Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 1.0.6
4
Configuring a 3DNS Controller
Configuration overview
This chapter describes required and optional tasks for configuring 3DNS Controllers and provides relevant reference material. Another good source of configuration information is Appendix C, The wideip.conf File , which provides a sample wideip.conf file.
Configuration tasks
| Section | Start page |
| Enabling encryption | 4-3 |
| Adding big3d to a BIG/ip Controller | 4-5 |
| Adding a wide IP | 4-5 |
| Defining data collectors and data copiers | 4-18 |
| Configuring iQuery options | 4-20 |
Reference material
| Section | Start page |
| The 3DNS Maintenance menu | 4-23 |
| Understanding the wide IP key | 4-28 |
| Understanding TTL values | 4-28 |
| Troubleshooting configuration problems | 4-31 |
Configuration tasks
As part of setting up a 3DNS Controller, you must do the following:
- Enable encryption and generate an encryption key. This step is optional, but strongly recommended. See page 4-3 .
Note that some countries do not allow encryption. An international version of the 3DNS Controller is available for use in these situations. See Working with international versions, on page 2-15 .
- Add big3d to your BIG/ip Controllers. See page 4-5 .
- Add a wide IP. See page 4-5 .
This task requires that you edit the bigip and wideip statements in your 3DNS Controller configuration file to include the appropriate addresses on your network. You must also edit the host statement if you use other hosts on your network. General defaults for the globals statement have been implemented, so you don't need to add or edit the globals statement unless you want to specify non-default values.
- Define at least one 3DNS Controller as a data collector and configure the remaining systems as data copiers. See page 4-18 .
- Configure iQuery options. This step is only necessary if you want to specify a non-default port for iQuery traffic or allow for iQuery traffic to pass through firewalls. See page 4-20 .
Note: The following information assumes you have read O'Reilly & Associates' book DNS and BIND (second or third edition). You can purchase this book from a technical bookstore.
Enabling encryption on US 3DNS Controllers
You can make iQuery protocol transactions secure by enabling encryption. 3DNS Controller uses the Blowfish CBC encryption algorithm.
Note: Encryption is not allowed in some countries. See Working with international versions, on page 2-15 .
To enable encryption
- Open the /etc/wideip.conf file and change the encryption parameter setting to yes (the default setting is no). Note that encryption_key_file is a string that identifies the name and location of the iQuery key file.
- Open the 3DNS Maintenance menu by typing the following from /usr/contrib/bin:
3dnsmaint
- From the menu, select Generate and Copy F5 iQuery Encryption Key.
This command starts the install_key script, which creates and distributes the iQuery encryption key to all BIG/ip Controllers and 3DNS Controllers that are currently running big3d utilities.
For more information, see install_key and F5makekey, on page D-26 .
Packet validation
An iQuery packet must comply with CRC-32 to be valid. If the packet fails, the 3DNS Controller assumes that the packet is encrypted, and the 3DNS Controller then decrypts and rechecks the packet. If the packet fails CRC-32 once again, the 3DNS Controller logs an error in the syslog facility LOCAL2. You can configure the facility in the /etc/syslog.conf file.
Adding big3d to a BIG/ip Controller
As described in Chapter 2, big3d is the listener that runs on each BIG/ip Controller and answers 3DNS Controller queries. You must add the big3d utility to each BIG/ip Controller so that the 3DNS Controller can communicate with each BIG/ip Controller.
To add the big3d utility to a BIG/ip Controller:
- Open the 3DNS Maintenance menu by typing the following command from /usr/contrib/bin:
3dnsmaint
The 3DNS Maintenance menu is described on page 4-23 .
- From the menu, select Install and Start big3d.
This starts the big3d_install script, which installs the big3d utility on the current BIG/ip Controller.
You must perform this procedure from each BIG/ip Controller that will be managed by the 3DNS Controller.
For more information, see big3d_install, on page D-24 .
Defining a wide IP
You need to define a wide IP statement. Each wide IP statement manages the load balancing of virtual servers on BIG/ip Controllers and other host machines.
A wide IP statement includes the following important information:
- Maps a domain name to a set of virtual servers.
- Assigns a specific load balancing mode to the domain name
Note: You can include virtual servers managed by BIG/ip Controllers and other host machines in a single wide IP definition. You can also specify the same host in more than one wide IP definition.
The following instructions include sample wide IP statements that derive from the example configuration introduced in Chapter 2, Preparing for Installation . The sample wide IP statement configures a wide IP for the www.domain.com domain, where the IP addresses assigned to the 3DNS Controller interfaces are shown in the table below.
| 3DNS Controller | Interface IP address |
| New York | 192.168.101.2 |
| Los Angeles | 192.168.102.2 |
To add a wide IP
- Find or create the top level domain configuration file. This file is usually found in the /etc directory.
· For BIND 4, enter the following line in the named.boot file:
primary domain.com db.domain.com
· For BIND 8, enter the following in the named.conf file:
zone "domain.com" IN { type master; file "db.domain.com"; };
To specify a type other than master, see the syntax for the zone statement on page E-7 .
- If your network's primary DNS is not a 3DNS Controller, create a new subdomain to be controlled by the 3DNS Controller.
For example, to create a subdomain called wip.domain.com, do one of the following:
· If the 3DNS Controller manages the top level for your domain, add the new subdomain to the named.conf file with the following lines:
zone "wip.domain.com" IN { type master; file "db.wip.domain.com"; };
· If the 3DNS Controller does not manage the top level domain, the subdomain must be delegated to each 3DNS Controller on your network. To delegate the domain to each 3DNS Controller in your network, add lines like the following to the top level domain database file (db.domain.com in this example):
wip IN NS 3dns.newyork IN NS 3dns.losangeles 3dns.newyork IN A 192.168.101.2 3dns.losangeles IN A 192.168.101.2
- If your network's primary DNS is not a 3DNS Controller, change (or add) the target domain name to an alias.
For example, you might find the target domain as an A record in your name server's DNS database as follows:
www IN A 192.168.101.50
Edit db.domain.com so that it contains following line:
www IN CNAME www.wip
In the above line, www.wip.domain.com is the domain name controlled by the 3DNS Controller.
- Gather your BIG/ip Controller and host configuration information so that you can easily see which virtual servers have the replicated content.
For example, create tables like the following. In the first table, list each data center:
Data center Interface address BIG/ip or host New York 192.168.101.40 BIG/ip Controller Los Angeles 192.168.102.40 BIG/ip Controller Tokyo 192.168.103.40 BIG/ip Controller Tokyo 192.168.104.40 Host New York 192.168.105.40 Host Next, create a table that lists the virtual servers managed by each BIG/ip Controller (include only those that host content for the domain you are load balancing). For example, each virtual server in the following table is owned by a different BIG/ip Controller, yet each contains identical content:
BIG/ip Controller Virtual server Virtual port New York 192.168.101.50 80 Los Angeles 192.168.102.50 80 Tokyo 192.168.103.50 80 You configure virtual servers as part of the BIG/ip Controller configuration process. See the BIG/ip Installation and Users Guide for more information.
In the third table, list the other host machines and the IP addresses of the virtual servers that contain the same content. For example:
Host Virtual server Virtual port Tokyo 192.168.104.50 80 New York 192.168.105.50 80 - Next, you need to choose a wide IP key. Select one of the virtual servers in the group, and use its IP address as the wide IP key. In this example, 192.168.101.50 is the wide IP key for www.wip.domain.com.
- Configure the load balanced name on the 3DNS Controller.
Locate or create a subdomain database file for wip.domain.com. Select one IP address from the set and add an A record for the www.wip domain. Use the IP address as the wide IP key. In the new A record, specify a low TTL value. (You can override the database's global TTL value for an individual name.)
The following is an example of an entire zone file. The next to last line is the A record:
wip.domain.com. IN SOA 3dns.newyork.domain.com.
postmaster.domain.com. (
1998062914 ; Serial as YYYYMMDDXX
3600 ; Refresh
900 ; Retry
3600000 ; Expire
2 ) ; Minimum (default ttl for entire file)
; Domain DNS servers
wip.domain.com. IN NS 3dns.newyork.domain.com.
IN NS 3dns.losangeles.domain.com.
; Glue records
3dns.newyork.domain.com. IN A 192.168.101.2
3dns.losangeles.domain.com. IN A 192.168.102.2
; Mail servers
domain.com IN MX 10 mx.newyork.domain.com.
domain.com IN MX 20 mx.losangeles.domain.com.
; Regular Host
otherbox IN A 192.168.101.20
; domain name TTL Wide IP key
www 1 IN A 192.168.101.50
ftp IN A 192.168.101.60Figure 4.1 Sample zone file for wip.domain.com.
The following example is provided for reference only. If you need help establishing reverse domains (address-to-name mappings), refer to the DNS and BIND book mentioned at the start of this procedure. The following sample screens show the reverse domain mapping files on the New York 3DNS Controller:
101.168.192.in-addr.arpa. IN SOA 3dns.newyork.domain.com.
postmaster.domain.com. (
1998062914 ; Serial as YYYYMMDDXX
3600 ; Refresh
900 ; Retry
3600000 ; Expire
14000 ) ; Minimum
101.168.192.in-addr.arpa. IN NS 3dns.newyork.domain.com.
IN NS 3dns.losangeles.domain.com.
20 IN PTR otherbox.wip.domain.com.
50 IN PTR www.wip.domain.com.
60 IN PTR ftp.wip.domain.com.
Note: Because a virtual server is listed in each data center for a wide IP definition, you need to define an entry to mapping for each class C network that is included in the wide IP definition.
102.168.192.in-addr.arpa. IN SOA 3dns.newyork.domain.com.
postmaster.domain.com. (
1998062914 ; Serial as YYYYMMDDXX
3600 ; Refresh
900 ; Retry
3600000 ; Expire
14000 ) ; Minimum
102.168.192.in-addr.arpa. IN NS 3dns.newyork.domain.com.
IN NS 3dns.losangeles.domain.com.
50 IN PTR www.wip.domain.com.
60 IN PTR ftp.wip.domain.com.
Figure 4.3 Excerpt from db.192.168.102
103.168.192.in-addr.arpa. IN SOA 3dns.newyork.domain.com.
postmaster.domain.com. (
1998062914 ; Serial as YYYYMMDDXX
3600 ; Refresh
900 ; Retry
3600000 ; Expire
14000 ) ; Minimum
103.168.192.in-addr.arpa. IN NS 3dns.newyork.domain.com.
IN NS 3dns.losangeles.domain.com.
50 IN PTR www.wip.domain.com.
60 IN PTR ftp.wip.domain.com.
Figure 4.4 Excerpt from db.192.168.103
Instead of a typical one-to-one relationship, where one address maps to one name, the following addresses all map to www.wip:
192.168.101.50 192.168.102.50 192.168.103.50
- Configure the globals, bigip, and host statements in /etc/wideip.conf.
For the globals statement, you need only change parameters if you want to override default values.
For the bigip statements, you must identify each BIG/ip Controller and the virtual servers it owns. In cases where you are using a redundant BIG/ip Controller system, enter the IP address that the redundant system shares between the two units. Do not use the actual address of each BIG/ip Controller in the redundant system.
For the host statement, identify each host machine and its virtual servers.
Continuing with the example, here are sample globals, bigip, and host statements. Note that each sample is only a snippet of the complete configuration file. For an example of a complete configuration file, see Appendix C, The wideip.conf File .
globals {
prober 192.168.101.2 // Default prober is New York 3DNS
encryption yes // Encrypt iQuery
paths_noclobber yes // Don't overwrite metrics with
// zeroed results
path_ttl 2400 // Extend the life of path metrics
rtt_probe_dynamic yes // Switch to tcp probing if icmp
// fails
multiplex_iq yes // Source port is the same as
// destination port for iQuery
use_alternate_iq_port yes // Use IANA registered port for
// iQuery
}
Figure 4.5 Sample globals statement
bigip {
// New York
address 192.168.101.40
vs {
address 192.168.101.50
port 80
translate {
address 10.0.0.50
port 80
}
}
}Figure 4.6 Sample bigip statement
host {
// Tokyo
address 192.168.104.40
vs {
address 192.168.104.50:80
probe_protocol tcp
}
}Figure 4.7 Sample host statement
If you need assistance in defining this section of the file, open the 3DNS Maintenance menu and select Fetch BIG/ip Configuration. This menu item starts the print_3dvips script, which creates a list of all virtual servers owned by your BIG/ip Controllers. You can use this generated list to enter the correct values for this section of the configuration file. This script is described in print_3dvips, on page D-27 .
- Add the www.wip.domain.com domain as a wide IP to your wideip.conf file. Define which load balancing mode you want to use for the wide IP, and list which virtual servers are to be available for load balancing this wide IP.
For more information on wideip statement syntax, see The wide IP statement, on page 7-21 .
Here is an example of a wideip statement to add to wideip.conf:
//
wideip {
address 192.168.101.50
service "http"
name "www.wip.domain.com"
qos_coeff {
rtt 21
completion_rate 7
packet_rate 5
topology 1
}
pool {
name "pool_1"
type vsb
ratio 2
preferred qos
address 192.168.101.50 ratio 2
address 192.168.102.50 ratio 1
address 192.168.103.50 ratio 1
}
pool {
name "pool_2"
type vsb
ratio 1
preferred rr
address 192.168.102.60 ratio 2
address 192.168.103.60 ratio 1
}
}Figure 4.8 Sample wideip statement
The wide IP is now in place and configured.
Adding additional wide IPs
After the first wide IP is in place, you can add additional wide IPs. The following procedure assumes that your virtual servers are already defined on the BIG/ip Controllers and other host machines. The following example describes how to add a wide IP named ftp.wip.domain.com:
- Select a set of geographically distributed virtual servers.
- Select the IP address of one of the virtual servers in the set to be the wide IP key. (For more information on the wide IP key, see page 4-28 .)
- Define the wide IP name and key within BIND by adding the following resource record to db.wip.domain.com:
ftp.wip IN A 192.168.102.60
- Define the virtual server list and the wide IP key within the 3DNS Controller by adding it to /etc/wideip.conf as follows:
wideip {
address 192.168.102.60
service "ftp"
name "ftp.wip.domain.com"
pool {
name "main_pool"
type vsb
preferred leastconn
alternate ratio
address 192.168.101.60 ratio 2 // New York
address 192.168.102.60 ratio 4 // Los Angeles
address 192.168.103.60 ratio 1 // Tokyo
}
} - Restart the 3DNS Controller by entering the following:
ndc restart
Defining data collectors and data copiers
When you configure a 3DNS Controller, you configure it as a data collector or data copier:
- Data collector
A data collector is a 3DNS Controller that collects performance data by issuing queries to big3d utilities that run on BIG/ip Controllers, or on other 3DNS Controllers. The big3d utilities calculate performance data and return the data to the requesting data collector. The data collector stores the performance data in its cache and periodically updates the data. - Data copier
A data copier is a 3DNS Controller that copies performance data from a data collector. The data copier stores the copied performance data in its cache.We recommend that you configure the first two 3DNS Controllers in your network to be data collectors, and that you configure any additional 3DNS Controllers as data copiers. For help in planning your network, see Integrating 3DNS Controllers, on page 2-8 .
Each 3DNS Controller is a data collector until you designate it as a data copier. To designate a 3DNS Controller as a data copier, revise the globals statement in its /etc/wideip.conf file as follows:
globals {
primary_ip <ip_addr>
sync_db_interval <value>
}
The primary_ip line defines the IP address of the data collector from which the current data copier copies the performance data. The sync_db_interval line sets the frequency at which the data copier queries the data collector for updated performance data.
The above example could be your entire wideip.conf file for a data copier, unless you want to set any other global variables to change the behavior of the data copier.
To verify whether a 3DNS Controller is a data collector or data copier, use the Summary screen of the 3DNS Web Administration tool. See Summary statistics, on page 6-11 .
Synchronizing data copiers
After the data collector is defined, do the following tasks:
- Decide whether to synchronize the wideip.conf files on all data collectors. (The wideip.conf files on data copiers are short, as shown above.)
- Generate password authentication on each data copier.
Synchronizing wideip.conf files
To synchronize the wideip.conf files, open the 3DNS Maintenance menu on the 3DNS Controller that is the data collector and select Synchronize Configuration Data. This menu item starts the 3dns_sync script, which distributes the data collector's wideip.conf file to all 3DNS Controllers listed in 3dns.txt.
However, there may be situations where you do not want the wideip.conf file to be the same on all 3DNS Controllers. For example, if you are using the Global Availability mode as the default load balancing mode, you need to customize the list of virtual servers in the wideip.conf file at each location. Also, remember that the data collector's wideip.conf file does not contain the globals sub-statement primary_ip. You must add that line to each data copier's wideip.conf file.
For more information on synchronizing wideip.conf files, see 3dns_sync, on page D-23 .
Generating RSA authentication
To generate RSA authentication, open the 3DNS Maintenance menu on a 3DNS Controller that is a data copier and select Generate RSA Authentication. This menu items starts the 3dns_auth script, which generates password authentication by running the ssh-keygen command and copying the key to the BIG/ip Controllers and other 3DNS Controllers.
It is important to know that this script only runs ssh-keygen if no identity.pub file exists. An existing identity.pub file indicates that ssh-keygen was already run.
Warning: Running ssh-keygen more than once will cause problems, and is not recommended.
For more information on password authentication, see 3dns_auth, on page D-20 .
To test that you have successfully generated the ssh key, use ssh to log into the data collector without a password:
ssh root@<ip-address-of-3DNS>
Configuring iQuery options
You need to configure iQuery options only if you want to specify a non-default port for iQuery traffic, or if you want to allow iQuery traffic to pass through firewalls.
Choosing ports for iQuery traffic
Port 4353 is registered with the IANA as the standard port for the iQuery protocol. You can use the globals sub-statement use_alternate_iq_port to specify whether outbound iQuery traffic runs on port 4353, or on port 245. Port 245 is used in earlier versions of 3DNS Controller and is the current default (in order to support backward compatibility). However, we recommend that you set use_alternate_iq_port to yes, which specifies that the configuration uses the new standard iQuery port, 4353.
Note: If you use port 4353 for iQuery traffic, you must set the corresponding bigip.open_3dns_lockdown_ports sysctl variable to 1 (the default setting is 0) on all BIG/ip Controllers running version 2.0 and earlier.
The 3DNS Controller supports another global sub-statement associated with iQuery traffic. The multiplex_iq sub-statement determines whether 3DNS Controller allows all returning iQuery traffic to run only on port 4353 or port 253 (depending on the use_alternate_iq_port setting), or allows returning iQuery traffic to run on individual ephemeral ports. The default setting for this variable is no, which specifies that returning iQuery traffic runs on individual ephemeral ports.
Note: You cannot run the big3d utility on the 3DNS Controller to manage path probing on behalf of hosts if you also want returning iQuery traffic to use a single port. The returning iQuery traffic and the big3d utility create a conflict because they both need to use the same port. To resolve this problem, you should set each host to use a prober than runs on a BIG/ip Controller, rather than on the 3DNS Controller.
Setting up iQuery communications to allow passing through firewalls
The iQuery utility collects configuration and metric information from BIG/ip Controllers on behalf of the 3DNS Controller. The payload information of an iQuery packet contains information that potentially requires translation when there is an intermediate system in the path between a BIG/ip Controller and the 3DNS Controller. In previous versions of 3DNS Controller, iQuery messages included only the configured virtual server address, which was not appropriate where iQuery packets traveled through a firewall and required both the configured address and the translated address. 3DNS Controller now allows iQuery packets to contain both addresses.
In the example configuration shown in Figure 4.10 , a firewall separates the path between the BIG/ip Controller and the 3DNS Controller. The packet addresses are translated at the firewall. However, addresses within the iQuery payload are not translated and they arrive at the BIG/ip Controller in their original state.
Figure 4.10 Translating packet address the firewall
To allow iQuery packets to pass through firewalls, your bigip sub-statement needs to include the translate keyword. When you include the translate keyword, the iQuery utility includes translated IP addresses in the packets sent to the specific BIG/ip Controller.
Here is an example of the appropriate syntax for iQuery firewall translation:
bigip {
address 192.168.101.40
vs {
address 192.168.101.50
port 80
translate {
address 10.0.0.50
port 80
}
}
}
Reference material
This section describes the 3DNS Maintenance menu (a configuration tool), and background information that is useful in configuring 3DNS Controllers.
The 3DNS Maintenance menu
You can use the 3DNS Maintenance menu to simplify certain tasks such as starting the big3d utility and distributing the wideip.conf file. Many of the menu items correspond to 3DNS Controller scripts; each 3DNS Controller script is described in more detail in Appendix D, Utilities and Scripts .
To start the 3DNS Maintenance menu, enter the following command:
3dnsmaint
Figure 4.11 shows the 3DNS Maintenance menu:
3 D N S(®) Maintenance Menu
Edit BIG/ip List
Edit 3DNS List
Generate RSA Authentication
Generate and Copy iQuery Encryption Key
Check versions of named, BIG/ip kernel and needed big3d
Edit big3d matrix
Install and Start big3d
Edit BIND Configuration
Fetch BIG/ip Configuration
Edit BIG/ip Configuration
Edit 3DNS Configuration
Synchronize Configuration Data
Check big3d
Restart big3d
Change/Add Users for 3DNS Web Administration
Start 3DNS Administration
Dump and List named Database
Display mode of wideip.conf
Use Dynamic wideip.conf
Use Static wideip.conf
Enter 'q' to Quit
Figure 4.11 3DNS Maintenance menu
The following table describes the function of each menu item.
| Menu Item | Description |
| Edit BIG/ip List | Opens the bigips.txt data file for editing. For more information on this file, see File location, on page D-20 . |
| Edit 3DNS List | Opens the 3dns.txt data file for editing. For more information on this file, see File location, on page D-20 . |
| Generate RSA Authentication | Runs the 3dns_auth script, which generates a password authentication by setting the RSA Authentication parameter to yes in /etc/sshd_config.conf and copying the ssh key to each 3DNS Controller and BIG/ip Controller. When prompted for an RSA passphrase, press the Enter key instead of typing a password. This item is not available in the international version of 3DNS Controller. |
| Generate and Copy F5 iQuery Encryption Key | Runs the install_key script, which then runs the F5makekey script. F5makekey generates a seed key for encrypting communications between the 3DNS Controller and BIG/ip Controller. This item is not available in the international version of 3DNS Controller. |
| Check versions of named, BIG/ip kernel and needed big3d | Displays version numbers for all BIG/ip Controllers known to the 3DNS Controller, as well as the version numbers of the big3d and named utilities running on each BIG/ip Controller. |
| Edit big3d matrix | Opens for editing a file that lists version numbers for all BIG/ip Controllers known to the 3DNS Controller and the version numbers of the big3d and named utilities running on each BIG/ip Controller. You do not need to edit this file unless a new BIG/ip kernel or a named version create a conflict. If this happens, a new version of big3d must be placed on all BIG/ips Controllers. The big3d_install command uses the matrix file to determine which version of big3d to transfer. |
| Install and Start big3d | Runs the big3d_install script, which installs and starts the appropriate version of the big3d utility on each BIG/ip Controller. |
| Edit BIND Configuration | Opens the named.conf file for editing. |
| Fetch BIG/ip Configuration | Runs the print_3dvips script, which reads the list of defined BIG/ip Controllers in the bigips.txt file, then retrieves and saves a list of all the virtual servers owned by the listed BIG/ip Controllers. The generated list is saved in a file called /etc/bigip.lst, and is useful in configuring the bigip statement in your wideip.conf file. |
| Edit BIG/ip Configuration | Opens the /etc/bigip.lst file, which is generated by running the print_3dvips script (see the preceding description of the Fetch BIG/ip Configuration menu item). The /etc/bigip.lst file contains a list of all the virtual servers owned by the BIG/ip Controllers. Use this menu item to make changes to the bigip statement of your wideip.conf file: edit the bigip.lst file, and then copy and paste it into your wideip.conf file. |
| Edit 3DNS Configuration | Runs the edit_wideip script, which opens the wideip.conf file for editing. |
| Synchronize Configuration Data | Runs the 3dns_sync script, which distributes the wideip.conf file from the current 3DNS Controller to all other 3DNS Controllers that are listed in the 3dns.txt file. Only use the script if you are certain that you want the same wideip.conf on all machines. Having the same wideip.conf on all machines may not be desirable in all cases. |
| Check big3d | Runs the big3d_check script, which checks that each BIG/ip Controller listed in the bigips.txt file is running the big3d utility. |
| Restart big3d | Runs the big3d_restart script, which stops and restarts the big3d utility on each BIG/ip Controller listed in the bigips.txt file. |
| Change/Add Users for 3DNS Web Administration | Runs the 3dns_web_passwd script, which lets you provide restricted or administrative access to the 3DNS Web Administration site for selected users only, and assigns passwords for those users. Users with restricted access have access to the statistics area only. Users with administrative access have access to all areas of the 3DNS Web Administration site. If you don't use this script, all users have access to the 3DNS Web Administration site. |
| Start 3DNS Administration | Runs the 3dns_admin_start script, which starts the 3DNS Web Administration tool. |
| Dump and List named Database | Lets you view seven different statistics screens on the command line:
· sum · paths · ldns · vs · bigips · hosts · wips |
| Display mode of wideip.conf | Displays the current wideip.conf mode: Initial, Static, or Dynamic. Corresponds to the 3dns_mode script. |
| Use Dynamic wideip.conf | Creates a static copy of the original wideip.conf file, and also creates a dynamic copy of the wideip.conf file that includes the path and local DNS data, as well as changes you make using the Edit wideip.conf feature in the 3DNS Web Administration tool. Corresponds to the dynamic _wideip script. See Working with static and dynamic wideip.conf files, on page C-2 . |
| Use Static wideip.conf | Returns to a single wideip.conf file, using the wideip.conf.static version created when you originally switched the mode to Dynamic. Corresponds to the static_wideip script. See Working with static and dynamic wideip.conf files, on page C-2 . |
| Enter 'q' to Quit | Closes the 3DNS Maintenance menu. |
Understanding the wide IP key
The wide IP key is the same address as the domain name. The wide IP key binds the information from DNS to the 3DNS Controller and indicates to DNS that the 3DNS Controller (within the named process) should attempt to handle requests to this domain name. This allows the 3DNS Controller to resolve the request by making a decision based upon its metric database and returning a "better" answer. Each wide IP definition must have its own, unique address.
The wide IP key is sometimes referred to as the fallback address. When the preferred, alternate, and fallback load balancing modes (as specified in the wideip definition) fail, the 3DNS Controller instructs the DNS to issue its original answer. When this happens, the wide IP key is called the fallback address.
Understanding TTL variables
Time to Live (TTL) variables control how long information should be saved in the cache and used to make decisions. There are two important TTL values that affect 3DNS Controllers: zone minimums and object limits.
Zone minimums
The zone file contains a Minimum field in the SOA section of the file. The Minimum value is the TTL for all resource records (RR) in the zone file. However, you can override the zone minimum for a given RR.
For example, if you don't want a DNS to cache the answer previously issued for a domain name, you can specify a very low value for the Minimum field.
Note: For wide IP domain names, specify the TTL in the wideip statement. See The wide IP statement, on page 7-21 .
In the following zone file excerpt, the specified Minimum value is 30 seconds for every entry. The exception is the domain name www.wip, which is overridden and is not saved in any DNS cache. The result is that a new query is made each time a name resolution request is made for www.wip. This allows the 3DNS Controller to respond with the most intelligent answer for each request.
wip.domain.com. IN SOA 3dns.newyork.domain.com.postmaster.domain.com.(
1998062914 ; Serial as YYYYMMDDXX
3600 ; Refresh
900 ; Retry
3600000 ; Expire
30 ) ; Minimum (default ttl for entire file)
www.wip 0 IN A 192.168.101.60
Object Limits
Each 3DNS object has an associated TTL. When an object's TTL expires, the 3DNS Controller stops using a dynamic load balancing method and reverts to a static method. You set an object TTL with the globals statement. For example:
globals {
bigip_ttl 60
host_ttl 240
vs_ttl 120
path_ttl 600
}
Relating 3DNS TTL values to persistence values set on the BIG/ip Controller
You can also configure a TTL value for each wide IP definition. The ttl value in a wideip statement specifies the amount of time (in seconds) that the specified wide IP's information is to be used by the 3DNS Controller for name resolution and load balancing.
Depending on your situation, you may want to take your configured BIG/ip Controller persistence behavior into account as you configure a wide IP's TTL value.
To find out how a BIG/ip Controller's persistence behavior is configured, check its /etc/rc.sysctl file. Search for the following line:
sysctl -w bigip.persist_time_used_as_limit=
The above command ends with a value of either 1 or 0:
- 1
Specifies that the persistence time starts when a connection is first made by the client and runs until the persistence time value expires. - 0
Specifies that the persistence timer resets itself upon receipt of each packet. The timer keeps resetting as the client generates traffic over their connection. Once traffic stops on the connection, the timer runs out as the above value.When you configured your BIG/ip Controller, you specified this behavior using the following command:
bigpipe vip <virtual address:port> persist <persistence timeout>
If you specified 1 for the above command, configure the corresponding wideip statement so that the ttl is at least 10 seconds higher than the BIG/ip Controller's persist value.
If you specified 0 for the above command, set the wide IP's ttl value to the maximum value for which you want client connections to persist.
Troubleshooting configuration problems
Adding a wide IP is a process that requires careful planning and use of correct syntax. The following recommendations are intended to make it easier for you to spot and resolve any configuration problems:
- BIND syntax
If you are not well-versed in BIND syntax, or you need a BIND syntax reference, see one of the following:- Appendix D of this manual.
- The O'Reilly & Associates book, DNS and BIND.
- http://www.isc.org/bind.html
- wideip.conf syntax
After making changes to wideip.conf, use the 3dparse tool to verify syntax before starting named. To use this tool, type 3dparse on the command line. (For details on the 3dparse tool, see page D-2 .) For more information on wideip.conf, and to see an example of a wideip.conf file, see Appendix C, The wideip.conf File . - /var/log/messages
If you encounter an error that you cannot trace, open the /var/log/messages file on your system. Using the UNIX grep utility, search for "named" (for example, tail -100 /var/log/messages | grep named). This log file saves verbose error information, and should contain an explanation of the error. - 3DNS Controller administration tool
The Web Administration tool, described in Chapter 6, Web Administration , is useful in diagnosing problems, as it provides a snapshot of your 3DNS Controller network at any given time. <
