. In this instance, the load may exceed the capacity of the remaining servers and cause the servers to become overloaded and unable to function at their maximum sustainable capacity. To avoid this situation, you can configure the BIG-IP system node connection rate limits to the maximum sustainable rate for each server. This prevents the servers from becoming over-burdened, and thus fewer requests are discarded.

In addition, if you are using the 3-DNS Controller to load balance traffic between data centers, you can use the virtual server rate limit in conjunction with global Available Connection Rate or Quality of Service load balancing to shift the load from the degraded data center to a data center with sufficient capacity.

For more information on configuring the Connection Rate and Rate Limit settings, see SOL4184: Configuring 3-DNS to limit connections to a virtual server based on the rate of requests rather than the number of concurrent requests

Radware SNMP Prober  (CR41010)
The 3-DNS Controller can now gather metrics from Radware machines configured on the network. For more information, see SOL4181: Configuring 3-DNS to probe Radware local traffic management products

Configuring client-side authentication using HTTPS ECV  (CR41651)
In this release you can configure client-side authentication using the HTTPS ECV monitor. If you currently use SSL and client-side certificates for authentication, you may want to configure this feature. This feature allows you to monitor the content of pages while using client-side authentication. To configure this feature, you can specify a certificate path in the ECV Certificate box on the Modify Wide IP screen in the Configuration utility, or specify a client_cert string in the ecv portion of the wideip.conf file. For more information, see SOL4182: Configuring 3-DNS to supply a client SSL certificate for an Extended Content Verification (ECV) health monitor

IP Classifier database  (CR41800)
In this release we have updated the IP Classifier database used by the 3-DNS Controller. For more information, see SOL4189: Most recent updates to the 3-DNS Controller's IP Classifier database

Recursion bit settings  (CR43974)
We have added a new global variable in this release that allows you to configure whether the 3-DNS Controller sets the recursion bit (RA bit) for replies issued by 3dnsd. This feature may be useful in cases where you have applications that only accept DNS responses that have the recursion bit set. This feature is disabled by default. For more information, see SOL4187: Setting the recursion bit for 3dnsd replies on the 3-DNS Controller

BIND Vulnerabilities VU#938617 and VU#327633 (CR44372)
This release includes BIND version 9.3.1. This version of BIND addresses the BIND vulnerabilities described in Vulnerability Note VU#938617 and VU#327633 on the CERT® Coordination Center Web site. For more information on the vulnerabilities, see http://www.kb.cert.org/vuls/id/734644.

New fixes in this release

In the 4.6.3 release, on a trial basis, we have modified the format for displaying CRs for fixes and known issues. The CRs are now listed in a table format, with the corresponding solution listed next to the CR. Clicking the solution link directs you to the more detailed solution document that is posted on the AskF5 Technical Support Web Site. We continually update these solution documents on AskF5 as new details become available. If additional known issues are discovered after we release version 4.6.3, we will update the known issues table with the new CR and solution numbers, with the goal of keeping you current on our known issues.

If you encounter a solution that does not have an active link, it is likely that we have not yet had a chance to get the solution posted on AskF5, but please continue to check this table for new content or links.

This release includes the following new fixes.

CR Solution Description
CR14926 SOL3676 3dnsmaint does not copy iQuery keys to remote units
CR22419 SOL4408 Inability to delete files during an upgrade might result in unallocated iNodes
CR23634 SOL3678 sod reports unnecessary bigapi_unit_mask errors
CR26589 SOL4201 The IP classifier database can now be loaded from the Configuration utility
CR27161 SOL3701 Help for bigpipe class did not exist
CR27161 SOL3703 Help for bigpipe interface did not exist
CR27161 SOL3705 Help for bigpipe reset did not exist
CR27161 SOL3707 Help for bigpipe list did not exist
CR27161 SOL3710 Help for bigpipe merge did not exist
CR27161 SOL3711 Help for bigpipe base save did not exist
CR27161 SOL3712 Help for bigpipe base list did not exist
CR27161 SOL3713 Help for bigpipe save did not exist
CR27205 SOL3715 Syslog listens on UDP port 514
CR27252 SOL3716 Auto discovery and configuration does not ignore loopback virtual servers
CR27424 SOL3717 NTP fails after loading the configuration using the Configuration utility
CR27820 SOL5057 The error message "WARN:FlushAllIQM: iqBufFlush() failed" may be logged after restart
CR27878 SOL3726 Probing always uses the same interface and source address
CR28079 SOL3729 Server appliances enter a netboot loop after a halt command is issued
CR28101 SOL3730 The Configuration utility does not allow more than 39 topology entries
CR28316 SOL1660 Zombie processes might be generated when a terminal server is attached
CR28316 SOL3733 Duplicate VLANs appear when a self IP address on the 135./8 network is configured
CR28408 SOL2720 Cannot establish an SSH connection from a new BIG-IP system or 3-DNS Controller received as an RMA
CR28497 SOL3739 3-DNS Controller might truncate some zone entries when used as a secondary DNS
CR29599 SOL3739 Automatic discovery and configuration occur even when globally disabled
CR29730 SOL3715 Syslog listens on UDP port 514
CR29843 SOL3787 BIG-IP 2400, 5000, and 5100 units might lock up during reboot
CR29859 SOL4402 big3d now logs a message when it exits
CR30235 SOL3809 3-DNS Controller logs an unnecessary "No nodes up" message
CR30583 SOL3812 Random pool selection is not random, and selects the same pool every time
CR30877 SOL4242 The im -Q command does not always report the correct versions for installed packages
CR30995 SOL3815 Fiber gigabit ports show output errors on switch appliances
CR31388 SOL5178 The full_debug script may add duplicate or overlapping statements to syslog.conf
CR31551 SOL3822 Disabling a datacenter does not cause another 3-DNS Controller to become the principle unit
CR32148 SOL3825 sync_zones might leave a stale pid file and refuse to run
CR32375 SOL3896 Dropped packet counters in netstat and bigpipe interface might be inconsistent
CR32975 SOL3904 One-time auto discovery continues to run each time 3dnsd restarts
CR33286 SOL3906 /etc/syslog.conf comments indicate the wrong location of checktrap.pl
CR33614 SOL3907 The status legend is incorrect
CR33624 SOL3908 The Allow Fragmentation option remains in the Configuration utility
CR34446 SOL3915 Problems with internal interface drivers might make BIG-IP system unresponsive
CR34472 SOL3915 3dpipe syncgroup does not report principle status
CR34525 SOL3917 The standby system might send a gratuitous ARP using the floating IP address
CR34737 SOL5041 The Configuration utility will not accept host addresses that end in .255
CR35576 SOL3969 3dnsd might crash due to internal mishandling of long error messages
CR35576 SOL3969 3dnsd might become unstable due to incorrectly formatted errors
CR36377 SOL4405 High speed interface statistics are reported in the wrong units
CR36863 SOL3979 Routers probed by SNMP v1 might be weighted incorrectly
CR36926 SOL3981 vs_capacity is able to choose down or disabled virtual servers
CR36998 SOL3982 3-DNS Controller does not always choose the closest prober
CR37147 SOL3987 The system might become unstable when running the ANIP kernel and using the bpf device
CR37260 SOL3988 DMA support is disabled on the D35 platform
CR38552 SOL4005 Changing a wide IP name does not update associated aliases in Namesurfer
CR38795 SOL4006 3-DNS Controller might become unstable during a synchronization process
CR38838 SOL4007 Upgrade process does not successfully update the root.hint file
CR39078 SOL4009 libpng version 1.0.9 contains security vulnerabilities
CR39175 SOL4015 3-DNS units might become unresponsive when inter-communicating
CR40149 SOL4060 Topology entries with not (!) cannot be deleted using the Configuration utility
CR40389 SOL3369 BIG-IP system and 3-DNS Controller are vulnerable to VU#395670/CAN-2004-0171
CR40390 SOL3369 BIG-IP system and 3-DNS Controller are vulnerable to VU#395670/CAN-2004-0171
CR40428 SOL3372 SNMP traps are sent using the wrong OID base
CR41099 SOL4087 qkview might enter an infinite loop and produce a huge output file
CR41113 SOL4088 Syslog does not attempt enough retries when logging many simultaneous messages
CR41203 SOL4089 root.hint file is missing after clean installation
CR41267 SOL4378 The man page for the dig command is missing
CR41715 SOL4321 The 3dns_add script prompts the user to synchronize a default named.conf file
CR41801 SOL4402 big3d now logs a message when it exits
CR41836 SOL2720 Cannot establish an SSH connection from a new BIG-IP system or 3-DNS Controller system received as an RMA
CR41852 SOL2325 The gray virtual server status is not documented
CR41863 SOL4321 The 3dns_add script prompts the user to synchronize a default named.conf file
CR41879 SOL3372 SNMP traps are sent using the wrong OID base
CR41881 SOL4405 High speed interface statistics are reported in the wrong units
CR41948 SOL4408 Inability to delete files during an upgrade might result in unallocated iNodes
CR42101 SOL5041 The Configuration utility will not accept host addresses that end in .255
CR42283 SOL4203 3-DNS Controller does not respond to AAAA or A6 records
CR42429 SOL4207 Apache mod_include vulnerability CAN-2004-0940
CR42529 SOL4100 Hops and round trip time can no longer be used together in QOS calculations
CR42529 SOL4101 ICMP and UDP high port probing can no longer be used together in RTT calculations
CR42530 SOL4100 Hops and round trip time may no longer be used together in QOS calculations
CR42530 SOL4101 ICMP and UDP high port probing may no longer be used together in RTT calculations
CR42531 SOL4100 Hops and round trip time may no longer be used together in QOS calculations
CR42531 SOL4101 ICMP and UDP high port probing may no longer be used together in RTT calculations
CR42532 SOL4100 Hops and round trip time may no longer be used together in QOS calculations
CR42532 SOL4101 ICMP and UDP high port probing may no longer be used together in RTT calculations
CR42760 SOL4208 The string "--" cannot be used in certificate names
CR42763 SOL4208 The string "--" cannot be used in certificate names
CR42764 SOL4209 RRD graphs are improperly cached
CR42843 SOL4326 System crashes, panics, and hangs fixed in this release
CR43530 SOL4324 You can now configure whether 3-DNS Controller probes disabled objects
CR43583 SOL4328 The ntpd daemon fails to run when more than 128 VLANs exist
CR43628 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR43643 SOL4328 The ntpd daemon fails to run when more than 128 VLANs exist
CR44148 SOL4209 RRD graphs are improperly cached
CR44270 SOL4334 The 3dpipe command now disables a datacenter correctly
CR44372 SOL4351 BIND VU#938617
CR44375 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44376 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44450 SOL4334 The 3dpipe command now disables a datacenter correctly
CR44570 SOL4160 3-DNS Controller marks down any BIG-IP version 9.x virtual servers that are configured to use rules
CR44684 SOL4335 BIG-IP system internal variables are now configurable on 3-DNS Controllers
CR44685 SOL4335 BIG-IP system internal variables are now configurable on 3-DNS Controllers
CR44712 SOL4326 3dnsd might crash due to internal mishandling of long error messages
CR44780 SOL4336 The config_ssh script might time out prematurely when attempting to connect
CR44781 SOL4336 The config_ssh script might time out prematurely when attempting to connect
CR44807 SOL4326 3dnsd might crash due to internal mishandling of long error messages
CR44994 SOL4550 The bigpipe man page references incorrect locations for named.conf and named.boot
CR45015 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR45121 SOL3969 3dnsd may crash due to internal mishandling of long error messages
CR45187 SOL4550 The bigpipe man page references incorrect locations for named.conf and named.boot
CR45625 SOL4559 A small memory leak occurs in 3dnsd when snmpd is restarted
CR45736 SOL4559 A small memory leak occurs in 3dnsd when snmpd is restarted
CR47917 SOL5077 The Configuration utility may crash when displaying production rules
CR47918 SOL5077 The Configuration utility may crash when displaying production rules
CR48152 SOL4809 BIG-IP and 3-DNS are vulnerable to CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
CR48153 SOL4809 BIG-IP and 3-DNS are vulnerable to CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280

 

[ Top ]

Features and fixes released in prior releases

The current release includes the features and fixes that were distributed in prior feature releases, as listed below.

Version 4.6.2

System statistics screen  (CR28085)
This release includes a System Graph Statistics screen in the Configuration utility that displays statistics about the 3-DNS system in a graphical format so that you can view changes and trends in statistics over time. The System Graph Statistics screen displays statistics including CPU usage and memory usage.
To view the System Graph Statistics screen, in the left pane of the Configuration utility, click Statistics and then click System Graphs.

Support for BIND 9.2.2 and Namesurfer version 3.0.6 
This version of the 3-DNS software includes the BIND DNS server version 9.2.2 and NamesurferTM version 3.0.6. This version of the BIND software contains security enhancements as well as DNS protocol enhancements. For added security, the named utility now runs in a chroot environment. Namesurfer version 3.0.6 supports some, but not all of the BIND 9.2.2 feature set. It does not support Views or ACLs. This version of the 3-DNS software does not support A6 or ipv6 (AAAA) records, and it does not support DHCP.

Important:  If you are currently using BIND version 8, be aware that the file system layout has changed and there are new executables and scripts in version 9. If you have named.conf or zone-files stored in non-standard locations, you need to move these files before you upgrade to this version of the software. For more information see, BIND 9 file system migration in the Required configuration changes section of this release note.

BIND MIB removed   (CR38482)
In previous releases, the 3-DNS system exposed the BIND rfc1611 MIB. This MIB is removed in this release.

RSA SecurID authentication 
This version of the 3-DNS software includes support for RSA SecurID® authentication, the remote authentication protocol used by RSA ACE/Server® software. RSA SecurID authentication is a two-part authentication mechanism that requires both a user ID and a passcode that changes every 60 seconds. For more information on RSA SecurID authentication, please see http://www.rsasecurity.com/node.asp?id=1156. To configure RSA SecurID authentication, see Configuring RSA SecurID authentication in the Optional configuration changes section of this release note.

Version rollback script 
This release includes a rollback script that allows you to return to the previous version of the 3-DNS software, after you upgrade. This script is designed to allow you to rollback the software version in instances where you upgrade before you discover that the new version of the software is incompatible with your specific network configuration. You can use the script to return only within the major version (see SOL4476: BIG-IP Software Lifecycle Policy) of the BIG-IP software that was installed on the system prior to the upgrade. Any configuration changes you make after the upgrade are lost when you run the rollback script.

To use the rollback feature you must create a rollback IM package before you upgrade to a different version of the software.

Important:  The mkrb file for version 4.6.2 contains a defect. If you install a rollback package created by the version 4.6.2 mkrb file, the rollback procedure will fail. If you are running version 4.6.2 and you want to create a rollback IM package, we recommend that you use the mkrb file included with version 4.6.3 to create the package.

To create a rollback IM package in /var/tmp/rb using the version 4.6.3 mkrb file, use the following procedure:

  1. Change your directory to /var/tmp by typing the following command:
    cd /var/tmp

  2. Extract the mkrb file from the 4.6.3 upgrade package by typing the following command:
    -tar -xzf BIGIP_4.6.3_Upgrade.im usr/local/bin/mkrb

  3. Create the necessary rollback files by typing the following command:
    ./usr/local/bin/mkrb BIGIP_4.6.3_Upgrade.im

This creates an IM package that you can run on the 3-DNS system if you want to return to the previous version of the software. The IM upgrade package you create is located in the /var/tmp/rb directory.
To install the rollback IM package, type the following commands:
cd /var/tmp/rb
im <rollback_im_package_name>.im

Note:  If you install the rollback package created by the script and decide that you want to upgrade to a later version of the software in the future, you will need to use the im -force /var/tmp/rb/<rollback_im_package_name>.im command to install the IM package.

named watchdog 
A new variable is included in this release that initiates a failover and restarts the named utility if the named utility fails for any reason. You can enable this variable using the command line utility. Use the following command to enable this feature:

bigpipe db set "Common.Bigip.Failover.OnNamedFail" = true

After you enable or disable this variable, we recommend that you start, stop, and restart the named utility using the following commands:

bigstart startup named
bigstart shutdown named
bigstart restart named

Support for TFTP 
This version of the 3-DNS software supports TFTP (Trivial File Transport Protocol rev 2 - rfc1350) traffic control.

Version 4.6.1

This release includes the following fix.

The OpenSSL package has been upgraded to version 0.9.7d (CR33306) (CR33755)
The OpenSSL package has been upgraded to version 0.9.7d. This upgrade addresses several recent security issues with OpenSSL described in Technical Cyber Security Alert TA04-078A. This version addresses CERT vulnerabilities VU#288574 and VU#484726. For more information on the resolved security issues, see http://www.us-cert.gov/cas/techalerts/TA04-078A.html.

Version 4.6

The 4.6 release contains several new features for the BIG-IP and Link Controller software.

[ Top ]

Required configuration changes

Once you have installed the software, you must make the following required configuration changes, if appropriate.

BIND 9 file system migration

If you are currently using BIND version 8, be aware that the file system layout has changed and there are new executables and scripts included in version 9. If you have named.conf or zone-files stored in non-standard locations, you need to move these files before you upgrade to this version of the software. If you have edited the named.conf or zone-files by hand, the named.conf files may not work properly when you upgrade. The BIG-IP system runs a check after upgrade to make sure that the named.conf and zone-files are working correctly. If the BIG-IP system detects problems converting these files, the system displays an error message in the Configuration utility, and logs error messages to the /var/named/etc/conversion.log log file. The table below lists the F5 standard file locations for BIND versions 8 and 9.

BIND 8 BIND 9 File
/etc/named.conf /var/named/etc/named.conf Main configuration file
/etc/namedb /var/named/etc/namedb Zone files
ndc rdnc ndc utility

BIND 9 does not support the ndc utility. The ndc utility is replaced with the rndc utility in this release. You can use the rndc utility to stop or re-load the configuration. However, we do not recommend using the rndc utility to start named. You should use the bigstart named or sod-named commands to start named.

[ Top ]

Removing a controller from a sync group

If you are upgrading a 3-DNS Controller that belongs to a sync group, you must remove the controller from the sync group before you apply the upgrade. Once you have upgraded all controllers to the same version, you can then re-create the sync group. Once you have removed the controller from the sync group, you can proceed with the upgrade installation.

Note: You can re-create the sync group once you have upgraded the software for all of the controllers that belong to the sync group.

To remove a controller from a sync group using the Configuration utility

  1. In the navigation pane, click 3-DNS Sync.
    The Synchronization screen opens.

  2. In the Remove column, next to the controller that you want to remove from the sync group, click the Remove button.
    A popup screen opens to confirm the removal of the controller.

  3. Click OK.
    The screen refreshes, and the controller is no longer listed as a member of the sync group.

  4. Repeat these tasks for any additional sync group members that you want to remove from the sync group.

Alternately, you can remove the entire sync group, instead of removing the controllers one at a time.

To remove a sync group using the Configuration utility

  1. In the navigation pane, click 3-DNS Sync.
    The Synchronization screen opens.

  2. On the toolbar, click Remove this Group.
    A popup screen opens to confirm the removal of the sync group.

  3. Click OK.
    The screen refreshes, and the Add a New Sync Group screen opens, where you can re-create your sync group once you have upgraded the software on all of the controllers that belong to the sync group.

 

[ Top ]

Known issues

The following items are known issues in the current release.

CR Solution Description
CR9333 SOL5189 Multiple instances of the Configuration utility may overwrite each other
CR11703 SOL5265 Production rules do not stop when the Stop Time is reached
CR11710 SOL5265 Production rules do not stop when the Stop Time is reached
CR14294 SOL765 Reverse ECV monitors mark nodes up only as frequently as the timeout period
CR14955 SOL5078 The Configuration utility allows special characters in configuration object names
CR14956 SOL5078 The Configuration utility allows special characters in configuration object names
CR16629 SOL311 The production rule wizard does not allow changes to QOS settings for existing rules
CR16971 SOL5078 The Configuration utility allows special characters in configuration object names
CR16972 SOL5078 The Configuration utility allows special characters in configuration object names
CR16973 SOL5078 The Configuration utility allows special characters in configuration object names
CR17173 SOL5078 The Configuration utility allows special characters in configuration object names
CR18008 SOL312 Equivalence operators in production rules must be separated on either side with a space
CR18859 SOL5370 The Configuration utility reports an error if you attempt to add an invalid VS dependency
CR19648 SOL320 The splash screen displayed by the first time configuration utility contained erroneous instructions
CR20183 SOL5179 3dpipe will not allow pool names that consist only of numerals
CR20213 SOL327 QOS values for VS Capacity and Kilobytes/Second might change
CR20322 SOL328 Ports List page does not display the ports enabled for a wide IP
CR20337 SOL766 Debugging commands are not entirely removed from 3-DNS
CR21176 SOL767 Changing the address of a wide IP to an invalid address can cause 3dnsconf.cgi to become unstable
CR21513 SOL334 The Configuration utility might become unstable if a router is configured with multiple self addresses
CR22374 SOL780 The Last Hit column on the Requests Statistics page actually displays persistence expiration
CR22875 SOL5260 A unit in a redundant pair may still become active when 3dnsd is disabled
CR23224 SOL5032 The Configuration utility does not correctly modify wide IP names
CR23287 SOL5254 Correcting mis-matched self IP addresses in an active-active system may cause 3dnsd to crash
CR23564 SOL783 Saved copies and new copies of snmptrap.conf can conflict after an upgrade
CR24734 SOL5230 Auto-configuration may incorrectly set the Unit IDs on 3-DNS redundant pairs
CR24735 SOL5230 Auto-configuration may incorrectly set the Unit IDs on 3-DNS redundant pairs
CR25821 SOL816 F5 source addresses are not added to hosts.allow when the support account is enabled
CR26610 SOL336 Disabling SNMP traps using the Configuration utility causes an error
CR26784 SOL5030 3-DNS may not respond to requests after upgrade if persistence and a sync group are configured
CR27037 SOL5186 Changing a self IP address does not change associated bigdb entries
CR27260 SOL371 Default gateway pools cannot be changed using the config command
CR27359 SOL5185 3dnsmaint cannot copy big3d to BIG-IP 3.x versions
CR27501 SOL399 The config command reports an unnecessary error when a copy of 3dnsd is already running
CR27791 SOL437 An error is logged to /var/log/3dns when a router is not configured for a datacenter
CR27799 SOL445 An error may be reported when synchronizing iQuery keys
CR27823 SOL1290 3-DNS Controller adds a forward slash (/) to the beginning of the text added to the File Name field
CR27923 SOL446 The network map never marks pool virtual servers red
CR27924 SOL446 The network map never marks pool virtual servers red
CR28099 SOL486 3-DNS Controller still uses BIG-IP systems for probing when all prober factories have been deleted
CR28180 SOL5262 3-DNS may not properly create configuration statements for redundant pairs
CR28228 SOL509 The 3-DNS Controller might display a 331781 memory error, but not fail the operation that caused the error
CR28348 SOL1491 The Configuration utility appears to allow you to disable a datacenter, but does not actually change the configuration
CR28529 SOL509 3-DNS Controller might display a 331781 memory error, but not fail the operation that caused the error
CR28459 SOL1664 Modifying a data center from the Configuration utility results in an error
CR28626 SOL554 You cannot manage topology records with a web browser that uses the Sun Java Virtual Machine
CR29967 SOL2853 The Wide IP Port drop down box can list only pre-configured ports
CR30139 SOL5169 3-DNS cannot determine the state of SSL proxies that use remote target servers
CR30212 SOL5032 The Configuration utility does not correctly modify wide IP names
CR30225 SOL5258 Manual configuration changes and synchronization may conflict
CR30242 SOL5185 3dnsmaint cannot copy big3d to BIG-IP 3.x versions
CR30243 SOL5191 Versions of big3d included in 3-DNS 4.5 PTF-04 and later do not work on BIG-IP version 4.5
CR30783 SOL2942 Default gateway entry is converted to a default gateway pool
CR31239 SOL1865 You must use the command line to clear LDNS statistics
CR31928 SOL766 Debugging commands are not entirely removed from the 3-DNS Controller
CR31946 SOL1902 You must configure a self IP address for a new system before using 3dnsmaint to set up SSH communication
CR32729 SOL743 You cannot configure the ECV scan level of none using the Configuration utility
CR32755 SOL573 In rare cases, a BIG-IP object with an address of 127.0.0.1 may be created
CR32762 SOL591 The random pool load balancing mode distributes connections using a fixed ratio
CR32977 SOL2853 The Wide IP Port drop down box can list only pre-configured ports
CR33161 SOL604 Autoconf might not add all virtual servers when it is initially run after configuring the 3-DNS Controller
CR33666 SOL3343 3-DNS displays a large pending value for a link on the Probers Statistics page
CR33671 SOL5137 Changes to Check Static Dependencies require a 3ndc restart to take effect
CR33735 SOL653 The summary statistics provided for BIG-IP systems are inaccurate
CR33815 SOL761 The table that contains Nokia NetAct SNMP traps might grow very large and use disk space
CR33921 SOL3657 Available memory reported by the "memAvailReal" OID and the "vmstat" command differs
CR34267 SOL4717 3-DNS changes the interface media settings after running the Setup utility
CR34599 SOL2325 The gray virtual server status is not documented
CR35174 SOL3818 3-DNS logs an error message in the /var/log/3dns file:
CR35320 SOL309 The Telnet and FTP servers are not started when you enable Telnet and FTP
CR37565 SOL814 After logging out, you cannot log in to NameSurfer as the same user
CR37656 SOL659 Adding aliases to wide IPs can lead to NameSurfer zone corruption
CR37919 SOL676 File locking is not performed when running the 3dns_add and sync_zones scripts
CR38086 SOL145 Copper gigabit switch ports should not allow manual media settings
CR38087 SOL145 Copper gigabit switch ports should not allow manual media settings
CR38163 SOL681 The Explicit IP, Return to DNS, None, and Drop Packet load balancing modes do not work correctly
CR38193 SOL688 The Hops, RTT, and QOS load balancing modes return a single virtual server if probing is disabled
CR38340 SOL692 Sync groups allow synchronization across versions
CR38491 SOL688 The Hops, RTT, and QOS load balancing modes return a single virtual server if probing is disabled
CR38569 SOL146 The Return to previous page link does not work after entering invalid dates for the change log
CR39381 SOL150 Disabling a link by name in an application object does not work
CR39967 SOL5259 3-DNS may not always create backward-compatible iQuery messages
CR41714 SOL312 Equivalence operators in production rules must be separated on either side with a space
CR41803 SOL2942 Default gateway entry is converted to a default gateway pool
CR41805 SOL309 The Telnet and FTP servers are not started when you enable Telnet and FTP
CR41808 SOL311 The production rule wizard does not allow changes to QOS settings for existing rules
CR41809 SOL312 Equivalence operators in production rules must be separated on either side with a space
CR41810 SOL320 Cannot access the Configuration utility after running the Setup utility
CR41811 SOL327 QOS values for VS Capacity and Kilobytes/Second might change
CR41812 SOL328 Ports List page does not display the ports that are enabled for a wide IP
CR41814 SOL334 For multi-homed routers, you must configure the 3-DNS Controller with a link to the router that uses a self IP address on each of the multi-homed networks
CR41816 SOL5032 The Configuration utility does not correctly modify wide IP names
CR41824 SOL371 Default gateway pools cannot be changed using the config command
CR41826 SOL399 The config command reports an unnecessary error when a copy of 3dnsd is already running
CR41829 SOL437 An error is logged to /var/log/3dns when a router is not configured for a datacenter
CR41830 SOL445 An error might be reported when synchronizing iQuery keys
CR41831 SOL446 The network map never marks pool virtual servers red
CR41833 SOL467 It is possible to partially remove a link by deleting its self address and VLAN
CR41834 SOL486 3-DNS Controller still uses BIG-IP systems for probing when all prober factories have been deleted
CR41835 SOL5262 3-DNS may not properly create configuration statements for redundant pairs
CR41837 SOL509 3-DNS Controller might display a 331781 memory error, but not fail the operation that caused the error
CR41839 SOL554 You cannot manage topology records with a web browser that uses the Sun Java Virtual Machine
CR41843 SOL743 You cannot configure the ECV scan level of none using the Configuration utility
CR41844 SOL573 In rare cases, a BIG-IP object with an address of 127.0.0.1 may be created
CR41845 SOL591 The random pool load balancing mode distributes connections using a fixed ratio
CR41847 SOL604 Autoconf might not add all virtual servers when initially run after configuring the 3-DNS Controller
CR41849 SOL653 The summary statistics provided for BIG-IP systems are inaccurate
CR41853 SOL659 Adding aliases to wide IPs can lead to NameSurfer zone corruption
CR41854 SOL676 File locking is not performed when running the 3dns_add and sync_zones scripts
CR41855 SOL681 The Explicit IP, Return to DNS, None, and Drop Packet load balancing modes do not work correctly
CR41856 SOL688 The Hops, RTT, and QOS load balancing modes return a single virtual server if probing is disabled
CR41857 SOL692 Sync groups allow synchronization across versions
CR41858 SOL688 The Hops, RTT, and QOS load balancing modes return a single virtual server if probing is disabled
CR41866 SOL766 Debugging commands are not entirely removed from the 3-DNS Controller
CR41876 SOL2853 The Wide IP Port drop down box can list only pre-configured ports
CR41877 SOL761 The table that contains Nokia NetAct SNMP traps might grow very large and use disk space
CR41884 SOL765 The Generate and Copy iQuery Encryption Key option detects BIG-IP/3-DNS combination products twice and attempts to copy the iQuery keys to each detected unit
CR41887 SOL767 Changing the address of a wide IP to an invalid address can cause 3dnsconf.cgi to become unstable
CR41888 SOL780 The Last Hit column on the Requests Statistics page actually displays persistence expiration
CR41889 SOL783 Saved copies and new copies of snmptrap.conf can conflict after an upgrade
CR41891 SOL816 F5 source addresses are not added to hosts.allow when the support account is enabled
CR41897 SOL1290 3-DNS Controller adds a forward slash (/) to the beginning of the text added to the File Name field
CR41899 SOL1491 The Configuration utility appears to allow you to disable a datacenter, but does not actually change the configuration
CR41902 SOL1664 Modifying a data center from the Configuration utility results in an error
CR41909 SOL1865 You must use the command line to clear LDNS statistics
CR41911 SOL1866 You must configure a self IP address for a new system before using 3dnsmaint to set up SSH communication
CR41912 SOL1902 You must configure a self IP address for a new system before using 3dnsmaint to set up SSH communication
CR41917 SOL3343 3-DNS displays a large pending value for a link on the Probers Statistics page
CR41919 SOL3657 Available memory reported by the "memAvailReal" OID and the "vmstat" command differs
CR41922 SOL3818 3-DNS logs an error message in the /var/log/3dns file:
CR41926 SOL5259 3-DNS may not always create backward-compatible iQuery messages
CR42147 SOL4717 3-DNS changes the interface media settings after running the Setup utility
CR43497 SOL5257 3-DNS will not sync changes to the prober address when you change it back to the default value
CR43498 SOL5257 3-DNS will not sync changes to the prober address when you change it back to the default value
CR43639 SOL5145 BIND may not receive notification from NameSurfer when NameSurfer receives zone changes from the principal 3-DNS Controller
CR46405 SOL4810 BIG-IP and 3-DNS may report "date not found" during installation
CR46407 SOL4810 BIG-IP and 3-DNS may report "date not found" during installation
CR46509 SOL4497 Switch appliances do not send an SNMP trap when booting because the switch ports are disabled
CR47235 SOL4572 The login.conf file may be overwritten during an upgrade
CR47236 SOL4572 The login.conf file may be overwritten during an upgrade
CR47237 SOL4583 The 3-DNS Controller is vulnerable to VU#222750
CR47261 SOL4583 The 3-DNS Controller is vulnerable to VU#222750
CR47262 SOL4583 The 3-DNS Controller is vulnerable to VU#222750
CR47276 SOL4574 BIG-IP and 3-DNS will not prevent you from installing unsupported versions on older hardware
CR47296 SOL4583 The 3-DNS Controller is vulnerable to VU#222750
CR47531 SOL5064 3dnsd may crash when several hundred BIG-IPs are added to the configuration
CR47532 SOL5064 3dnsd may crash when several hundred BIG-IPs are added to the configuration
CR48262 SOL4583 The 3-DNS Controller is vulnerable to VU#222750
CR48313 SOL4583 The 3-DNS Controller is vulnerable to VU#222750
CR48351 SOL4817 3-DNS may corrupt the CLASS field when responding to a AAAA record request
CR48352 SOL4817 3-DNS may corrupt the CLASS field when responding to a AAAA record request
CR49272 SOL4532 The BIG-IP system and 3-DNS Controller are vulnerable to CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
CR49273 SOL4532 The BIG-IP system and 3-DNS Controller are vulnerable to CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
CR49336 SOL4616 BIG-IP and 3-DNS are vulnerable to CAN-2005-0488
CR49337 SOL4616 BIG-IP and 3-DNS are vulnerable to CAN-2005-0488
CR58321 SOL6551 Changes in US and Canada Daylight Saving Time
[ Top ]