-
Cisco CNS Network Registrar User's Guide, 3.5
-
About This Guide
-
Understanding IP Address Management
-
Network Registrar User Interfaces
-
Administering Network Registrar
-
Configuring DNS
-
Configuring DNS Zones
-
Configuring DHCP Servers
-
Configuring DHCP Scopes
-
Configuring Dynamic DNS Update
-
Configuring Client-Class
-
Configuring Failover
-
Configuring LDAP
-
Configuring BOOTP
-
Resource Records
-
DHCP Options
-
DHCP Options Validation
-
Using Network Registrar with Windows NT and Windows 95 Clients
-
Configuring a Loopback Zone
-
Windows 2000 Interoperability With Network Registrar
-
Glossary
-
Table of Contents
Administering Network RegistrarAdministering Clusters
Removing a Cluster
Connecting to a Cluster
Disconnecting From a Cluster
Viewing a Cluster's State
Creating a Password Without Displaying It
Changing the Administrator's Password
Listing Network Administrators
Exiting Network Registrar
Debugging the Servers
Monitoring and Reporting the Server's Status
Removing Servers from the Server Status Monitor
Displaying the Server's Health
Displaying Server Statistics
Displaying IP Address Usage
Displaying Related Servers
Displaying Leases
Administering Network Registrar
This chapter explains how to administer and control your servers' operations through Network Registrar's graphical user interface (GUI), ntwkreg, and the command line interface (CLI), nrcmd.
Table 3-1 lists the major Network Registrar server administration tasks and the sections where you can find procedural information about how to accomplish those tasks.
Table 3-1 Server Administration Tasks
For more basic information about the Network Registrar's user interfaces, see the "Network Registrar User Interfaces" chapter in this guide.
Administering Clusters
A cluster is a group of DNS or DHCP servers that share the same Network Registrar database. Adding a cluster tells Network Registrar about the existence of a cluster. To configure or administer the cluster, you must also connect to it.
Note The Network Registrar DNS and DHCP servers typically run on the same physical machine. In this case, the term cluster refers to the physical machine.
Adding a Cluster
Each cluster requires a username-password combination, which Network Registrar uses to control access to each cluster.
Using the GUI:
Step 1 From the Admin menu, select Clusters (Figure 2-2).
Step 2 In the Clusters dialog box, click Add Cluster. The Add Cluster dialog box appears (Figure 3-1).
Figure 3-1 Add Cluster Dialog Box (Admin Menu)
Step 3 In the Add Cluster dialog box, enter the cluster name.
The cluster name is either "localhost" or the host DNS name on the machine on which Network Registrar is installed.
If you want to connect the cluster at this time, select the Connect to this cluster check box.
Step 4 Click OK.
Removing a Cluster
When you remove a cluster, the user interface no longer knows about the cluster and its name does not appear in the Server Manager.
Using the GUI:
Step 1 From the Admin menu, select Clusters (Figure 2-2).
Step 2 In the Clusters dialog box, select the cluster you want to remove.
Step 3 Click Remove.
Step 4 Click Yes in the Network Registrar dialog box.
Step 5 Click Close to exit the Clusters dialog box.
Connecting to a Cluster
After you have added a cluster to Network Registrar, you must connect before you can configure or administer the cluster.
If you try to connect to a cluster that is being used by someone else, Network Registrar warns you that the cluster is locked and tells you who is holding the lock. The format of the warning message is:
username@machine-name.process-id-number
- The username is the Network Registrar login username. Note that it is casae-sensitive.
- The machine-name is the name of the machine on which Network Registrar is running
- process-id-number identifies the unique process on machine-name in which the GUI or CLI is running.
On Solaris, the machine-name may differ from the machine on which the GUI is being displayed.
On Windows 95 or Windows NT, the GUI always runs and displays on the same machine (regardless of where the GUI executable resides).
If someone else is using the cluster, then disconnect. If you want to connect to a locked cluster, then contact the person who is currently connected and request that he or she disconnect.
You can override the lock, but you should do so only if you know that no one else is editing the cluster, for example, if the other system had crashed while the cluster was connected.
Using the GUI:
Step 1 From the Admin menu, select Clusters (Figure 2-2).
Step 2 In the Clusters dialog box, select the cluster you want to connect.
Step 3 Click Connect.
Step 4 Click Close.
Using the CLI:
Use the nrcmd -C switch to connect to a cluster. For example, to connect to the mycluster cluster, type the following from a command line prompt:
Disconnecting From a Cluster
When you disconnect from a cluster it can no longer be configured or administered from that workstation. Another user can then administer the connection.
Using the GUI:
Step 1 From the Admin menu, select Clusters (Figure 2-2).
Step 2 In the Clusters dialog box, select the cluster you want to disconnect.
Step 3 Click Disconnect.
Step 4 Click Close to exit the Clusters dialog box.
Using the CLI:
Use the exit command at the nrcmd prompt to disconnect from a cluster.
Viewing a Cluster's State
To see whether a cluster is connected or not, you can view its state.
Using the GUI:
Step 1 From the Admin menu, select Clusters (Figure 2-2).
Network Registrar displays the cluster's state.
Step 2 Click Close.
Using the CLI:
The CLI is always connected to one cluster if it is successfully invoked. Use the getHealth command to return a number that indicates the condition of the server. For example, 10 represents normal operation and 1 indicates that the server has stopped.
Handling Administration
From the Admin command level (GUI) or using the CLI admin command, you can add administrators, change passwords, and configure administrators for the cluster.
Adding an Administrator
Using the GUI:
Step 1 From the Admin menu, select Add Administrator (Figure 2-2).
Step 2 Enter the administrator's username.
You can choose any string for the administrator's name.
Step 3 Enter the administrator's password.
Note Network Registrar uses the password to authenticate the names. If you create an administrator without a password, Network Registrar cannot authenticate the name and thus will deny that user access to the cluster.
Step 4 Enter the password a second time.
Step 5 Select the clusters the administrator can access.
Note You can only select clusters that have been added to the cluster list through the Add Cluster command. However, you do not have to be connected.
Step 6 Click Add.
Using the CLI:
Use the admin create command to create an administrator and associated password. For example, to create the administrator bob with the password of xyz, type:
Creating a Password Without Displaying It
Using the CLI:
If you want to enter a password and not have Network Registrar display the password on your screen, create an administrator and do not supply a password. Then use the enterPassword command to enter a password and prevent Network Registrar from echoing it on the screen. Network Registrar prompts you to verify the password before it accepts it.
Use the admin enterPassword command to associate a password with an administrator. For example, to cause nrcmd to prompt you for a password for administrator bob, type:
Changing the Administrator's Password
Using the GUI:
Step 1 From the Admin menu, select Change Administrator Password (Figure 2-2).
Step 2 Enter the administrator's username.
Step 3 Enter the administrator's current password.
Step 4 Enter the administrator's new password.
Step 5 Enter the new password a second time.
Step 6 Select the cluster the administrator can access.
Step 7 Click OK.
Using the CLI:
Use the admin set command to change an existing password. For example, to change bob's password to abc, type:
 |
Caution
It is possible to lock an administrator out of Network Registrar by logging in as that administrator and setting the password for another administrator without confirming the previous password. This procedure effectively prevents the first administrator from logging in. |
Listing Network Administrators
Use the admin list command to list all administrator in Network Regisrar.
Exiting Network Registrar
Exiting the Network Registrar user interface does not affect your network servers' or your hosts' ability to request leases or access the Internet.
Using the GUI:
Step 1 From the Admin menu, select Exit (Figure 2-2).
If you have not saved configuration changes, Network Registrar prompts you to save changes.
Using the CLI:
To exit Network Registrar's CLI, use the exit command. Network Registrar writes all your unsaved changes to the database. If Network Registrar is unable to save your changes, it displays the same error code as if you had used the save command.
Use the exit command to quit Network Registrar's command line interface when you are in interactive mode.
Controlling Servers
Network Registrar administration for controlling includes:
Starting the Servers
Using the GUI:
Step 1 From the Server Manager window (Figure 2-2), select the server you want to start.
Step 2 From the Servers menu, select Start.
You will see a red star on the server in the tree control if you make a change to the server.
Step 3 Click OK.
Using the CLI:
Use the server start command to start the specified server. For example, to start Network Registrar's DNS server, type:
Stopping the Servers
Using the GUI:
Step 1 From the Server Manager window (Figure 2-2), select the server you want to stop.
Step 2 From the Servers menu, select Stop.
Step 3 Click OK.
Using the CLI:
Use the server stop command to stop the specified server. For example, to stop Network Registrar's DHCP server, type:
Reloading the Servers
When you reload the server, Network Registrar performs several steps: it stop the server you have selected, updates the database with the new configuration information, and restarts the server. Only after you issue the reload command does the server use your changes to the configuration.
Using the GUI:
Step 1 From the Server Manager window (Figure 2-3), select the server you want to reload.
Step 2 From the Servers menu, select Reload.
Step 3 Click OK.
Using the CLI:
Use the server reload command to reload the specified server. For example, to reload Network Registrar's DHCP server, type:
Network Registrar stops the server you have selected, updates the database with the new configuration information, and restarts the server.
Using Event Logging for the Servers
When you start Network Registrar, it automatically starts logging system activity. Network Registrar maintains all the logs in the Program Files\Network Registrar\logs (Windows NT) or /var/nwreg2/logs (UNIX) directory. If you would like to view the contents of these logs while the Network Registrar servers are running, issue the command tail -f (Solaris), or view the files through the Web browser (Windows NT).
 |
Caution
o avoid filling up the Windows NT event log, change the Log Settings to Overwrite Events as Needed. If you do not make this change, you might fill up your disk with log messages and thus prevent Network Registrar from running. |
This section describes the types of logs that Network Registrar keeps and explains how to set and view the debug logging options.
Logging Format
The format for the log entries are the following categories:
- Activity—Messages about the activity of your servers.
- Info—Logs standard operations of the servers, such as starting up and shutting down.
- Warning—Logs events that warn users of events, such as invalid packets, user miscommunication, or an error in a script while processing a request.
- Error—Logs events that prevented the server from operating properly, such as out of memory or unable to acquire resources (sockets, logs, backing store or configuration databases) or errors in configuration.
Note Warnings and errors are also sent to the Windows NT event log on Windows systems or to the Syslog on Solaris systems.
Log Files
Table 3-2 shows all the Network Registrar log files.
Each component has a number of log files, each with a maximum size of 1 MB. The first log file is created without a suffix extension. When that file reaches 1 MB in size, Network Registrar renames it to xx_log_01 and begins filling up the current log. When the current log file reaches 1 MB, it renames the current to _01 and _01 to _02, etc.
The DNS server can have a maximum of three log files. By default, the DHCP server can have a maximum of four log files of one MB each.
Debugging the Servers
You can set the debug settings for the Network Registrar DNS and the DHCP servers.
You can set the debug level from 1 to 4 for the Network Registrar DNS server and from 1 to 9 for the Network Registrar DHCP servers, with the higher levels giving you more extensive logging.
Note Each of these servers has different categories for which you can request tracing information. Because setting the tracing level can have a serious impact on the performance of your system, you should contact Technical Support for more information about using debugging.
You can use Mlog to add the debug messages to the existing logs.
Note If you reload the DNS server after enabling the debug settings through the GUI, Network Registrar disables debug. You must enable the debug setting again if you want to use the debug settings.
Using the GUI:
The Debug settings button lets you collect debug information about the DNS server. You should only need to set debug settings if you have been instructed by Technical Support.
Step 1 From the Server Manager (Figure 2-3), select the server for which you want to set debug options.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Advanced tab on the Show Properties dialog box (Figure 2-7).
Figure 3-2 Debug Settings Button (DNS/DHCP Properties)
Step 4 Click Debug settings.
Step 5 From the Debug Settings dialog box, click Enable Debug.
Step 6 Type in the category as supplied by Technical Support.
Step 7 Check MLOG, which sends the output to the Network Registrar's files.
Step 8 Click OK.
Using the CLI:
You can use the server setDebug and server unsetDebug commands to set or unset the debugging level.
Use the server setdebug command to specify the debugging level. For example, to set the DNS debugging level to 5, type:
To disable debugging, use the server unsetDebug command.
Monitoring and Reporting the Server's Status
You can monitor the state of your Network Registrar servers by displaying or reporting aspects of a specified server's health. The following items can decrement the health of the servers so you should monitor their status periodically:
Note When Network Registrar cannot contact the server, you will see the warning triangle and exclamation point and the green or red color is muted. The warning can mean one of the following conditions: the network is down; the server machine has crashed; the server has been stopped from the control panel; the client has lost communication with the server (that is, the client lost its IP address).
Adding Servers to the Server Status Monitor
Perform these steps to view server status.
Using the GUI:
The Server Status Monitor window (Figure 3-2) is a window in which you can place server icons to monitor their state. The icons change to reflect the server's current state. The traffic lights indicate the state of the server: started is green and stopped is red.
The bar to the right of the traffic light shows the health of the server, that is, it indicates how well the server is running. The health is a combination of servers' resources and network balance
Step 1 From the Server Manager window (Figure 2-3), select the server you want to add.
Step 2 From the Servers menu, select Add to Status Monitor, or, from Windows 95 or Windows NT, drag the server icon to the Server Status Monitor window (Figure 3-2).
Note You can add as many servers as you want to the Server Status Monitor (Figure 3-2). They can be from any of the clusters to which you have connected.
Removing Servers from the Server Status Monitor
Perform these steps to remove servers from the Server Status Monitor.
Using the GUI:
Step 1 In the Server Status Monitor window (Figure 3-2), select the server you want to remove.
Step 2 Use the right mouse button (right-click) to select Remove.
Displaying the Server's Health
You can display the health of a server, that is, whether it is running or stopped.
Using the CLI:
Use the server getHealth command to display the specified server's health. For example, to display Network Registrar's DHCP server's health, type:
Displaying Server Statistics
Perform these steps to display server statistics.
Using the GUI:
Step 1 From the Server Manager window (Figure 2-3), select the server whose statistics you want to view.
Step 2 From the Servers menu, select Show Statistics.
Network Registrar displays the Statistics window.
Note You can sort the statistics by Name or by Value by clicking the corresponding column. To see updated statistics, click Refresh.
Using the CLI:
Use the server getStats command to display the specified server's statistics. For example, to display Network Registrar's DHCP server's statistics, type:
Using the Web GUI:
The Network Registrar Web GUI lets you login to your Network Registrar servers and run the Server status report. The Server satus report displays the status of the specified server. It indicates whether the server is running or stopped.
For information about how to run the Server status report, see "Running the Server Status Report" section.
Displaying IP Address Usage
Perform these steps to display IP address usage.
Using the CLI:
Use the report file outputfile command to display the IP address usage for specified servers. For example, to display Network Registrar's DHCP server's address usage, type:
Using the Web GUI:
You can use the Web GUI to display the server's address usage. The Web GUI lets you login to your Network Registrar servers and run a Address usage report. The Address usage report displays the IP address usage for all of the servers or just some of the servers in your network.
For information about how to run the Address usage report, see "Running the Address Usage Report" section.
Displaying Related Servers
Network Registrar displays a report that contains the following information:
- Type—Main or backup DHCP server
- Server name—The DNS name of the server
- IP address—The server's IP address in dotted octet format
- Requests—The number of outstanding requests for packets or two dashes if not applicable
- Communication status—Whether the servers can communicate or if communication has been interrupted (OK or INTERRUPTED)
- Cluster state—The failover state of this DHCP server
- Partner state—The failover state of partner server
Using the GUI:
Step 1 From the Server Manager window (Figure 2-3), select the DHCP server.
Step 2 From the Servers menu, select Show related servers.
Note This command is only available if you have configured DHCP failover.
Network Registrar refreshes this document window every 10 seconds. If you want more current information, click Refresh.
Using the CLI:
Use the server getRelatedServers command to display the connection status between the main and backup DHCP server. For example, to display Network Registrar's DHCP servers, type:
Note For more information about this command, see the nrcmd server getRelatedServers command in the Network Registrar CLI Reference Manual.
Using the Web GUI:
You can use the Web GUI to display the server's related servers. The Web GUI lets you login to your Network Registrar servers and run a Related servers report. The Related servers report displays the IP address usage for all of the servers or just some of the servers in your network.
For information about how to run the Related servers report, see "Running the Related Servers Report" section.
Displaying Leases
After you have established a scope, you can monitor lease activity and view lease attributes using either the Leases tab in the GUI or the CLI lease list command.
Using the GUI:
Step 1 From the Server Manager window (Figure 2-3), select the scope whose leases you want to view.
Step 2 From the DHCP Scope properties dialog box, click the Leases tab.
Step 3 Select the lease that you want to view.
Step 4 Click Lease Properties. The properties of the lease you selected displays.
Figure 3-3 Lease Properties Dialog Box (DHCP Scope Properties)
Using the CLI:
Use the lease list command from the DOS prompt to view the properties of a particular lease. For example:
C:\Program Files\Network Register> nrcmd -C <cluster> -N <user> -P <password> lease list > <filename.txt>
Using the Web GUI:
You can use the Web GUI to display the server's lease status. In addition, the Web GUI lets you login to your Network Registrar servers and run a Lease status report. The Lease status report displays the status of leases, whether they are available, reserved, and if reserved, the associated MAC addresss.
For information about how to run the Lease status report, see "Running the Lease Status Report" section.
Backing Up the Database
To ensure a consistent snapshot of the Network Registrar database, Network Registrar provides a shadow backup facility. Because the Network Registrar database (called MCD) does a variety of memory caching and may be active at any time, you cannot rely on doing system backups to protect the data in the database. At the time you run a system backup, there may be Network Registrar operations in progress that cause the data copied to the system backup tape to be inconsistent, and unusable as a replacement database.
You can also use Network Registrar's shadow backup facility. Once a day, at a configurable time, Network Registrar suspends all activity to the database, and takes a snapshot of the critical files. This snapshot is guaranteed to be a consistent view of the database, and it will be preserved correctly on a system backup tape. This backup is only a single generation backup. To maintain multiple backup versions, implement an archiving strategy.
|
Caution
If you are using Windows NT, make sure you backup the files only in the db.bak directory. Otherwise, you might cause your server to crash.
|
Note Network Registrar backs up the DNS data even when the shadow backup is run on a secondary server.
Configuring Servers for Backup
The only configuration for this facility is through a single entry in the system Registry.
HKEY_LOCAL_MACHINE/SOFTWARE/American Internet/NetworkRegistrar/2.0/DBShadowTime
This entry is a string that represents the time-of-day at which the shadow backup is scheduled to occur (in 24 hour HH:MM format). The default is 23:45.
If you remove this Registry entry or set it to an illegal value (for example, anything that does not begin with a digit), you will suppress the backups. The server is otherwise unaffected.
Using the Backup Command-Line Utility (mcdshadow)
In addition to being available at a scheduled time of day, you can also force a shadow backup manually by using the mcdshadow utility located in the \Program Files\Network Registrar\bin directory for Windows NT or the /opt/nwreg2/usrbin directory for UNIX. There are no command-line arguments. Type mcdshadow to cause Network Registrar to perform the shadow backup.
Because a full copy of the database is created, this may take a few minutes to complete. Files are saved in /var/nwreg2/data/db.bak.
Checking Database Integrity
Step 1 Stop all Network Registrar servers.
Step 2 Change the directory to \Program Files\Network Registrar\data\db (Windows NT) or /var/nwreg2/data/db (UNIX).
Step 3 As a safety check, type the command ..\..\bin\dbcheck mcddb (Windows NT) or /opt/nwreg2/dbcheck -a mcddb (UNIX) to verify the integrity of the database.
Recovering Data
Use the shadow backup to recover data, either because a system crash corrupted the regular working database or because the disk on which it resides is corrupted.
Step 1 Stop the AIC Server Agent within UNIX by typing the command aicservagt stop (UNIX) or within Windows NT, select Start/Settings/Control Panel/Service, highlight AIC Server Agent, and click stop.
|
Caution
If you do not stop the AIC Server Agent, you will get errors. |
Step 2 Make sure that the following three files are in \Program Files\Network Registrar\data\db.bak (Windows NT) or /var/nwreg2/data/db (UNIX).
The files are mcddb.d01, mcddb.d02, and mcddb.d03.
Step 3 Copy them into \Program Files\Network Registrar\data\db (Windows NT) or /var/nwreg2/data/db (UNIX). Do not move them because you may need them again.
Step 4 Change the directory to \Program Files\Network Registrar\data\db (Windows NT) or /var/nwreg2/data/db (UNIX).
Step 5 Type the following command to rebuild the key files by typing the command ..\..\bin\keybuild mcddb (Windows NT) or /opt/nwreg2/keybuild mcddb (UNIX).
This can take several minutes.
Step 6 As a safety check, type the command ..\..\bin\dbcheck mcddb (Windows NT) or /opt/nwreg2/dbcheck mcddb (UNIX) to verify the integrity of the database.
Note You need to have root privileges to run dbcheck.
You should have no errors. However, if you do get errors, make sure that
Mcdshadow Files Created During Backup
The mcdshadow command uses the files listed in Table 3-3.