The 3-DNS Controller provides utilities for monitoring and administration. You can perform configuration tasks, and monitor system statistics for all components of the 3-DNS Controller.
The 3-DNS Controller provides the following configuration, monitoring, and administration utilities:
You can use the 3-DNS Maintenance menu to manually configure and monitor the 3-DNS Controller. However, if you work with either the browser-based Configuration utility or the NameSurfer application, you cannot use the 3-DNS Maintenance menu.
You can use the 3-DNS Maintenance menu to perform the following types of manual configuration tasks:
Figure 6.1 shows the main screen of the 3-DNS Maintenance menu:.
3 D N S(®) Maintenance Menu
Configure secure communication between all 3-DNS and BIG-IP systems
Generate and Copy iQuery Encryption Key
Check versions of named, BIG-IP kernel and needed big3d
Edit big3d matrix
Install and Start big3d
Edit BIND Configuration
Edit 3-DNS Configuration
Backup the 3-DNS Controller
Restore a 3-DNS Controller from a backup
Synchronize Metrics Data
Reconfigure 3-DNS Web Administration
Restart 3-DNS Administration
Change/Add Users for 3-DNS Web Administration
Dump and List named Database
Configure connection to NTP time server
Enter 'q' to Quit
Each command is described in the following sections.
We recommend that you use NameSurfer to handle BIND configuration, and that you use the Configuration utility to configure wide IPs. However, if you choose to manually edit BIND and the 3-DNS Controller configuration files, use the following commands.
The Edit BIND Configuration command opens the named.conf file for editing.
The Edit 3-DNS Configuration command runs the edit_wideip script, which performs the following tasks:
Use the following command to view various 3-DNS Controller statistics:
The Dump and List named Database command corresponds to the 3dprint script, which lets you view these statistics screens on the command line:
To view more statistics information, expand the Statistics item on the navigation pane in the Configuration utility.
You can use the following commands to work with the big3d agent, which collects information about paths between a data center and a specific LDNS server.
The Check versions of named, BIG-IP kernel and needed big3d command runs the big3d_version script. This script displays version numbers for all BIG-IP Controllers known to the 3-DNS Controller, and the version numbers of the big3d agent and named utility running on each BIG-IP Controller.
The Edit big3d matrix command opens an editable file that lists version numbers for all BIG-IP Controllers known to the 3-DNS Controller, and the version numbers of the big3d agent and named utility running on each BIG-IP Controller.
You do not need to edit this file unless a new BIG-IP kernel or a named version creates a conflict. If this happens, you need to place a new version of the big3d agent on all BIG-IP Controllers.
The Install and Start big3d command uses the matrix file to determine which version of the big3d agent to transfer.
The Install and Start big3d command runs the big3d_install script, which installs and starts the appropriate version of the big3d agent on each BIG-IP Controller in the network.
The Check big3d command runs the big3d_check script, which verifies that each BIG-IP Controller is running the big3d agent.
The Restart big3d command runs the big3d_restart script, which stops and restarts the big3d agent on each BIG-IP Controller.
You can use the following commands to copy matrix data to a new 3-DNS Controller, to archive synchronized files, or to retrieve an archive.
The Synchronize Metrics Data command runs the 3dns_sync_metrics script, which prompts you to copy metrics data from a remote 3-DNS Controller to the local 3-DNS Controller.
You should use this command only when you are configuring a new 3-DNS Controller.
You can use the following commands to address security issues for your network setup.
The Configure secure communication between all 3-DNS and BIG-IP systems command runs the 3dns_auth script, which configures secure shell access to any new 3-DNS Controller, BIG-IP Controller, or EDGE-FX Cache that is added to a network.
The 3dns_auth script generates a password authentication by setting the RSA Authentication parameter to yes in /etc/sshd_config.conf and copying the ssh key to each 3-DNS Controller, BIG-IP Controller, and EDGE-FX Cache. When prompted for an RSA password, press the Enter key instead of typing a password.
For more information, see Chapter 9, Scripts, and Chapter 12, Utilities, in the 3-DNS Controller Reference Guide.
The Generate and Copy Encryption iQuery key command runs the install_key script, which then runs the F5makekey script. F5makekey generates a seed key for encrypting communications between the 3-DNS Controller and BIG-IP Controller.
For more information, see Chapter 9, Scripts, and Chapter 12, Utilities, in the 3-DNS Controller Reference Guide.
You can use the following commands to configure the 3-DNS web server.
The Reconfigure 3-DNS Web Administration command runs the 3dns_web_config script, which lets you make configuration changes to the 3-DNS web server.
The Restart 3-DNS Administration command runs the 3dns_admin_start script, which restarts the 3-DNS web server.
The Change/Add Users for 3-DNS Web Administration command runs the 3dns_web_passwd script, which lets you provide restricted or administrative access to the 3-DNS web server for selected users only, and assigns passwords for those users. Users with restricted access have access to the statistics area and can view configuration, but cannot commit any changes. Users with administrative access have access to all areas of the 3-DNS web server.
You can use the following commands to work with syncd, the synchronization daemon that runs on all 3-DNS Controllers. The function of syncd is to update and synchronize all 3-DNS Controller configuration files.
The Stop syncd command runs the syncd_stop script, which stops the syncd daemon, if it is running.
The Restart syncd command runs the syncd_start script, which restarts the syncd daemon if it is already running, or starts it if it is not.
The 3-DNS Controllers in a network must have their time synchronized to within a few seconds of each other. If you do not synchronize the controllers, it is done by default through iQuery messages exchanged between 3-DNS Controllers. However, the following command allows much more precise time synchronization between the 3-DNS Controllers.
The Configure Connection to NTP Time Server command allows the 3-DNS Controller to synchronize its time to a public NTP (Network Time Protocol) server on the Internet. To simplify the task of the choosing the best time server, this command has a list of regional time servers built into it. A 3-DNS Controller is not required to have NTP configured; depending on the network configuration, it may not be possible to configure NTP (for example, if the 3-DNS Controller is behind a firewall and the firewall does not pass NTP packets).
You can use the following command to have NameSurfer handle DNS zone file management on the 3-DNS Controller.
The Configure NameSurfer command makes NameSurfer the master on the 3-DNS Controller, and NameSurfer then handles the zone file management, dealing with all changes and updates to the zone files. You can access the NameSurfer application in the Configuration utility by clicking NameSurfer on the navigation pane.
The First-Time Boot utility prompts you to define a password that allows remote access to the 3-DNS Controller, and also prompts you to define a password for the 3-DNS web server. You can change these passwords at any time.
You can create new users for the 3-DNS web server, change a password for an existing user, or recreate the password file altogether, without actually going through the 3-DNS web server configuration process.
The following command creates a new user ID, or changes the password for an existing user ID. In place of the <username> parameter, type the user ID for which you want to create a password:
/var/f5/httpd/bin/htpasswd /var/f5/httpd/basicauth/users \ <username>
Once you enter the command, you are prompted to type the new password for the named user.
The following command recreates the 3-DNS web server password file, and defines one new user ID and password. In place of the <username> parameter, type the user ID that you want to create:
/var/f5/httpd/bin/htpasswd -c /var/f5/httpd/basicauth/users \ <username>
Once you enter the command, you are prompted to type the new password for the new user.
The 3-DNS Console allows you to open an SSH session for the 3-DNS Controller from the Configuration utility. The crypto 3-DNS Controller uses the MindTerm SSH client to enable secure command line administration with the 3-DNS Console. You can perform any of the command line tasks in a popup console screen.
Warning: The MindTerm SSH client requires a Java virtual machine to operate. If you are unable to run the MindTerm SSH client, make sure that you have a Java virtual machine installed and that your browser has Java enabled in the Preferences, or Options, section. For more information on Java virtual machines and download options, visit your web browser manufacturer's web site.
Note: You can only administer the local 3-DNS Controller using the 3-DNS Console. If you wish to use the command line utility to administer remote controllers, you do so using an SSH, Telnet, or other secure session.
The Network Map is a dynamic, illustrative map of the physical and logical components of your network. The Network Map lets you see how the data centers, servers, and virtual servers you configured are mapped to the wide IPs and pools you configured. You can also make changes to your configuration from the Network Map, using the following options:
For more information on the features of the Network Map, click Help on the toolbar.
Warning: The Network Map SSH client requires a Java virtual machine to operate. If you are unable to run the Network Map SSH client, make sure that you have a Java virtual machine installed and that your browser has Java enabled in the Preferences, or Options, section. For more information on Java virtual machines and download options, visit your web browser manufacturer's web site.
Using the Configuration utility, you can view current statistics about the following objects in the configuration:
|Summary||This statistics screen provides information about the 3-DNS Controller itself.|
|Globals||This statistics screen provides information on the global settings for the 3-DNS Controller.|
|Disabled objects||This statistics screen provides information on the servers and virtual servers that you have disabled.|
|Metrics||This statistics screen provides performance information for the servers and virtual servers you have configured.|
|Dynamic persistence requests||This statistics screen provides information on the virtual connections between local DNS servers and virtual servers for given wide IPs in the network.|
|Data centers||This statistics screen provides information on the data centers in your network.|
|Sync groups||This statistics screen provides information on the 3-DNS Controllers that are in the same sync group as the controller you are looking at.|
|Wide IPs||This statistics screen provides information on the wide IPs and pools you configured.|
|ECV||This statistics screen provides performance information for any ECV health monitors you have configured.|
|3-DNS Controllers||This statistics screen provides information on the 3-DNS Controllers you have configured.|
|BIG-IP Controllers||This statistics screen provides information on the BIG-IP Controllers you have configured.|
|EDGE-FX Caches||This statistics screen provides information on the EDGE-FX Caches you have configured.|
|Probers||This statistics screen provides information on the probers you have configured.|
|Hosts||This statistics screen provides information on the hosts you have configured.|
|Virtual servers||This statistics screen provides information on the virtual servers you have configured.|
|Paths||This statistics screen provides information on the paths created by the 3-DNS Controller when paths are required to fulfill name resolution requests.|
|Local DNS servers||This statistics screen provides information on the local DNS servers in the 3-DNS Controller's database.|