3

Installation Procedures

• Installation requirements
• Packing list
• Installation tasks
• The First-Time Boot utility
• F-Secure SSH client
• After installation

Installation requirements

Before you install and use a 3DNS Controller, you must have the following:

• BIND
  The primary DNS (which can be a 3DNS Controller) must use BIND, version 4.97 or later. However, we recommend that you use the more current version of BIND, version 8.1.2, or later, that is shipped with 3DNS Controller.
• Path or route
  A path or route to each of the BIG/ip Controller's primary or shared interface IP addresses, and to each host.
• At least one BIG/ip Controller and/or host machine
  If you plan to use dynamic load balancing, you must have one or more BIG/ip® Controllers running version 1.8.3 or later. You can use static load balancing for host machines or other server array controllers. For information on dynamic and static load balancing modes, see Chapter 5, Load Balancing . For information on configuring a BIG/ip Controller, see the Administrator Guide for the BIG/ip Controller.

Packing list

When you unpack the 3DNS Controller, check the packing list to ensure that you received all of the following items:

• 3DNS Controller box (1)
• Power cable (1)
• PC/AT-to-PS/2 keyboard adapter (1)
• Keys for the front panel lock (2)
• Extra fan filter (1)
• Rack mounting screws
• F-Secure SSH User's Guide (1--US products only)

Environmental requirements and usage guidelines

A 3DNS Controller is an industrial network appliance, designed to be mounted in a standard 19 inch rack. To ensure safe installation and operation of the unit, be sure to consider the following before you install the unit in the rack:

• You should always install the rack according to the manufacturer's instructions, and be sure to check the rack for stability before placing equipment in it.
• You should build and position the rack so that once you install the 3DNS Controller, the power supply and the vents on both the front and back of the unit remain unobstructed. The 3DNS Controller must have adequate ventilation around the unit at all times.
• Do not allow the air temperature in the room to exceed 50° C. Internal temperatures should be considered for continued safe operation.
• Make sure that the branch circuit into which you plug the unit is not shared by more electronic equipment than it is designed to manage safely at one time.
• If you are installing the 3DNS Controller in a location outside of the United States, you need to verify that the voltage selector is set appropriately before connecting the power cable to the unit.

Warning: The unit must be connected to Earth ground, and it should have a reliable ground path maintained at all times.

Warning: The 3DNS Controller contains a lithium battery. There is danger of an explosion if you replace the lithium battery incorrectly. We recommend that you replace the battery only with the same type of battery originally installed in the unit, or with an equivalent type recommended by the battery manufacturer. Be sure to discard all used batteries according to the manufacturer's instructions.

Installation tasks

The procedures for installation vary depending on whether you are installing a 3DNS Controller for the first time or upgrading an earlier version.

Doing a first-time installation

If you are installing the 3DNS Controller for the first time, you must perform the following tasks:

• Start the First-Time Boot utility
  Use the First-Time Boot Utility to install the 3DNS Controller. See page 3-8 .
• Configure F-Secure SSH client
  You must transfer and install the F-Secure SSH client if you want to be able to configure 3DNS Controllers remotely. See F-Secure SSH client, on page 3-14 .

Upgrading an earlier version

If you are upgrading from an earlier version of the 3DNS Controller, do the following:

1. Download the 3dns106kit.tar file from the F5 FTP site: ftp://f5dupgrade@ftp.f5.com/3dns/3dns1.0.6
2. Verify the integrity of the file using the sum command:

sum 3dns106kit.tar

If the file is correct, the command displays the correct checksum. Consult the product release notes for the correct checksum value.

1. Extract the 3dns106kit.tar file in the /var/tmp/ directory:

cd /var/tmp
tar xvf 3dns106kit.tar

The following table lists the files that are extracted

File name	Description
3.v1.0.6.tar.gz	3DNS tarball (gzipped)
3dnsbook.pdf	3DNS Controller user manual
backupfile.txt	List of modified configuration files

Again, consult the product release notes for the correct checksum values for each file.

1. Back up the existing configuration files on the 3DNS Controller:

cd /var/tmp
/usr/contrib/bin/gtar -cvf 3dbackup.tar -T backupfile.txt

1. Stop all currently running 3DNS Controller processes:

ndc stop
kill `cat /var/run/big3d.pid`
kill `cat /var/run/syslog.pid`
ps -aux|grep thttpd
kill pid#

1. Extract the 3.v1.0.6.tar.gz file in the /var/tmp/ directory:

cd /
/usr/contrib/bin/gtar -zxvpUf /var/tmp/3.v1.0.6.tar.gz

1. Run 3dparse to update the /etc/wideip.conf file.

3dparse

1. Restart the 3DNS Controller.

sync
reboot

Note: Once you install the 3DNS software, you must install new versions of the BIG3d utility on all BIG/ip Controllers managed by the 3DNS Controller. See Setting up the big3d utility, on page 2-21 .

Once you install the software update, you must make the required configuration changes described in the following section.

Required configuration changes

The following configuration changes are required. All other configuration changes in this release are optional.

First-Time Boot utility

To check whether the First-Time Boot utility has run, the 3DNS Controller now looks for the /etc/netstart file rather than /etc/wideip.conf. If the /etc/netstart file exists, the 3DNS Controller does not run the First-Time Boot utility at start up. If the 3DNS Controller does not find the /etc/netstart file, it runs the First-Time Boot utility at start up and saves the /etc/netstart file upon completion.

Datasize settings

The 3DNS Controller now automatically manages all datasize statements, including process data and stack sizes, based on the amount of memory installed. We recommend that you remove or comment out datasize statements from /etc/named.conf files because they are no longer necessary.

System control variables on BIG/ip Controllers

If you configure the 3DNS Controller to use the registered iQuery port 4353 for iQuery traffic, you must change the corresponding bigip.open_3dns_lockdown_ports sysctl variable on all BIG/ip Controllers running version 2.0 and earlier. The default setting for this variable is 0, but if iQuery traffic is set to run on port 4353, you must change the variable setting to 1.

The big3d utility

All versions of the big3d utility must be updated on BIG/ip Controllers. The 3DNS Controller includes big3d utilities for BIG/ip Controller version 1.8.3, version 2.0, and version 2.0.4. Use the Install and Start big3d command on the 3DNS Maintenance menu to automatically copy and install the appropriate version of the big3d utility to all BIG/ip Controllers in your environment.

Note: The big3d utility version 2.0.1 is compatible with BIG/ip Controller version 2.0.2.

Storing zone files

Move zone files to the /var/namedb directory, which offers substantially more storage space than the /etc/namedb directory.

1. Change the directory /etc/namedb line in the /etc/named.conf file to instead point to the /var/namedb directory:

directory /var/namedb

1. Move /etc/namedb to /var/namedb.
2. Restart the named process.

Y2K compliance

To make the 3DNS Controller Y2K compliant, you may need to change the serial numbering scheme you apply to zone files. Use the YYYYMMDDXX serial number format where the XX portion of the number reflects a series number that is attached to the date. This serial number format accommodates zone file transfers that occur more than once in a 24 hour period, but does not create serial numbers that exceed a 32-bit integer. For more information on zone file serial numbers, see page 136 in the O'Reilly & Associates' book DNS and BIND, third edition.

Globals sub-statements

If you are upgrading from an earlier version of 3DNS Controller and you plan to use the RTT or QOS load balancing modes, change the following globals sub-statements to the values shown below:

paths_noclobber yes

path_ttl 2400

The First-Time Boot utility

To boot the 3DNS Controller, turn on the power switch located on the front of the 3DNS Controller chassis. The power switch is item 7 on Figure 3.1 :

1. Fan filter 2. Keyboard lock 3. Reset button 4. Keyboard lock LED 5. Hard disk drive LED

6. Power LED 7. On/off button 8. 3.5 floppy disk drive 9. CD-ROM drive

Figure 3.1 3DNS Controller front view

Figure 3.2 shows the rear of the 3DNS Controller.

1. Fan 2. Power in 3. Voltage selector 4. Mouse port* 5. Keyboard port 6. Universal serial bus ports* 7. Terminal serial port

8. Printer port* 9. Fail-over port 10. Video (VGA) port 11. Internal interface (RJ-45) 12. External interface (RJ-45) 13. Interface indicator LEDs 14. Watchdog card*

*Not to be connected to any peripheral hardware.

Figure 3.2 3DNS Controller rear view

When the 3DNS Controller is successfully powered up, you must read and agree to the conditions in the displayed license agreement before the First-Time Boot utility starts and begins prompting you for configuration information.

The configuration is not saved until after you have completely gone through the series of screens. Any changes you need to make to the configuration can be made during the display of the screens to confirm each setting.

Note: The screens in international versions of 3DNS Controller differ slightly from the screens shown in this section.

Running the First-Time Boot configuration utility

After you press any key at the initial screen, the First-Time Boot Utility screen is displayed, as shown in Figure 3.3 .

To continue with the configuration, press any key.

First-Time Boot

System Configuration Utility

   Welcome to 3DNS(tm).  Before using your    
     3DNS(tm), you will have to configure the    
     root password, 3DNS(tm) hostname, and     
     interface cards.    
     This utility will take you through this     
     process step-by-step.       
          
     Before any configuration files are written to    
     disk, you will be asked to confirm all your    
     selections.     
        
    [Press ctrl-E to exit and configure manually]    
        
    [ press any key to continue ]       

Figure 3.3 First-Time Boot Utility

Entering the password

At the Set Root Password screen, enter the password that you want to assign to the root user account. The password should be a minimum of six characters, a maximum of 128, and should contain a combination of uppercase, lowercase, and punctuation characters.

Next you are prompted to reset the root password. Press any key to continue.

Confirm password

You are prompted to confirm your new password by typing it again at the second Set Root Password screen. Press any key to continue.

Entering the host name

Enter a fully qualified domain name for the 3DNS Controller (for example, 3dns.seattle.domain.com), and press Enter.

Note: If you need to change the host name later, edit the
hostname <name> line in the /etc/netstart script.

Setting the interface for the network

In the next series of screens, you set and configure the interface and netmask. To select the interface as either exp0, de0, or fddi0, move the cursor to highlight your selection, and press Enter.

Note: The 3DNS Controller First-Time Boot utility lists only the network interface devices that it detects during boot up.

Configuring the interface

Enter the IP address for the interface used in configuration.

Entering a netmask

In this screen you can either accept the default netmask (255.255.255.255), or you can define a custom netmask for the interface.

Enter a broadcast

In this screen you can either accept the default broadcast address (the combination of the IP address and the netmask), or you can define a custom broadcast address for the interface.

Select interface media type

Move the cursor to highlight the media type to be used for the interface, then press Enter. The options for the Interface Media Type are dependent on the NIC being used. An example of media type is as follows:

• auto
• 10baseT
• 10baseT,FDX
• 100baseTX
• 100baseTX,FDX

Setting the remote administrative IP address

Enter the IP address from which you want to perform all remote configuration, administration, and monitoring tasks. Note that you can use an asterisk (*) as a wildcard to specify a range of IP addresses.

For 3DNS Controllers distributed in the US, administrative command line tasks are conducted using the F-Secure SSH client, which is a secure shell. For international 3DNS Controllers, administrative command line tasks are conducted via Telnet.

Configuring the default route

The default route is used to determine where the 3DNS Controller should send network traffic for which it does not have a static route. The default route is usually the IP address of a router.

Writing the configuration to disk

After you confirm all of your configuration entries, the Finished screen opens, as shown in Figure 3.4 .

 ---F I N I S H E D-------------------------- 

    BIND 8 and 3DNS(tm) are set up. You are 
   ready to configure 3DNS. 
   Once your 3DNS has re-booted, 
   login and run 
   /usr/contrib/bin/3dnsmaint.  


          [ press any key to continue ] 
 
 

Figure 3.4 Finished screen

At this point, the 3DNS Controller writes your configuration to the disk. A status window shows the progress as each of the listed configuration files are saved.

Rebooting the system

Once the First-Time Boot utility is done, press any key to start the 3DNS Controller. At the login prompt, log in as root and halt the system using the halt command.

After the system halts, set the power switch to the Off position. You must completely power down the 3DNS Controller before attaching it to a network, as described in the next section.

F-Secure SSH client

This section applies only to products sold in the U.S.

If you want to configure the 3DNS Controller from a remote workstation, you need to install the F-Secure SSH client on your remote administration workstation. Note that you can also use the F-Secure SSH suite for file transfer to and from the 3DNS Controller, as well as for remote backups. A F-Secure SSH client is pre-installed on the 3DNS Controller hardware to assist with file transfer activities. Please refer to the F-Secure SSH User's Guide shipped with your 3DNS Controller for more information about the SSH client itself.

The F-Secure server is started upon 3DNS Controller boot up. The 3DNS First-Time Boot Utility configures the F-Secure SSH server based on information you provide, so no further modification of the F-Secure configuration is required.

Transferring and installing the F-Secure SSH client

You are licensed to install one (1) copy of the client on your administration workstation. To ease the ordering and installation process, both UNIX and Windows versions of F-Secure SSH client are shipped with the 3DNS Controller. Please contact Data Fellows if you need to purchase additional F-Secure SSH clients, or if you need to purchase the Mac version of the SSH client.

Note: The following F-Secure SSH client is shown as an example and may not be an accurate reflection of your administration workstation.

To transfer the F-Secure SSH client to the administration workstation:

1. Using the monitor and keyboard or serial terminal already connected to the 3DNS Controller, change to the directory /usr/contrib/fsecure, where the F-Secure SSH clients are located. List the directory, noting the file name that corresponds to the operating system of your administration workstation.
2. Start FTP by typing:

ftp

1. Enter passive FTP mode by typing:

passive

1. Open a connection to the administration workstation by typing the following command, where <ip_address> is the IP address of the administration workstation:

open <IP_address>

The following text is displayed:

Connected to big.f5.com. 220 big.f5.com FTP server (OSF/1 Version 5.60) ready. Name (big:the user): 331 Password required for the user. Password:

1. Type your user name and password to complete the connection.
2. Change the transfer mode to binary by typing:

bin

1. Change to the directory on the administration workstation where you want to install the F-Secure SSH client.
2. Transfer the F-secure file to the administration workstation by typing the following command, where <file_name> is the name of the file corresponding to the operating system of your administration workstation:

put <file_name>

1. Quit FTP on 3DNS by typing:

quit

Using UNIX

To install the F-Secure SSH client on the administration workstation:

1. Log on to the administration workstation and change to the directory where you put the F-Secure SSH client tar file.
2. Untar the file and follow the instructions in the file INSTALL (located in the current directory) to build the F-Secure SSH client for your workstation.

   The F-Secure SSH client is now installed on your administration workstation. You are now ready to remotely log on to the 3DNS Controller to finish configuration.

   If you have any problems building the F-Secure SSH client for the UNIX operating system on your administration workstation, please contact Technical Support at F5 Networks, Inc.

To remotely log on to 3DNS using F-Secure:

1. Open a connection by typing:

ssh -l root [3DNS Controller IP address]

1. The 3DNS Controller prompts you for the password that you set earlier.

After installation

After the 3DNS Controller is installed, you must perform several configuration tasks to implement the system. These tasks are described in Chapter 4, Configuring a 3DNS Controller .