Software Release Date: 01/05/2003
Updated Date: 03/05/2007
This product temporary fix (PTF) provides enhancements and fixes for the 3-DNS Controller, version 4.5. The PTF includes all fixes released since version 4.5, including fixes originally released in prior PTFs. The latest version of the PTF notes can be found on http://tech.f5.com.
The current PTF installs fixes from all PTFs released after 3-DNS Controller, version 4.5. (For details, see the following section, Software enhancements and fixes.) The latest version of the PTF note is available at http://tech.f5.com.
Note: If you are updating the 3-DNS Controller module on a BIG-IP system, refer to the BIG-IP, version 4.5PTF02 note for instructions on installing the PTF.
Apply the PTF to the 3-DNS Controller, version 4.5 using the following process. Note that the installation script saves your current configuration.
Note: If you have installed prior PTFs, this installation does not overwrite any configuration changes that you made for prior PTFs.
After the PTF installation has completed, you need to install the new version of the big3d agent on all BIG-IP systems and EDGE-FX Cache systems known to the 3-DNS Controller, as follows:
For more information about the big3d agent, see the 3-DNS Reference Guide.
This PTF adds two new load balancing modes, Drop Packet and Explicit IP. We recommend that you use these new load balancing modes only for the fallback method. The 3-DNS Controller uses the fallback method when the preferred and alternate load balancing modes do not provide at least one virtual server to return as an answer to a query. When you specify the Drop Packet mode, the 3-DNS Controller does nothing with the packet, and simply drops the request. (Note that a typical LDNS server iteratively queries other authoritative name servers when it times out on a query.) When you specify the Explicit IP mode, the 3-DNS Controller returns the IP address that you specify as the fallback IP as an answer to the query. Note that the IP address that you specify is not monitored for availability before being returned as an answer. When you use the Explicit IP mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server.
You can configure the new load balancing modes for the fallback method either using the Configuration utility or from the command line. For information on configuring the fallback method with the new load balancing modes, see the Configuring the Drop Packet and Explicit IP load balancing modes section of this PTF note.
Large configurations and misleading error messages (CR19843)
When the 3dnsd process is loading a large configuration, you may see a warning message now, instead of an error message.
Updated 3-DNS Reference Guide PDF (CR22017)
The 3-DNS Reference Guide has been updated to include Appendix A, 3-DNS Configuration File. The updates to this appendix include the revised data structures and the new configuration options for routers and links.
UDP checksums and TFTP packets (CR22113, CR25181)
In rare instances, the checksums for TFTP packets were incorrect. This issue has been resolved.
Apache web server and the CERT Coordination Center vulnerability, VU#672683 (CR24689)
This PTF addresses the vulnerability in the Tomcat package for the Apache web server that is described in Vulnerability Note VU#672683 on the CERT® Coordination Center website. For more information on the vulnerability, see http://www.kb.cert.org/vuls/id/672683.
Turning off automatic synchronization and persistent LDNS requests (CR24869)
When you turn off automatic synchronization on a 3-DNS Controller, and if the 3dnsd process on that controller loses network communications with the other 3dnsd processes in the network, the controller now synchronizes LDNS requests that occur during the time that the 3dnsd process is offline.
iControl BaseServer::get_interfaces function and the 3dnsd process (CR24912)
The following iControl function, ITCMGlobalLB::BaseServer::get_interfaces, no longer causes the 3dnsd process to stop running when you specify an invalid type within the function.
Synchronization and the netIana.inc file (CR24928)
The include geoloc "netIana.inc" directive is now synchronized between the members of a sync group.
Root servers list for BIND (CR25064)
The root servers list file for BIND, root.hint, has been updated to include the most current list of root servers.
Errors on the System - General screen in the Configuration utility (CR25143)
You can now change any of the settings on the System - General screen in the Configuration utility, and you no longer see error messages when you do so.
Invalid metrics statistics and graphs for down remote links (CR25146)
The Link Statistics screen, in the Configuration utility, no longer displays very large, invalid values for remote links that are down (red ball). The link statistics graphs now accurately display the data for both the link that is down, and any available links.
Path probing requests and data centers with no defined router (CR25155)
If a data center contains at least one 3-DNS Controller, BIG-IP system, or EDGE-FX system, the big3d agent now issues path probing requests to that data center, regardless of whether you have defined a router for the data center.
Using a serial terminal as a console (CR25183)
This PTF fixes the serial terminal as the console functionality, as described in the 3-DNS Reference Guide, Chapter 6, Monitoring and Administration, so that it works with all 2U controller platforms.
CA-2002-31, Multiple Vulnerabilities in BIND
This PTF addresses the security vulnerabilities that are listed in CERT® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.
The following section provides information about both required and optional configuration changes.
Updated big3d agent for version 4.5 and later (CR25255)
The big3d agent has been updated, and is not compatible with the previously-released big3d agents. Therefore, you must distribute the updated big3d agent to the BIG-IP systems in your network so that the metrics collection on the 3-DNS Controller functions properly. For details on distributing the updated big3d agent, see the Updating the big3d agent section of the installation instructions for this PTF.
You can configure the fallback method using the new load balancing modes either by using the Configuration utility, or by editing the wideip.conf file from the command line. You can specify either the Drop Packet load balancing mode, or the Expicit IP load balancing mode. Note that if you specify the Expicit IP mode, you also specify a fallback IP address.
To configure the fallback method with the Drop Packet mode using the Configuration utility
To configure the fallback method with the drop_packet mode from the command line
To configure the fallback method with the Explicit IP mode using the Configuration utility
To configure the fallback method with the explicit_ip mode from the command line
The following items are the known issues identified since the release of 3-DNS Controller, version 4.5. For a list of the known issues in the 4.5 release, refer to the 3-DNS Controller, version 4.5 release note on AskF5.
Invalid OID for the shutdown trap in the SNMP MIB (CR25059)
The shutdown trap, in the SNMP MIB, has an invalid object identifier (OID) associated with it. Therefore, this trap does not function properly.
Broken links on the Configuration utility welcome screen (CR25249)
In the Configuration utility, under Additional Software Downloads on the welcome screen, the following links are broken: 3-DNS MIB and DNS MIB. Note that this does not affect the MIBs themselves, which you can view from the command line in the following directory: /usr/local/share/snmp/mibs. For information on working with the MIBs, see Working with SNMP on the 3-DNS Controller, in the 3-DNS Reference Guide, Chapter 5, Probing and Metrics Collection.
BIG-IP virtual server status and node connection limits (CR25473)
When you have configured a node connection limit for a BIG-IP virtual server, the 3-DNS Controller may show that virtual server as down (red ball), if the node connection limit is set to zero (0).
Synchronization and removing The include geoloc "netIana.inc" directive (CR25402)
If you have a sync group configured, and you remove the include geoloc "netIana.inc" directive from one of the sync group members because you are not using Topology load balancing for any pool or wide IP, the synchronization process does not remove the directive from the other members of the sync group. This does not affect performance of the controller.
Error messages for the checkd process on standalone 3-DNS Controllers (CR25476)
If you have a standalone 3-DNS Controller, you may see the following error message in the /var/log/bigd file for the checkd process: checkd: SSL accelerator proxies are not available. The error is benign because the 3-DNS Controller does not use the checkd process. You can safely turn the checkd process off using the Turning off the checkd process work-around following this section of the PTF note.
Interoperating with SEE-IT® Network Manager (CR25573)
In 3-DNS Controller, version 4.5, the format of the /VERSION file changed, resulting in an incompatability with the SEE-IT Network Manager. You can fix the incompatability using the work-around described in the Reformatting the /VERSION file section following this section of the PTF note.
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.
The following items describe work-arounds for known issues.
You can safely turn off the checkd process on a standalone 3-DNS Controller using the following steps.
Important: If you are running the 3-DNS Controller module on a BIG-IP system, do not turn off this process.
To turn off the checkd process
Note: If you reboot the controller, you need to repeat this procedure.
If you use the SEE-IT Network Manager application to monitor you 3-DNS Controller, make the following change to the /VERSION file on the 3-DNS Controller so that the file is compatible with the SEE-IT application.