Editing an xHA pair - BlueCat Address Manager - 9.1.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
9.1.0

You can edit the name and settings for the xHA pair. Editing an xHA pair is similar to editing a single server.

Note: You cannot delete an xHA pair. You must first break xHA then delete the standalone servers. For details, refer to Breaking an xHA pair.

To edit an xHA pair:

  1. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  2. From the configuration drop-down menu, select a configuration.
  3. Under Servers, click a server name. The Details tab for the server opens.
  4. Click the menu beside the xHA pair name and select Edit.
  5. Under XHA IP Address Settings, edit the name for the pair in the Name field.
  6. Under XHA Communication Interface, edit the following:
    • Enable XHA Backbone Communication—select or deselect this check box to enable or disable xHA data replication through the xHA/eth1 ports on the servers in the xHA pair. When selected, the IPv4 address and netmask fields for the active and passive servers appear:
      Note: If you added an xHA backbone IPv4 address when initially adding your DNS/DHCP Server to Address Manager, that value will be used to populate the fields for the active and passive servers. If desired, you can edit the IP addresses and netmasks to overwrite the initial xHA backbone settings.
      Attention: Make sure to configure the IPv4 address of the xHA interface (eth1) on a different subnet than any other interface. This is the recommended best practice for direct xHA backbone connections and connections over switches or wide area networks (WAN). This isn't mandatory if you're using a direct connection to the eth1 interface on each DNS/DHCP Server. For information and assistance on running xHA with switches, contact BlueCat Customer Care. For details on creating an xHA pair in Address Manager, refer to Managing xHA.
    • Active Server IPv4 Address (eth1)—edit the IPv4 address of the xHA interface for the active server.
    • Active Server IPv4 Netmask (eth1)—edit the IPv4 netmask of the xHA interface for the active server.
    • Passive Server IPv4 Address (eth1)—edit the IPv4 address of the xHA interface for the passive server.
    • Passive Server IPv4 Netmask (eth1)—edit the IPv4 netmask of the xHA interface for the passive server.
  7. Under Deployment Validation Options, edit the validation options for DNS and DHCP deployment zone files:
    • Override configuration level DHCP deployment validation settings—select/deselect the check box to permit/deny the server to inherit the deployment validation settings set at the configuration level. If selected, the Check DHCP configuration on deployment check box appears.
    • Check DHCP configuration on deployment—select the check box to check the syntax of the dhcpd.conf file and validate data deployed from Address Manager.
    • Override configuration level DNS deployment validation settings—select/deselect the check box to set deployment validation options that are specific to the server. If selected, the Check DNS configuration on deployment and Check DNS zones on deployment check boxes appear:
    • Check DNS configuration on deployment—select/deselect the check box to check the syntax of the named.conf file and validate data deployed from Address Manager.
    • Check DNS zones on deployment—select the check box to check the syntax of each DNS zone file and validated data deployed from Address Manager. This is equivalent to setting the -i switch for the named-checkzone tool. When selected, the DNS Zones Deployment Validation Setting section opens on the page.
    1. Under DNS Zones Deployment Validation Setting, complete the following:
      • Post-load zone integrity validation—performs syntax checks based on the mode you select for this option. Select one of the following modes:
        • Full—checks for the following conditions:
          • If MX records refer to A or AAAA records, for both in-zone and out-of-zone hostnames.
          • If SRV records refer to A or AAAA records, for both in-zone and out-of-zone hostnames.
          • If Delegation NS records refer to A or AAAA records, for both in-zone and out-of-zone hostnames
          • If glue address records in the zone match those specified by the child.
        • Local—checks for the following conditions:
          • If MX records refer to A or AAAA records, for in-zone hostnames.
          • If SRV records refer to A or AAAA records, for in-zone hostnames.
          • If Delegation NS records refer to an A or AAAA record, for in-zone hostnames.
          • If glue address records in the zone match those specified by the child.
        • Full-sibling—performs the same checks as in Full mode but does not check the glue records.
        • Local-sibling—performs the same checks as in Local mode but does not check the glue records.
        • None—disables all post-load zone integrity checks.
      • Check names—Checks names. Select Ignore, Warn, or Fail to determine how Address Manager handles conditions found by this check.
      • Check if MX records are IP addresses—checks if MX records point to an IP address rather than an A or AAAA record. This is equivalent to setting the -M switch for the named-checkzone tool. Select Ignore, Warn, or Fail to determine how Address Manager handles conditions found by this check.
      • Check if MX records point to CNAME records—checks if MX records point to a CNAME record rather than an A or AAAA record. This is equivalent to setting the -M switch for the named-checkzone tool. Select Ignore, Warn, or Fail to determine how Address Manager handles conditions found by this check.
      • Check if NS records are IP addresses—checks if NS record point to an IP address rather than an A or AAAA record. This is equivalent to setting the -n switch for the named-checkzone tool. Select Ignore, Warn, or Fail to determine how Address Manager handles conditions found by this check.
      • Check if SRV records point to CNAME records—checks is SRV record point to a CNAME record rather than A or AAAA record. This is equivalent to setting the -S switch for the named-checkzone tool. Select Ignore, Warn, or Fail to determine how Address Manager handles conditions found by this check.
      • Check for non-terminal wildcards—checks for wildcards in zone names that do not appear as the last segment of a zone name: for example, mail.*.example.com. Non-terminal wildcards are permissible, but you may want to be alerted to their presence. This is equivalent to setting the -W switch for the named-checkzone tool. Select Ignore or Warn to determine how Address Manager handles conditions found by this check.
      For the preceding options, Ignore, Warn, or Fail have the following effects:
      • Ignore—Ignores the condition, so it is not logged in the Zone Validation server log. Deployment proceeds with the zone data containing the condition.
      • Warn—Logs the condition in the Zone Validation server log. Deployment proceeds with the zone data containing the condition.
      • Fail—Logs the condition in the Zone Validation server log. Deployment fails. The existing DNS data is left in place and the new data is not deployed.
  8. Under Kerberos Service Principal, set the DNS and DHCP service principals:
    • Enable DNS Service Principal—select to specify the security credential for the DNS service to use to authenticate keys requested by the GSS-TSIG protocol. When you select this check box, Realm and Principal fields appear. Select a Kerberos realm and service principal from the Realm and Principal drop-down menus.
    • Enable DHCP Service Principal—select this check box to specify the security credential for the DHCP service to use to authenticate keys requested by the GSS-TSIG protocol. When you select this check box, Realm and Principal fields appear. Select a Kerberos realm and service principal from the Realm and Principal drop-down list.
  9. Under Additional Information, enter the new user-defined value for the active server in the xHA pair. This section only appears if you have added optional user-defined fields for the server object type.
  10. Under Change Control, add comments, if required.
  11. Click Update.