DNS Proxy manager setup

Notes before installation

Oplon DNS & Proxy Manager is a product intended for mission-critical environments therefore only staff who have completed the course and passed the exam are authorized to certify the installation and maintenance of the products in operation. All certified persons are equipped with a recognition license issued by Oplon property.

Oplon DNS & Proxy Manager can be installed in two modes, together with Oplon ADC or alone (halo). In both cases, a specific license is required Oplon DNS & Proxy Manager so that you can use it. Both installations are similar except for the license location.

Oplon DNS & Proxy Manager has been released to cooperate with the BIND DNS Server or with MS DNS, which must be installed and functioning.

This document does not want to be a manual for installing and configuring the DNS BIND or MS DNS, it merely give you the necessary knowledge to be able to install and configure Oplon DNS & Proxy Manager with sample services. For a complete deal of DNS topics, refer to product documentation or W3C IETF recommendations.

Oplon Management Console

Before installing the server component, it is recommended that you install the server component Oplon Management Console to be able to perform the configuration operations.

To install the component Oplon Management Console refer to the manual LBL_ManagementConsole_Installation.pdf available in the storage media provided with the product or through downloads from a restricted area.

Operating system Date and Time setting

Oplon DNS & Proxy Manager is not sensitive to time differences on nodes during operation. However, if you change the system date and time during operation, some considerations may be distorted, such as time-out calculations, lease times, or repository date considerations (e.g., georefereence repository version date).

Therefore, for the following, we recommend that you set the system date and time with values as close as possible to the current date and time. Using NTP alignment is recommended.

Start Monitor & Visual Configuration

To run the start of the command-line management service, you now only need to run the go.sh or go.bat batch depending on the type of operating system:

Unix-Linux:

./go.sh

MS Windows:

C:-> go.bat

This command runs the management server interactively Oplon Monitor.

From the location where it was previously installed Oplon Management Console, start the visual configuration program, log in with the address set in the configuration file to the parameter LBL_GLOBAL_ADDRESS_MANAGEMENT. Immediately

displays the status of the jobs associated with the server Oplon Monitor:

image1

A05_LBLGoDNSManager - license entry

Con the mouse select the process A05_LBLGoDNSManager and in the context menu choose "Install license"

image2

image3 image4 You will be prompted to indicate the license file to upload (N.B.: Must be called license.xml"):

A05_LBLGoDNSManager - Properties menu popup

image5 To set the configuration parameters, you will now only need to select A05_LBLGoDNSManager and right-click Properties:

By selecting the panels with their parameter file names, you can configure them.

image6

Access to the basic OPLON Monitor process is also possible through Web Browser as in previous versions.

image7

Address plan

To install Oplon DNS & Proxy Manager you need to make the address plan in a way that meets your project needs.

For example, for this installation guide, we will take the need to set in RoundRobin on the domain www.tcoproject.dev two addresses to which the two active-active OPLON nodes respond®ADC Enterprise HA

image8

For each of the instances Oplon LoadBalancer Enterprise HA address managed by the load balancer will be assigned. Among the different machines that will host Oplon ADC it is good for simplicity to report the same information.

The hosts file, /etc/hosts in the Unix-Linux environment, and the C:-WINDOWS-system32-drivers-etc-hosts file in the MS Windows environment, should look like the following example:

 127.0.0.1 Localhost

 192.168.43.3 Papaya Local papaya
 192.168.44.4 papaiaprivate Private papaya
 192.168.45.101 papaiabackend property Papaya backend

 192.168.43.6 Mango Public mango
 192.168.44.5 mangoproivate Private mango
 192.168.45.100 mangobackend property Mango backend

 192.168.43.136 grid0000 GRID address NODE A
 192.168.43.138 grid001 NODE B grid address

The two addresses highlighted in red are related to the NODE A and at the NODE B and are completely controlled by balancing instances Oplon LoadBalancer Enterprise HA. These addresses will be managed by DNS in RoundRobin across a single domain. For example, the domain www.tcoproject.dev will be taken in this case.

Assume in the following examples that DNS responds on the same machines where address balancing instances are installed: 192.168.43.111 and 192.168.43.112.

BIND - Determining DNS works correctly

Immediately after the address plan and verifying that the address

DNS you need to determine the locations of your DNS directories and carefully note the directories on which the BIND instance acts to associate the names, addresses, and services associated with them.

The correct operation of the DNS BIND is easily determined by the command rndc property. Below is the result of this command, which in all operating systems responds in the same way. Go the first time on the NODE A.

Solaris, Linux, MS Windows (independent SO):

rndc status

number of zones: 2

debug level: 0

xfers running: 0

deferred xfers: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/1000

tcp clients: 0/100

server is up and running

In red, the DNS status that must be "up and running".

The command rndc property usually found in the following directories:

Solaris:

Which rndc

/usr/sbin/rndc

Linux:

Which rndc

/usr/sbin/rndc

MS Windows (depending on the installation directory:

In our example:

C:-TCOProject-bin-BIND-bin-rndc.exe

BIND - Determining DNS Zone Directory

Immediately after the address plan and verifying that DNS is working correctly, you must determine the locations of the DNS directories. BIND describes its characteristics in a profile file that is normally named.conf. So the first step is to check the location of this file in your operating system.

On Solaris you can normally find it in:

/etc/named.conf

On Linux you can normally find it in:

/etc/bind/named.conf

On MS Windows, it is dependent on the installation directory required by the autoinstaller. We will consider for this hypothesis: C:-TCOProject-bin-BIND-etc-named.conf

Once you have verified the location of the named.conf file within it will be able to find the directories where the zones with namespaces will be cracked for each domain managed by DNS. For this example, we will consider an installation made on MS Windows. The only differences from an installation on Solaris or Linux are the path indications where zone files and their namespaces are stored.

 ***named.conf property***

 options
 **Directory "C:-TCOProject-bin-BIND-etc-zones";**
 multiple-cnames yes;
 };

 key "rndc-key"

 algorithm hmac-md5;
 secret "64WJDedFIw3vfJYFVYMTlQ";
 };

 controls
 inet 127.0.0.1 port 953
 allow : 127.0.0.1; keys : "rndc-key";
 };

 zones"." {
 type hint;
 file "root.hints";
 };

 "tcoproject.dev" zones
 type master;
 **file "local/tcoproject.dev.db";**
 };
 "43.168.192.in-addr.harp" zones
 type master;
 **file "local/rev.43.168.192.in-addr.arpa";**
 };

Highlight the parameters and values needed for determining directories and zone files in green and red, respectively.

In this example in the parameter Directory is indicated as the default directory for zone files "C:-TCOProject-bin-BIND-etc-zones".

In the example, you can also find two other highlighted parameters. These parameters indicate the location of files that contain namespaces.

"tcoproject.dev" zones type master; file "local/tcoproject.dev.db"; }; "43.168.192.in-addr.harp" zones type master; file "local/rev.43.168.192.in-addr.arpa"; };

Being in the parameters file indicated a relative path both are to be understood as an absolute path the sum of the absolute path indicated in the parameter Directory more than indicated on the parameter file.

So the absolute location of the tcoproject.dev zone file will be:

C:-TCOProject-bin-BIND-etc-zones-local-tcoproject.dev.db

While the absolute location of the 43.168.192.in-addr.arpa zone file will be:

C:-TCOProject-bin-BIND-etc-zones-local-rev.43.168.192.in-addr.arpa

These elements are sufficient to determine the paths and files affected by Oplon DNSManager. These last two files will be dynamically modified depending on the availability checks of the services.

BIND - Initial namespace loading in DNS file zones

Once you have determined the locations of the zone files, the first step is to make DNS operational with its namespaces in order to verify its functionality. To do this, you will prepare the two files:

C:-TCOProject-bin-BIND-etc-zones-local-tcoproject.dev.db

  $TTL 3
  @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (
  2010010701 ; serial, todays date - todays serial #
  8H ; refresh
  M ; retry
  4w ; expire
  10) ; minimum
  Ns Ns ; Inet Address of name server
  www IN A 192.168.43.136
  www IN A 192.168.43.138

C:-TCOProject-bin-BIND-etc-zones-local-rev.43.168.192.in-addr.arpa

  $TTL 3
  @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (
  2010010701 ; serial, todays date - todays serial #
  8H ; refresh
  M ; retry
  4w ; expire
  10) ; minimum
  Ns ns.tcoproject.dev.
  136 PTR www.tcoproject.dev.
  138 PTR www.tcoproject.dev.

Once the zone files have been populated, they must be accessed by the DNS instance. To do this, simply run the command rndc property followed by the parameter Reload:

[Solaris, Linux, MS Windows (OS Independent):]

C: rndc reload

successful reload server

MS DNS - Determining DNS works correctly

To verify that Microsoft DNS works:

Control Panel->Administrative Tools->

image9

---> DNS

image10

MS DNS - Required Components

Oplon DNS & Proxy Manager in the MS DNS environment, it uses the comado "dnscmd.exe" to change the domain-name associations addresses at runtime. This command, which is defaulted on Windows 2008 Server, must instead be installed as an additional "Support Tools" package for Windows 2003 Server versions.

For Windows 2003 Server, the package installation directory will determine the location of the e.g. command:

C:-Support Tools

We recommend that you use directories without spaces so that you do not have problems when setting up directories.

For Windows 2008:

C:-Windows-System32

MS DNS - Determining Directory

MS DNS can be set during runtime in two different modes: through zone files or through explicit commands declared in the parameters of the dnscmd.exe command-line manager.

Both modes are supported by Oplon DNSManager. In this example, we'll use the explicit commands mode declared in the dnscmd.exe command-line manager parameters because ms DNS is normally configured with the repository stored in Active Directory, and this mode covers this feature.

The only directories to be determined in this case are the location of the dnscmd.exe command (seen in the previous paragraph) and locate a directory that allows us to contain the scripts that will be dynamically generated by Oplon DNS & Proxy Manager popular MS DNS. For the latter purpose, we recommend that you use a directory that is close to the directory (LBL_HOME) or even within (LBL_HOME). In the example, we'll use a directory that's appropriately created in:

(LBL_HOME)-lib-scriptDNSManager

Scripts for manipulating domain-name bindings Addresses' will be stored in this directory.

MS DNS - Initial namespace loading

For the initial loading of namespaces, we will use the visual interface that Microsoft has prepared for this purpose.

Control Panel->Administrative Tools->DNS

image11

In this window you can see the existence of the tcoproject.dev zone, previously created, on which we will act at first manually and then automatically with Oplon DNSManager.

We're going to set the host names with their addresses. Zone name plus host name will form the "domain".

image12

image13

image14 Create the first host with name "www" by making sure to also create the reverse binding through the check button [ ] Create associated pointer (PTR) record.

The inverse address resolution binding domain-name deserves some considerations based on the type of installation. These considerations are in-depth through the certification course. In this manual we will simply give the basic settings information as an aid to the installation that must be preceded as always by the collection of requirements and definition of the plan addresses and names.

The result we got is an association with the same domain www.tcoproject.dev 192.168.43.136 and 192.168.43.138. These addresses will be cycled by DNS automatically without performing any additional setting action.

Es.:

If we pinged now, the effect would not be the same because of the Time To live (TTL). To lower the TTL there are two modes, either at the zone level or at the single host name level. In the following examples, Oplon DNS & Proxy Manager we will use the TTL associated with the host name so as not to alter any other TTL policies associated with other hosts in the zone that may have different needs.

Verify that domain RR is set correctly in DNS

You must use the nslookup command on a client to verify that DNS is working correctly. Below is the same command used on multiple operating systems. Addresses are highlighted in red. The first parameter of nslookup is the domain name that you want to verify the second is the address to which DNS responds so that you can be sure to verify the response from the correct DNS.

MS Windows:

C:->nslookup www.tcoproject.dev 192.168.43.111

Unable to find server name for address 192.168.43.111: Non-existent domain

Server: UnKnown

Address: 192.168.43.111

Name: www.tcoproject.dev

Addresses: 192.168.43.136, 192.168.43.138

Solaris:

nslookup www.tcoproject.dev 192.168.43.111

Server: 192.168.43.111

Address: 192.168.43.111

Name: www.tcoproject.dev

Address: 192.168.43.136

Name: www.tcoproject.dev

Address: 192.168.43.138

Linux:

nslookup www.tcoproject.dev 192.168.43.111

Server: 192.168.43.111

Address: 192.168.43.111

Name: www.tcoproject.dev

Address: 192.168.43.136

Name: www.tcoproject.dev

Address: 192.168.43.138

Correct reverse-namespace setting on DNS

To complete the verification of the correct setting, you must also check whether the reverse resolution has been received and set correctly. To do this, run the following commands:

MS Windows:

C:->nslookup 192.168.43.136 192.168.43.111

Unable to find server name for address 192.168.43.111: Non-existent domain

Server: UnKnown

Address: 192.168.43.111

Name: www.tcoproject.dev

Address: 192.168.43.136

--

C:->nslookup 192.168.43.138 192.168.43.111

Unable to find server name for address 192.168.43.111: Non-existent domain

Server: UnKnown

Address: 192.168.43.111

Name: www.tcoproject.dev

Address: 192.168.43.138

Solaris:

nslookup 192.168.43.136 192.168.43.111

Server: 192.168.43.111

Address: 192.168.43.111

138.43.168.192.in-addr.arpa name www.tcoproject.dev.

--

nslookup 192.168.43.138 192.168.43.111

Server: 192.168.43.111

Address: 192.168.43.111

138.43.168.192.in-addr.arpa name www.tcoproject.dev.

Linux:

nslookup 192.168.43.136 192.168.43.111

Server: 192.168.43.111

Address: 192.168.43.111

138.43.168.192.in-addr.arpa name www.tcoproject.dev.

--

nslookup 192.168.43.138 192.168.43.111

Server: 192.168.43.111

Address: 192.168.43.111

138.43.168.192.in-addr.arpa name www.tcoproject.dev.

DNS Configuration Completion

When the configuration is complete, rerun the same steps from Chapter 11 to Chapter 15 on the NODE B obtaining the following situation:

On the two nodes (A and B) DNS are installed and configured so that both respond in the same way by associating with the name www.tcoproject.dev addresses 192.168.43.136 And 192.168.43.138. At this stage, DNS will not verify the actual existence of these addresses and the operation of the services associated with them, this functionality will be implemented by Oplon DNSManager.

image15

BIND - Check template in (LBL_HOME)/lib/templateDNSManager/

The directory (LBL_HOME)/lib/templateDNSManager/ contains files for dynamic zone construction. Specifically, two sample files are distributed:

  • tcoproject.dev.db.template

  • rev.43.168.192.in-addr.arpa.template

These files contain

**(LBL_HOME)/lib/templateDNSManager/tcoproject.dev.db.template**


 **%comment%**

 **; LBL(tm) LoadBalancer**

 **;**

 **; This is a commercial software**

 **; You shall not disclose such Confidential Information and shall
 use**

 **; it only in accordance with the terms of the license agreement**

 **;**

 **; www.tcoproject.com**

 **; www.lblloadbalancer.com**

 **; mailto:info@tcoproject.com**

 **;**

 **; LBL(tm) LoadBalancer is built on TCOProject(tm)
 SoftwareLibrary**

 **;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.**

 **; Template file LBL(r)DNSManager**

 **$TTL 3**

 **@ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (**

 **%serial% ; serial, todays date - todays serial #**

 **8H ; refresh**

 **M ; retry**

 **4w ; expire**

 **10) ; minimum**

 **Ns Ns ; Inet Address of name server**

 **%namespaces%**

(LBL_HOME)/lib/templateDNSManager/rev.43.168.192.in-addr.arpa.template

 **%comment%**

 **; LBL(tm) LoadBalancer**

 **;**

 **; This is a commercial software**

 **; You shall not disclose such Confidential Information and shall
 use**

 **; it only in accordance with the terms of the license agreement**

 **;**

 **; www.tcoproject.com**

 **; www.lblloadbalancer.com**

 **; mailto:info@tcoproject.com**

 **;**

 **; LBL(tm) LoadBalancer is built on TCOProject(tm)
 SoftwareLibrary**

 **;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.**

 **; Template file LBL(r)DNSManager**

 **$TTL 3**

 **@ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (**

 **%serial% ; serial, todays date - todays serial #**

 **8H ; refresh**

 **M ; retry**

 **4w ; expire**

 **10) ; minimum**

 **Ns ns.tcoproject.dev.**

 **%namespaces%**

In both distributed files you can see similarities with the zone files set on DNS except for the TAGs highlighted in red "%namespaces%" and "%serial%". These TAGs will be dynamically populated according to the rules set in the file (LBL_HOME)/lib/confDNSManager/dnsmanager.xml.

BIND - Configuration (LBL_HOME)/lib/confDNSManager/dnsmanager.xml

The dnsmanager.xml configuration file contains all the information to dynamically populate THE DNS zone files by completing the template files.

The file consists of two paragraphs; the first <params> describes the general variables while the second ,<zone> which can be repeated multiple times, defines the zones of the dns. Within the second paragraph <zone> namespaces and their verification conditions (HealthCheck) of "service vitality" are defined <namespace>.

<serviceconf>

<copyright>

</copyright>

<dnsmanager>

<params>

</params>

<zone>

<namespace>

<condition>

</condition>

</namespace>

</zone>

</dnsmanager>

</serviceconf>

For a complete discussion of the individual parameters, see the Oplon Reference Guide.

In our case we will populate the sample file made available for distribution and below.

The dnsmanager.xml configuration file included in the deployment:

 <a0>xml version</a0>

 <serviceconf>

 <copyright>

 LBL(tm) LoadBalancer

 This is a commercial software

 You shall not disclose such Confidential Information and shall use

 it only in accordance with the terms of the license agreement

 www.tcoproject.com

 www.lblloadbalancer.com

 mailto:info@tcoproject.com

 LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 </copyright>

 <dnsmanager>

 <a0>params</a0>

 frequency="60000"

 templateDir property="lib/templateDNSManager"

 templateSerialWithDate property="True"

 reloadCommand
 property"____rel
 oad_cmd_with_absolute_address____es.:C:/work1/bin/named/bin/rndc
 reload"

 sysCommandRemoteURL property="http://localhost:5992/SysCommand">

 </params>

 <a0 zones Enable="True"

 namespaceFile
 property"_____________
 _____es.:C:-work1-bin/named/etc/zones/local/tcoproject.dev.db"

 namespaceTemplateFile
 property"__________es.:tcoproject.dev.db.template"

 namespaceReverseFile
 property"___________
 es.:C:/work1/bin/named/etc/zones/local/rev.43.168.192.in-addr.arpa"

 namespaceReverseTemplateFile
 property"___es.:rev.43.168.192.in-addr.arpa.template">

 <a0 namespace Enable="True"

 address"_______________es.:192.168.43.136"
 Port="80" uriPath property="/HealthCheck property" Ssl="False"

 Namespace"_____________es.:www IN A 192.168.43.136"

 namespaceReverse property"______es.:136 PTR
 www.tcoproject.dev."/>

 <a0 namespace Enable="True"

 address"_______________es.:192.168.43.138"
 Port="80" uriPath property="/HealthCheck property" Ssl="False"

 Namespace"_____________es.:www IN A 192.168.43.138"

 namespaceReverse property"______es.:138 PTR
 www.tcoproject.dev."/>

 </zone>

 <sysobserver>

 </sysobserver>

 </dnsmanager>

 </serviceconf>

In blue paragraphs are highlighted, in Green parameter names, in Red parameter values that normally remain unchanged while in Black the values to be completed with the information of our project have remained.

In paragraph <params>

  • reloadCommand property must be completed with the value of the command to be executed to reload the zones in DNS. The command must be the same as the same one used for manual testing. It is recommended that you indicate the absolute path of the command so that you are free from post-installation environment changes that could affect its operation. In our example "C:/TCOProject/bin/BIND/bin/rndc reload"

    In paragraph <zone>

  • namespaceFile property is the DNS zone file. This value must be completed with the absolute path and file name previously set by hand in the DNS zone directories. In our example:

    "C:-TCOProject-bin-BIND-etc-zones-local-tcoproject.dev.db"

  • namespaceTemplateFile property is the template file that serves as a trace for dynamic generation of address name bindings. It can be completed either with an absolute path or with a path relative to the parameter templateDir property="lib/templateDNSManager" in paragraph <params>. In our example: "tcoproject.dev.db.template". The resulting value will then be:

    "(LBL_HOME)/lib/templateDNSManager/tcoproject.dev.db.template"

    that is, the template file seen previously.

  • namespaceReverseFile property is the zone file for reverse resolution from address to domain name. This value in our case must be completed with the absolute path and file name previously set by hand (make a backup to the other directory first). In our example:

"C:-TCOProject-bin-BIND-etc-zones-local-rev.43.168.192.in-addr.arpa".

  • namespaceReverseTemplateFile property is the template file that serves as a trace for dynamic address binding generation name. It can be completed either with an absolute path or with a path relative to the parameter templateDir property="lib/templateDNSManager". In our example:

"rev.43.168.192.in-addr.arpa". The resulting value will then be:

"(LBL_HOME)/lib/templateDNSManager/rev.43.168.192.in-addr.arpa"

that is, the template file seen previously.

In paragraph 1 <namespace>

  • address is the address to be submitted to HealthCheck to determine the activity and therefore the availability of this name space. The other parameters, port, uriPath, and SSL are intuitive. If this address/port/uriPath is active, the namespace described in the parameters below will enter the new zone file. In our example, it will be populated with the address to which the services of the NODE A. "192.168.43.136"

  • Namespace is the namespace fragment to be inserted into the template file in case the HealthCheck test succeeds. In our example:

    "www IN A 192.168.43.136"

  • namespaceReverse property is the reverse namespace fragment to be inserted into the template file in case the HealthCheck test succeeds. In our example:

"136 PTR www.tcoproject.dev."

In paragraph 2 <namespace>

  • address is the address to be submitted to HealthCheck to determine the activity and therefore the availability of this name space. The other parameters, port, uriPath, and SSL are intuitive. If this address/port/uriPath is active, the namespace described in the parameters below will enter the new zone file. In our example, it will be populated with the address to which the services of the NODE B. "192.168.43.138"

  • Namespace is the namespace fragment to be inserted into the template file in case the HealthCheck test succeeds. In our example:

    "www IN A 192.168.43.138"

  • namespaceReverse property is the reverse namespace fragment to be inserted into the template file in case the HealthCheck test succeeds. In our example:

    "138 PTR www.tcoproject.dev."

image16 The resulting configuration file should look like this:

The dnsmanager.xml configuration file that was calculated from the file in the deployment:

 <a0>xml version</a0>

 <serviceconf>

 <copyright>

 LBL(tm) LoadBalancer

 This is a commercial software

 You shall not disclose such Confidential Information and shall use

 it only in accordance with the terms of the license agreement

 www.tcoproject.com

 www.lblloadbalancer.com

 mailto:info@tcoproject.com

 LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 </copyright>

 <dnsmanager>

 <a0>params</a0>

 frequency="60000"

 templateDir property="lib/templateDNSManager"

 templateSerialWithDate property="True"

 reloadCommand property="C:/TCOProject/bin/BIND/bin/rndc reload"

 sysCommandRemoteURL property="http://localhost:5992/SysCommand">

 </params>

 <a0 zones Enable="True"

 namespaceFile
 p
 roperty="C:/TCOProject/bin/BIND/etc/zones/local/tcoproject.dev.db"

 namespaceTemplateFile property="tcoproject.dev.db.template"

 namespaceReverseFile
 property="
 C:/TCOProject/bin/BIND/etc/zones/local/rev.43.168.192.in-addr.arpa"

 namespaceReverseTemplateFile
 property="rev.43.168.192.in-addr.arpa.template">

 <a0 namespace Enable="True"

 address="192.168.43.136"port"80" uriPath property="/HealthCheck
 property" Ssl="False"

 Namespace="www IN A 192.168.43.136"

 namespaceReverse property="136 PTR www.tcoproject.dev."/>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="80" uriPath
 property="/HealthCheck property" Ssl="False"

 Namespace="www IN A 192.168.43.138"

 namespaceReverse property="138 PTR www.tcoproject.dev."/>

 </zone>

 <sysobserver>

 </sysobserver>

 </dnsmanager>

 </serviceconf>

MS DNS - Verify template in (LBL_HOME)/lib/templateDNSManager/

The directory (LBL_HOME)/lib/templateDNSManager/ contains files for dynamic construction of zones or station scripts. Specifically, two sample files are deployed in template script mode:

These files contain

(LBL_HOME)/lib/templateDNSManager/twww.dev.db.template

 **@ECHO OFF**

 **REM LBL(tm) LoadBalancer**

 **Rem**

 **REM This is a commercial software**

 **REM You shall not disclose such Confidential Information and shall
 use**

 **REM it only in accordance with the terms of the license
 agreement**

 **Rem**

 **REM www.tcoproject.com**

 **REM www.lblloadbalancer.com**

 **REM mailto:info@tcoproject.com**

 **Rem**

 **REM LBL(tm) LoadBalancer is built on TCOProject(tm)
 SoftwareLibrary**

 **REM OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.**

 **REM Template file LBL(r)DNSManager**

 **%namespaces%**

 **exit 0**

(LBL_HOME)/lib/templateDNSManager/empty.template

 **@ECHO OFF**

 **REM LBL(tm) LoadBalancer**

 **Rem**

 **REM This is a commercial software**

 **REM You shall not disclose such Confidential Information and shall
 use**

 **REM it only in accordance with the terms of the license
 agreement**

 **Rem**

 **REM www.tcoproject.com**

 **REM www.lblloadbalancer.com**

 **REM mailto:info@tcoproject.com**

 **Rem**

 **REM LBL(tm) LoadBalancer is built on TCOProject(tm)
 SoftwareLibrary**

 **REM OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.**

 **exit 0**

For Microsoft DNS, the settings for the two templates deployed are for two batch script files that will be populated in relation to the domain-name binding needs addresses. The file (LBL_HOME)/lib/templateDNSManager/twww.dev.db.template contains the TAG "%namespaces%" that will be populated with the command for the namespace to be managed. The second file (LBL_HOME)/lib/templateDNSManager/empty.template is a batch support file in this case (not operation). This second file is still necessary, even if it does not produce any operations in this case.

MS DNS - Configuration (LBL_HOME)/lib/confDNSManager/dnsmanager.xml

The configuration file dnsmanager.xml contains all the information to dynamically populate the DNS zones by completing the template files and in this case producing command batches.

The file consists of two paragraphs; the first <params> describes the general variables while the second ,<zone> which can be repeated multiple times, defines the zones of the dns. Within the second paragraph <zone> namespaces and their verification conditions (HealthCheck) of "service vitality" are defined <namespace>.

<serviceconf>

<copyright>

</copyright>

<dnsmanager>

<params>

</params>

<zone>

<namespace>

<condition>

</condition>

</namespace>

</zone>

</dnsmanager>

</serviceconf>

For a complete discussion of the individual parameters, see the Oplon Reference Guide.

In our case we will populate the sample file made available for distribution and below.

The dnsmanager.xml configuration file included in the deployment:

 <a0>xml version</a0>

 <serviceconf>

 <copyright>

 LBL(tm) LoadBalancer

 This is a commercial software

 You shall not disclose such Confidential Information and shall use

 it only in accordance with the terms of the license agreement

 www.tcoproject.com

 www.lblloadbalancer.com

 mailto:info@tcoproject.com

 LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 </copyright>

 <dnsmanager>

 <a0>params</a0>

 frequency="60000"

 templateDir property="lib/templateDNSManager"

 templateSerialWithDate property="True"

 reloadCommand
 property"____rel
 oad_cmd_with_absolute_address____es.:C:/work1/bin/named/bin/rndc
 reload"

 sysCommandRemoteURL property="http://localhost:5992/SysCommand">

 </params>

 <a0 zones Enable="True"

 namespaceFile
 property"_____________
 _____es.:C:-work1-bin/named/etc/zones/local/tcoproject.dev.db"

 namespaceTemplateFile
 property"__________es.:tcoproject.dev.db.template"

 namespaceReverseFile
 property"___________
 es.:C:/work1/bin/named/etc/zones/local/rev.43.168.192.in-addr.arpa"

 namespaceReverseTemplateFile
 property"___es.:rev.43.168.192.in-addr.arpa.template">

 <a0 namespace Enable="True"

 address"_______________es.:192.168.43.136"
 Port="80" uriPath property="/HealthCheck property" Ssl="False"

 Namespace"_____________es.:www IN A 192.168.43.136"

 namespaceReverse property"______es.:136 PTR
 www.tcoproject.dev."/>

 <a0 namespace Enable="True"

 address"_______________es.:192.168.43.138"
 Port="80" uriPath property="/HealthCheck property" Ssl="False"

 Namespace"_____________es.:www IN A 192.168.43.138"

 namespaceReverse property"______es.:138 PTR
 www.tcoproject.dev."/>

 </zone>

 <sysobserver>

 </sysobserver>

 </dnsmanager>

 </serviceconf>

In blue paragraphs are highlighted, in Green parameter names, in Red parameter values that normally remain unchanged while in Black the values to be completed with the information of our project have remained. In the case of Microsoft DNS, the information we are going to enter is related to the commands to enter and delete host names through the dnscmd.exe command.

In paragraph <params>

  • reloadCommand property must be completed with the value of the command to be executed to reload the zones in DNS. The command must be the same as the same one used for manual testing. It is recommended that you indicate the absolute path of the command so that you are free from post-installation environment changes that could affect its operation. In this case, MS DNS, will be the command resulting from the processing In our example:

    "C:-work1-bin-TCOProject-LBLLoadBalancer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

    In paragraph <zone>

  • namespaceFile property is the batch file that results from the detection of active services and their mapping at the "domain" level in DNS. In this case, this value corresponds to the reloadCommand property seen earlier. In our example:

    "C:-work1-bin-TCOProject-LBLLoadBalancer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

  • namespaceTemplateFile property is the template file that serves as a trace for dynamic generation of address name bindings. It can be completed either with an absolute path or with a path relative to the parameter templateDir property="lib/templateDNSManager" in paragraph <params>. In our example:

    "www.dev.db.template"

    The resulting value by summing the contents of the parameter templateDir property will then be:

    "(LBL_HOME)/lib/templateDNSManager/www.dev.db.template"

    that is, the template file seen previously.

  • namespaceReverseFile property is the batch file to populate zones for reverse resolution from address to domain name. This value in our case must be completed with the absolute path and the name of the empty.bat file. This file is not taken into account in this case. In our example:

"C:-work1-bin-TCOProject-LBLLoadBalancer_monitor_007_000_000RC002-lib-scriptDNSManager-empty.bat".

  • namespaceReverseTemplateFile property is the template file that serves as a trace for dynamic address binding generation name.It can be completed either with an absolute path or with a path relative to the parameter templateDir property="lib/templateDNSManager". In our example:

"empty.template property".

The resulting value by summing the contents of the parameter templateDir property will then be:

"(LBL_HOME)/lib/templateDNSManager/empty.template property"

that is, the template file seen previously.

NOTE: In this case it is not taken into account.

In paragraph 1 <namespace>

  • address is the address to be submitted to HealthCheck to determine the activity and therefore the availability of this name space. The other parameters, port, uriPath, and SSL are intuitive. If this address/port/uriPath is active, the namespace described in the parameters below will enter the new zone file. In our example, it will be populated with the address to which the services of the NODE A. "192.168.43.136"

  • Namespace is the fragment of the batch file for populating the host names to be inserted into the template file in case the HealthCheck test succeeds. In our example:

    "dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A 192.168.43.136"

    Note: The parameter /CreatePTR is only accepted by the Windows 2008 Server release. In previous versions it must be removed.

    NOTE1: The value 10 after the /CreatePTR parameter is the TTL for this record. It is recommended not to go below 5 seconds.

  • namespaceInactive is the fragment of the batch file for populating the host names to be inserted into the template file in case the HealthCheck test does NOT succeed. In our example:

    "dnscmd /recorddelete tcoproject.dev www A 192.168.43.136 /F"

  • namespaceReverse property in our example, it should be deleted from dnsmanager.xml because either you have manually entered all the resolutionsOr, from Windows 2008, the mini-domain binding population command--address automatically generates and removes reverse resolutions.

    In paragraph 2 <namespace>

  • address is the address to be submitted to HealthCheck to determine the activity and therefore the availability of this name space. The other parameters, port, uriPath, and SSL are intuitive. If this address/port/uriPath is active, the namespace described in the parameters below will enter the new zone file. In our example, it will be populated with the address to which the services of the NODE B. "192.168.43.138"

  • Namespace is the fragment of the batch file for populating the host names to be inserted into the template file in case the HealthCheck test succeeds. In our example:

    "dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A 192.168.43.138"

    Note: The parameter /CreatePTR is only accepted by the Windows 2008 Server release. In previous versions it must be removed.

  • namespaceInactive is the fragment of the batch file for populating the host names to be inserted into the template file in case the HealthCheck test does NOT succeed. In our example:

    "dnscmd /recorddelete tcoproject.dev www A 192.168.43.138 /F"

  • namespaceReverse property in our example, it should be deleted from dnsmanager.xml because either you have manually entered all the resolutionsOr, from Windows 2008, the mini-domain binding population command address automatically generates and removes reverse resolutions.

image16 The resulting configuration file should look like the following:

The dnsmanager.xml configuration file that was calculated from the file in the deployment:

 <a0>xml v</a0>ersion-"1.0" encoding-"windows-1252"?>

 <serviceconf>

 <copyright>

 LBL(tm) LoadBalancer

 This is a commercial software

 You shall not disclose such Confidential Information and shall use

 it only in accordance with the terms of the license agreement

 www.tcoproject.com

 www.lblloadbalancer.com

 mailto:info@tcoproject.com

 LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 </copyright>

 <dnsmanager>

 <a0>params</a0>

 frequency="60000"

 templateDir property"l"ib/templateDNSManager"

 templateSerialWithDate property="True"

 reloadCommand
 property="C:-work1-bin-TCOProject-LBLLoadBala
 ncer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

 sysCommandRemoteURL property="https://localhost:5992/SysCommand">

 </params>

 <a0 zones Enable="True"

 namespaceFile
 property="C:-work1-bin-TCOProject-LBLLoadBala
 ncer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

 namespaceTemplateFile property="www.dev.db.template"

 namespaceReverseFile
 property="C:-work1-bin-TCOProject-LBLLo
 adBalancer_monitor_007_000_000RC002-lib-scriptDNSManager-empty.bat"

 namespaceReverseTemplateFile property="empty.template property">

 <a0 namespace Enable="True"

 address="192.168.43.136" Port="8080" uriPath property="/"
 Ssl="False"

 Namespace="dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A
 192.168.43.136"

 namespaceInactive="dnscmd /recorddelete tcoproject.dev www A
 192.168.43.136 /F"/>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="8181" uriPath property="/"
 Ssl="False"

 Namespace="dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A
 192.168.43.138"

 namespaceInactive="dnscmd /recorddelete tcoproject.dev www A
 192.168.43.138 /F"/>

 </zone>

 <sysobserver>

 <a0>service</a name property"syslog" Id"syslogdnsmanager"/>

 </sysobserver>

 </dnsmanager>

 </serviceconf>

BIND - Start Oplon DNSManager

image17 The start of Oplon DNS & Proxy Manager will be similar to the start of other processes through the automatic start of Oplon Monitor or through its WebConsole.

When the service starts, go to check the log file for the regeneration of the DNS zones and the actual reload by the rndc command.

Fragment of the log file with the logging of the DNS regeneration event and dynamic upload with the new situation:

  WARNING-1.6.0_16
 UserService.dn
 smanager-msw2000Srv000mg-1269171902765-20100321-12:45:02**Namespaces
 zone files Regeneration...**

  WARNING-1.6.0_16
 Us
 erService.dnsmanager-msw2000Srv000mg-1269171902890-20100321-12:45:02
 New Namespace:
 C:/TCOProject/bin/BIND/etc/zones/local/tcoproject.dev.db from
 template:
 C:-TCOProject-LBLLoadBalancer_monito
 r_007_000_000RC002/lib/templateDNSManager/tcoproject.dev.db.template

 ; OPLON and TCOProject are trademarks of F.Pieretti

 ;

 ; THIS IS AN AUTOMATIC GENERATED FILE FROM LBL(r)DNSManager

 ; DO NOT MODIFY MANUALLY

 ; LBL(r)Rel.-7.0

 ; LastUpdate-20100321124502

 ;
 TemplateFile:-TCOProject-bin-LBLLoadBalancer_monito
 r_007_000_000RC002/lib/templateDNSManager/tcoproject.dev.db.template

 ;

 ; LBL(tm) LoadBalancer

 ;

 ; This is a commercial software

 ; You shall not disclose such Confidential Information and shall use

 ; it only in accordance with the terms of the license agreement

 ;

 ; www.tcoproject.com

 ; www.lblloadbalancer.com

 ; mailto:info@tcoproject.com

 ;

 ; LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 ;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 ; Template file LBL(r)DNSManager

 $TTL 3

 @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (

 2010032101 ; serial, todays date - todays serial #

 8H ; refresh

 M ; retry

 4w ; expire

 10) ; minimum

 Ns Ns ; Inet Address of name server

 www IN A 192.168.43.136

 www IN A 192.168.43.138

 New ReverseNamespace:
 C:/TCOProject/bin/BIND/etc/zones/local/tcoproject.dev.db from
 template:
 C:-TCOProject-bin-LBLLoadBalancer_monitor_007_000_
 000RC002/lib/templateDNSManager/rev.43.168.192.in-addr.arpa.template

 ; OPLON and TCOProject are trademarks of F.Pieretti

 ;

 ; THIS IS AN AUTOMATIC GENERATED FILE FROM LBL(r)DNSManager

 ; DO NOT MODIFY MANUALLY

 ; LBL(r)Rel.-7.0

 ; LastUpdate-20100321124502

 ;
 TemplateFile-C:-TCOProject-bin-LBLLoadBalancer_monitor_007_000_
 000RC002/lib/templateDNSManager/rev.43.168.192.in-addr.arpa.template

 ;

 ; LBL(tm) LoadBalancer

 ;

 ; This is a commercial software

 ; You shall not disclose such Confidential Information and shall use

 ; it only in accordance with the terms of the license agreement

 ;

 ; www.tcoproject.com

 ; www.lblloadbalancer.com

 ; mailto:info@tcoproject.com

 ;

 ; LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 ;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 ; Template file LBL(r)DNSManager

 $TTL 3

 @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (

 2010032101 ; serial, todays date - todays serial #

 8H ; refresh

 M ; retry

 4w ; expire

 10) ; minimum

 Ns ns.tcoproject.dev.

 136 PTR www.tcoproject.dev.

 138 PTR www.tcoproject.dev.



  WARNING-1.6.0_16
 User
 Service.dnsmanager?msw2000Srv000mg-126917171903000-20100321-12:45:03
 Namespaces zone files Regenerated!"

  WARNING-1.6.0_16
 User
 Service.dnsmanager?msw2000Srv000mg-126917171903000-20100321-12:45:03
 DNS namespaces zone files realoading...

  WARNING-1.6.0_16
 UserSer
 vice.dnsmanager-msw2000Srv000mg-1269171904984-20100321-12:45:04**DNS
 namespaces zone files realoaded!**

In red, both the beginning of the regeneration operation and the reloading of DNS with the new situation are highlighted. The process from here on will be fully automatic. The log file will also show the new images generated so that you can immediately verify that the parameterization is correct.

BIND - Verify actual modification of zone files

To verify that the zone files that are available to DNS are actually modified, navigate to the DNS directory that contains the zones. In our example, check the contents of the files that should have been changed to:

C:-TCOProject-bin-BIND-etc-zones-local-tcoproject.dev.db

 ; OPLON and TCOProject are trademarks of F.Pieretti

 ;

 ; THIS IS AN AUTOMATIC GENERATED FILE FROM LBL(r)DNSManager

 ; DO NOT MODIFY MANUALLY

 ; LBL(r)Rel.-6.1

 ; LastUpdate-20100108134223

 ;
 TemplateFile-C:-TCOProject-bin-LBLLoadBalancer_dnsmanage
 r_006_001_000RC012/lib/templateDNSManager/tcoproject.dev.db.template

 ;

 ; LBL(tm) LoadBalancer

 ;

 ; This is a commercial software

 ; You shall not disclose such Confidential Information and shall use

 ; it only in accordance with the terms of the license agreement

 ;

 ; www.tcoproject.com

 ; www.lblloadbalancer.com

 ; mailto:info@tcoproject.com

 ;

 ; LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 ;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 ; Template file LBL(r)DNSManager

 $TTL 3

 @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (

 2010010803 ; serial, todays date - todays serial #

 8H ; refresh

 M ; retry

 4w ; expire

 10) ; minimum

 Ns Ns ; Inet Address of name server

 www IN A 192.168.43.136

 www IN A 192.168.43.138

C:-TCOProject-bin-BIND-etc-zones-local-rev.43.168.192.in-addr.arpa

 ; OPLON and TCOProject are trademarks of F.Pieretti

 ;

 ; THIS IS AN AUTOMATIC GENERATED FILE FROM LBL(r)DNSManager

 ; DO NOT MODIFY MANUALLY

 ; LBL(r)Rel.-6.1

 ; LastUpdate-20100108134223

 ;
 TemplateFile-C:-TCOProject-bin-LBLLoadBalancer_dnsmanager_006_001_
 000RC012/lib/templateDNSManager/rev.43.168.192.in-addr.arpa.template

 ;

 ; LBL(tm) LoadBalancer

 ;

 ; This is a commercial software

 ; You shall not disclose such Confidential Information and shall use

 ; it only in accordance with the terms of the license agreement

 ;

 ; www.tcoproject.com

 ; www.lblloadbalancer.com

 ; mailto:info@tcoproject.com

 ;

 ; LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 ;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 ; Template file LBL(r)DNSManager

 $TTL 3

 @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (

 2010010803 ; serial, todays date - todays serial #

 8H ; refresh

 M ; retry

 4w ; expire

 10) ; minimum

 Ns ns.tcoproject.dev.

 136 PTR www.tcoproject.dev.

 138 PTR www.tcoproject.dev.

MS DNS - Start Oplon DNSManager

The start of Oplon DNS & Proxy Manager will be similar to the start of other processes through the automatic start of Oplon Monitor or through its WebConsole.

When the service starts, go to check the log file for the regeneration of the DNS zones and the actual reload by the rndc command.

image17

Fragment of the log file with the logging of the DNS regeneration event and dynamic upload with the new situation:

  WARNING-1.6.0_11 UserService.dnsmanager
 WIN-UF4APZRA30L-1269171351759-20100321-12:35:51**Namespaces zone
 files Regeneration...**

  WARNING-1.6.0_11 UserService.dnsmanager
 WIN-UF4APZRA30L-1269171351779-20100321-12:35:51 New Namespace:
 C:-work1-bin-TCOProject-LBLLoadBa
 lancer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat
 from template:
 C:-work1-bin-TCOProject-LBLLoadBalancer
 _monitor_007_000_000RC002/lib/templateDNSManager/www.dev.db.template

 @ECHO OFF

 REM LBL(tm) LoadBalancer

 Rem

 REM This is a commercial software

 REM You shall not disclose such Confidential Information and shall
 use

 REM it only in accordance with the terms of the license agreement

 Rem

 REM www.tcoproject.com

 REM www.lblloadbalancer.com

 REM mailto:info@tcoproject.com

 Rem

 REM LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 REM OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 REM Template file LBL(r)DNSManager

 dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A 192.168.43.136

 dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A 192.168.43.138

 exit 0

 New ReverseNamespace:
 C:-work1-bin-TCOProject-LBLLoadBa
 lancer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat
 from template:
 C:-work1-bin-TCOProject-LBLLoadBal
 ancer_monitor_007_000_000RC002/lib/templateDNSManager/empty.template

 @ECHO OFF

 REM LBL(tm) LoadBalancer

 Rem

 REM This is a commercial software

 REM You shall not disclose such Confidential Information and shall
 use

 REM it only in accordance with the terms of the license agreement

 Rem

 REM www.tcoproject.com

 REM www.lblloadbalancer.com

 REM mailto:info@tcoproject.com

 Rem

 REM LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 REM OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 exit 0


  WARNING-1.6.0_11 UserService.dnsmanager
 WIN-UF4APZRA30L-1269171351779-20100321-12:35:51 Namespaces zone
 files Regenerated!"

  WARNING-1.6.0_11 UserService.dnsmanager
 WIN-UF4APZRA30L-1269171351789-20100321-12:35:51 DNS namespaces zone
 files realoading...

  WARNING-1.6.0_11 UserService.dnsmanager
 WIN-UF4APZRA30L-1269171354366-20100321-12:35:54**DNS namespaces zone
 files realoaded!**

In red, both the beginning of the regeneration operation and the reloading of DNS with the new situation are highlighted. The process from here on will be fully automatic. The log file will also show the new images generated so that you can immediately verify that the parameterization is correct.

BIND - Verify actual modification of zone files

To verify that the zone files that are available to DNS are actually modified, navigate to the DNS directory that contains the zones. In our example, check the contents of the files that should have been changed to:

C:-TCOProject-bin-BIND-etc-zones-local-tcoproject.dev.db

 ; OPLON and TCOProject are trademarks of F.Pieretti

 ;

 ; THIS IS AN AUTOMATIC GENERATED FILE FROM LBL(r)DNSManager

 ; DO NOT MODIFY MANUALLY

 ; LBL(r)Rel.-6.1

 ; LastUpdate-20100108134223

 ;
 TemplateFile-C:-TCOProject-bin-LBLLoadBalancer_dnsmanage
 r_006_001_000RC012/lib/templateDNSManager/tcoproject.dev.db.template

 ;

 ; LBL(tm) LoadBalancer

 ;

 ; This is a commercial software

 ; You shall not disclose such Confidential Information and shall use

 ; it only in accordance with the terms of the license agreement

 ;

 ; www.tcoproject.com

 ; www.lblloadbalancer.com

 ; mailto:info@tcoproject.com

 ;

 ; LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 ;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 ; Template file LBL(r)DNSManager

 $TTL 3

 @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (

 2010010803 ; serial, todays date - todays serial #

 8H ; refresh

 M ; retry

 4w ; expire

 10) ; minimum

 Ns Ns ; Inet Address of name server

 www IN A 192.168.43.136

 www IN A 192.168.43.138

C:-TCOProject-bin-BIND-etc-zones-local-rev.43.168.192.in-addr.arpa

 ; OPLON and TCOProject are trademarks of F.Pieretti

 ;

 ; THIS IS AN AUTOMATIC GENERATED FILE FROM LBL(r)DNSManager

 ; DO NOT MODIFY MANUALLY

 ; LBL(r)Rel.-6.1

 ; LastUpdate-20100108134223

 ;
 TemplateFile-C:-TCOProject-bin-LBLLoadBalancer_dnsmanager_006_001_
 000RC012/lib/templateDNSManager/rev.43.168.192.in-addr.arpa.template

 ;

 ; LBL(tm) LoadBalancer

 ;

 ; This is a commercial software

 ; You shall not disclose such Confidential Information and shall use

 ; it only in accordance with the terms of the license agreement

 ;

 ; www.tcoproject.com

 ; www.lblloadbalancer.com

 ; mailto:info@tcoproject.com

 ;

 ; LBL(tm) LoadBalancer is built on TCOProject(tm) SoftwareLibrary

 ;OPLON and TCOProject are trademarks of F.Pieretti. All rights
 reserved.

 ; Template file LBL(r)DNSManager

 $TTL 3

 @ In Soa ns.tcoproject.dev. hostmaster.tcoproject.dev. (

 2010010803 ; serial, todays date - todays serial #

 8H ; refresh

 M ; retry

 4w ; expire

 10) ; minimum

 Ns ns.tcoproject.dev.

 136 PTR www.tcoproject.dev.

 138 PTR www.tcoproject.dev.

Configuration (LBL_HOME)/lib/confMonitor/A05_LBLGoDNSManager.xml

This file is already fully configured, the only caveat is to change the start parameter from manual, new In automatic to make sure that when you start Oplon Monitor automatically starts. If the process was already started these will be stopped and then restarted.

File fragment (LBL_HOME)/lib/confMonitor/A05_LBLGoDNSManager.xml

 ...

 </copyright>

 <A05_LBLGoDNSManager>

 <!--

 start: automatic (default), manual

 -->

 <a0></a0>"true"

 description-"LBL(r)LoadBalancer DNSManager"

 Start="automatic"

 numberTryStartOnFailure"-1"

 waitBeforeKill"115000"

 sysCommand"tr...

 ...

BIND - Manually Changing the Serial Number

Serial number is an important element because it allows any secondary DNS to check the alignment of changes. Oplon DNS & Proxy Manager automatically handles its increment. The increment can be a date-relative progressive expressed in YYYYMMDDss (where ss is a number between 01 and 99) or a progressive between .1 and .2-32. By recommendation (RFC) both of these behaviors are valid although the most widespread is definitely YYYYMMDDss. In Oplon DNS & Proxy Manager this behavior is affected by the parameter templateSerialWithDate property in the dnsmanager.xml file in the paragraph <params>. By default, this parameter is set to templateSerialWithDate property="True".

In some circumstances, you may need to set up a certain Serial Number. To do this, simply do the following.

For each template, the Serial Number is kept on a file in the same template directory and is named after the template to which an extension is added "_Serial". In our example, the resulting files will then be:

  • (LBL_HOME)/lib/templateDNSManager/tcoproject.dev.db.template_Serial

  • (LBL_HOME)/lib/templateDNSManager/rev.43.168.192.in-addr.arpa.template_Serial

These files contain the last progressive and then in our case both will contain the value: 2010010803 Where 03 it's the progressive.

To change the progressive, simply change this value with an editor.

From 2010010803

a 2010010809

Oplon DNS & Proxy Manager periodically checking the status of the files will notice the change and will reload the new file zones in DNS with the new Serial Number 2010010810.

Different scenarios - Business Continuity, Disaster Recovery

Oplon DNS & Proxy Manager can be used effectively for tasks that include business continuity and disaster recovery processes. It is possible to condition the attribution of a namespace depending on the existence of other services. In other words, if the primary service is active, the zone file with the address of the child will not be populated. This feature allows you to quickly build a BC or DR infrastructure, leaving you Oplon DNS & Proxy Manager the task of attributing the operation of a site and then having the staff engaged in the switch focus on the activities related to application activation. Once the operation is restored at one of the two sites Oplon DNS & Proxy Manager will perform the name attribution address and address name automatically.

To set the conditions is very simple and simply indicate on the paragraph <namespace> conditions up an address. Below is a fragment of the dnsmanager.xml file that affects the up of the address 192.168.43.136 if there are activities present at the addresses 192.168.43.138 And 192.168.43.144. If even one of the parameterized addresses on condition are active the address 192.168.43.136 will not be populated in the DNS zone.

 ...

 <a0 zones Enable="True"

 namespaceFile
 property="C:/work1/bin/named/etc/zones/local/tcoproject.dev.db"

 namespaceTemplateFile property="tcoproject.dev.db.template"

 namespaceReverseFile
 propert
 y="C:/work1/bin/named/etc/zones/local/rev.43.168.192.in-addr.arpa"

 namespaceReverseTemplateFile
 property="rev.43.168.192.in-addr.arpa.template">

 <a0 namespace Enable="True"

 address="192.168.43.136"port"80" uriPath
 property""/HealthCheck" Ssl="False"

 Namespace="www IN A 192.168.43.136"

 namespaceReverse property="136 PTR www.tcoproject.dev.">

 <a0 condition Enable="True" address="192.168.43.138"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 <a0 condition Enable="True" address="192.168.43.144"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 </namespace>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="80" uriPath
 property="/HealthCheck property" Ssl="False"

 Namespace="www IN A 192.168.43.138"

 namespaceReverse property="138 PTR www.tcoproject.dev.">

 <a0 condition Enable="True" address="192.168.43.136"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 <a0 condition Enable="True" address="192.168.43.144"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 </namespace>

 ...

BIND - Negative cache prevention

Oplon DNS & Proxy Manager To avoid Negative-cache on clients, we've studied to never set an empty attribution name address or address address. If none of the sites/nodes are active Oplon DNS & Proxy Manager automatically assigns the first namespace relative to the paragraph <zone> where it belongs.

For example, if all services were out of business, however, the zone file would be populated with the first namespace: www IN A 192.168.43.136 and the first namespace-reverse: 136 PTR www.tcoproject.dev.

 ...

 <a0 zones Enable="True"

 namespaceFile
 property="C:/work1/bin/named/etc/zones/local/tcoproject.dev.db"

 namespaceTemplateFile property="tcoproject.dev.db.template"

 namespaceReverseFile
 propert
 y="C:/work1/bin/named/etc/zones/local/rev.43.168.192.in-addr.arpa"

 namespaceReverseTemplateFile
 property="rev.43.168.192.in-addr.arpa.template">

 <a0 namespace Enable="True"

 address="192.168.43.136" Port="80" uriPath
 property="/HealthCheck property" Ssl="False"

 Namespace="www IN A 192.168.43.136"

 namespaceReverse property="136 PTR www.tcoproject.dev.">

 <a0 condition Enable="True" address="192.168.43.138"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 <a0 condition Enable="True" address="192.168.43.144"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 </namespace>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="80" uriPath
 property="/HealthCheck property" Ssl="False"

 Namespace="www IN A 192.168.43.138"

 namespaceReverse property="138 PTR www.tcoproject.dev.">

 <a0 condition Enable="True" address="192.168.43.136"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 <a0 condition Enable="True" address="192.168.43.144"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 </namespace>

 ...

It is also possible to provide an additional address if both sites are not available. In this case, a courtesy page can be set up for users. This address is not subject to additional HealthCheck and therefore will be proposed as valid even if it does not exist avoiding negative-cache. To set these values is sufficient in the paragraph <zone> enhance the parameters namespaceNegativeCachePrevention property And namespaceReverseNegativeCachePrevention as in the following fragment of dnsmanager.xml:

 ...

 <a0 zones Enable="True"

 namespaceFile
 property="C:/work1/bin/named/etc/zones/local/tcoproject.dev.db"

 namespaceTemplateFile property="tcoproject.dev.db.template"

 namespaceReverseFile
 propert
 y="C:/work1/bin/named/etc/zones/local/rev.43.168.192.in-addr.arpa"

 namespaceReverseTemplateFile
 property="rev.43.168.192.in-addr.arpa.template"
 **namespaceNegativeCachePrevention property="www IN A
 192.168.43.144"**

 **namespaceReverseNegativeCachePrevention="144 PTR
 www.tcoproject.dev.">**

 <a0 namespace Enable="True"

 address="192.168.43.136" Port="80" uriPath
 property="/HealthCheck property" Ssl="False"

 Namespace="www IN A 192.168.43.136"

 namespaceReverse property="136 PTR www.tcoproject.dev.">

 <a0 condition Enable="True" address="192.168.43.138"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 <a0 condition Enable="True" address="192.168.43.144"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 </namespace>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="80" uriPath
 property="/HealthCheck property" Ssl="False"

 Namespace="www IN A 192.168.43.138"

 namespaceReverse property="138 PTR www.tcoproject.dev.">

 <a0 condition Enable="True" address="192.168.43.136"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 <a0 condition Enable="True" address="192.168.43.144"
 Port="80" uriPath property="/HealthCheck property"
 Ssl="False"/>

 </namespace>

 ...

In this case, the lack of activity on sites addressed with 192.168.43.136 and 192.168.43.138 the DNS at the request of the name www.tcoproject.dev will respond with the address 192.168.43.144. Even after a subsequent restart of one of the two sites until the HealtCheck at 192.168.43.144 is active, the DNS zones will not be loaded with addresses 192.168.43.136 or 138.

It is good to remember that clients are strongly affected by their cache and that once a site is restored it is recommended to completely remove the availability of the address entered in namespaceNegativeCachePrevention property And namespaceReverseNegativeCachePrevention. This result can be easily achieved through the features of Oplon ADC or through the service Oplon IP Network Card Redundancy present in each distribution Oplon . In other configurations where there is no Oplon ADC or service Oplon IP Network Card Redundancy integration to existing procedures is recommended.

MS DNS: Negative cache prevention

Oplon DNS & Proxy Manager To avoid Negative-cache on clients, we've studied to never set an empty attribution name address or address address. If none of the sites/nodes are active Oplon DNS & Proxy Manager automatically assigns the first namespace relative to the paragraph <zone> where it belongs.

For example, if all services were out of business, however, the zone file would be populated with the first namespace: dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A 192.168.43.136.

 ...

 templateSerialWithDate property="True"

 reloadCommand
 property="C:-work1-bin-TCOProject-LBLLoadBala
 ncer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

 sysCommandRemoteURL property="https://localhost:5992/SysCommand">

 </params>

 <a0 zones Enable="True"

 namespaceFile
 property="C:-work1-bin-TCOProject-LBLLoadBala
 ncer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

 namespaceTemplateFile property="www.dev.db.template"

 namespaceReverseFile
 property="C:-work1-bin-TCOProject-LBLLo
 adBalancer_monitor_007_000_000RC002-lib-scriptDNSManager-empty.bat"

 namespaceReverseTemplateFile property="empty.template property">

 <a0 namespace Enable="True"

 address="192.168.43.136" Port="8080" uriPath property="/"
 Ssl="False"

 Namespace="dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A
 192.168.43.136"

 namespaceInactive="dnscmd /recorddelete tcoproject.dev www A
 192.168.43.136 /F"/>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="8181" uriPath property="/"
 Ssl="False"

 Namespace="dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A
 192.168.43.138"

 namespaceInactive="dnscmd /recorddelete tcoproject.dev www A
 192.168.43.138 /F"/>

 </zone>

 <sysobserver>

 ...

It is also possible to provide an additional address if both sites are not available. In this case, a courtesy page can be set up for users. This address is not subject to additional HealthCheck and therefore will be proposed as valid even if it does not exist avoiding negative-cache. To set these values is sufficient in the paragraph <zone> enhance the parameters namespaceNegativeCachePrevention property And namespaceReverseNegativeCachePrevention as in the following fragment of dnsmanager.xml:

 ...

 templateSerialWithDate property="True"

 reloadCommand
 property="C:-work1-bin-TCOProject-LBLLoadBala
 ncer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

 sysCommandRemoteURL property="https://localhost:5992/SysCommand">

 </params>

 <a0 zones Enable="True"

 namespaceFile
 property="C:-work1-bin-TCOProject-LBLLoadBala
 ncer_monitor_007_000_000RC002-lib-scriptDNSManager-reloadMSDns.bat"

 namespaceTemplateFile property="www.dev.db.template"

 namespaceReverseFile
 property="C:-work1-bin-TCOProject-LBLLo
 adBalancer_monitor_007_000_000RC002-lib-scriptDNSManager-empty.bat"

 namespaceReverseTemplateFile property="empty.template property"

 **namespaceNegativeCachePrevention property="dnscmd /recordadd
 tcoproject.dev www /CreatePTR 10 A 192.168.43.144">**

 <a0 namespace Enable="True"

 address="192.168.43.136" Port="8080" uriPath property="/"
 Ssl="False"

 Namespace="dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A
 192.168.43.136"

 namespaceInactive="dnscmd /recorddelete tcoproject.dev www A
 192.168.43.136 /F"/>

 <a0 namespace Enable="True"

 address="192.168.43.138" Port="8181" uriPath property="/"
 Ssl="False"

 Namespace="dnscmd /recordadd tcoproject.dev www /CreatePTR 10 A
 192.168.43.138"

 namespaceInactive="dnscmd /recorddelete tcoproject.dev www A
 192.168.43.138 /F"/>

 </zone>

 <sysobserver>

 ...

In this case, the lack of activity on sites addressed with 192.168.43.136 and 192.168.43.138 the DNS at the request of the name www.tcoproject.dev will respond with the address 192.168.43.144. Even after a subsequent restart of one of the two sites until the HealtCheck at 192.168.43.144 is active, the DNS zones will not be loaded with addresses 192.168.43.136 or 138.

It is good to remember that clients are strongly affected by their cache and that once a site is restored it is recommended to completely remove the availability of the address entered in namespaceNegativeCachePrevention property And namespaceReverseNegativeCachePrevention. This result can be easily achieved through the features of Oplon ADC or through the service Oplon IP Network Card Redundancy present in each distribution Oplon. In other configurations where there is no Oplon ADC or service Oplon IP Network Card Redundancy integration to existing procedures is recommended.

Check release and updates

At the start of the processes Oplon verify the release on the site www.oplon.net. The data sent to the site does not contain sensitive data but only reports:

rel-99.99.99; license:127123163; IP-99999999; RL-9

rel: It's the release and version of the product

license: is the distinctive part of the license in use

IP: Is a control digest

RL: it's the Run Level Oplon

The release control can be deactivated through the "-ncu" parameter to the process startup as highlighted below in the launch profile. If it is deactivated or that message cannot be sent to Oplon will not be able to provide proactive indications of security-related patches or urgent reports.

Es.:

<a0></a0>"true"

description-"LBL(r)LoadBalancer Standard Edition"
start-"automatic"
numberTryStartOnFailure"-1"
waitBeforeKill"80000"
waitBeforeKillOnFailure"10000"
managementPort, New1000="5900"
confDir-"lib/conf"
runLevel"2">
<a0>start osName</a0>
<env>CLASSPATH-lib;lib-LBLLoadBalancer.jar</env>
<workingDir></workingDir>
<exec>java -Xrs -server -XX:-UseGCOverheadLimit -Xss256k
-XX:-AggressiveHeap
%LBL_EXEC_DEFINES%
-DLBL_INTERACTIVE_CMD-true
loadbalancer.starter.LBLServerStarterApp -ncu </exec>
<logDirFiles>lib-logs</logDirFiles>

</start>

To turn off release verification also at the OPLON Monitor start, set
the -ncu (NoCheckUpdate) parameter, also to the initial start (bacth or
service).

Es. go.bat:

...

PATH-"%LBL_JAVA_HOME%-bin";%PATH%

cd /d "%LBL_HOME%"

set WHAT-loadbalancer.starter.LBLServerStarterApp

set CLASSPATH-lib;lib-LBLLoadBalancer.jar;lib-extLib-mail.jar

java -server -XX:-UseGCOverheadLimit -Xms256m -Xmx256m -DLBL_RUNLEVEL-0
-DLBL_MONITOR-true -DLBL_INTERACTIVE_CMD-true %WHAT% -nc