An HSM-enabled DNS server must first be disabled in Address Manager before it can be replaced. Use the Replace function to replace an HSM-enabled DNS Server with a new server of the same type.
When a server is replaced in Address Manager, the new unit receives the Address Manager name and host name for the old server, along with the full deployment of services from Address Manager. BlueCat recommends using the same IPv4 address that was used on the old server on the new replacement DNS Server. This will allow the new DNS Server to easily re-join the HSM Security World.
If replacing an HSM-enabled DNS Server for use in an xHA pair, replace the server, making sure to enable HSM support from the Replace Server page, then create xHA. For more information, refer to OPTIONAL: Replacing HSM-enabled DNS/DHCP Servers in an xHA pair.
BlueCat advises customers not to attempt to take more than one DNS/DHCP Server under Address Manager control at the same time while enabling HSM. For example, from multiple browser tabs or windows, or from multiple admin users working in parallel (not necessarily from the same workstation). Doing so can result in misconfiguration of the DNS/DHCP Server.
To replace an HSM-enabled DNS Server:
- From the configuration drop-down menu, select a configuration.
- Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Under Servers, click a server name. The Details tab for the server opens.
- Click the server name menu and select Replace.
Under Server, confirm the Management Interface IP
address, hostname, and password.
Note: The new server must have the same Management Interface IP address, hostname, password, and management style (that is, Dedicated Management enabled or disabled) as the server it replaces.
- Name—enter the name for the server. This name is used only in the Address Manager user interface and is not associated with deployed DNS data.
Interface—enter the IPv4 address configured on the
eth0 interface in the BDDS Administration
Console. If Dedicated Management is enabled, enter the IPv4
address configured on the eth2 interface.Note: IPv6 addresses cannot be used to connect to an DNS/DHCP Server appliance.Note: If editing a server, the Management Interface field is only available after you have first disabled the managed DNS/DHCP Server. If you want to change the IPv4 address of the Management interface (eth2), you must first re-configure the IPv4 address of the Management interface using the DNS/DHCP Server Administration Console, disable the server in Address Manager, then edit the server with the new IPv4 address.
- Hostname—The host name used for the server on the network. For example, myhost.example.com
- Upgrade to latest
version—by default, this option is deselected. This
provides a safe environment to add a DNS/DHCP Server in Address Manager without applying an unintentional software
update. Select the check box only if you want to apply the
latest version of DNS/DHCP Server software once the
appliance is under Address Manager control.Note: BlueCat recommends upgrading the DNS/DHCP Server software only after first adding the server to Address Manager. Add the server without selecting the Upgrade to latest version check box. After the server has been added to Address Manager, upgrade the server software. For details, refer to Upgrading DNS/DHCP Server software.
service on remote DNS/DHCP Server—by default, this option is deselected. This
allows you to replace the DNS/DHCP Server while
maintaining existing configurations for DNS, DHCP, and TFTP
services. Select the check box only if you have modified
the IPv4 or IPv6 addresses of the Services interface or
want to reset configurations for DNS, DHCP, and TFTP services on
the DNS/DHCP Server.Note: Resetting DNS/DHCP Server services will result in a service outage. This service outage will last until you have deployed services to the replacement system.
Only reset DNS/DHCP Server services if you are replacing the DNS/DHCP Server with a new appliance of a different type and/or reconfiguring the IPv4 or IPv6 addresses of the Services interface on the appliance. BlueCat recommends that you schedule a maintenance window before performing a reset of DNS/DHCP Server services.
- Password—enter the server password. You must enter a password in order to click the Detect Server Settings button. For more information on the default server password, refer to BlueCat default login credentials (you must be authenticated to view this topic).
- Click Detect Server Settings. Address Manager will check the DNS/DHCP Server software version, interface count, state of Dedicated Management, IP address, and redundancy scenario (4-port appliances only).
OPTIONAL: complete the following (available fields depend on the
number of interfaces of your DNS/DHCP Server):
- Services Interface—set an IPv4 address and
netmask that will be used only for services traffic such as DNS,
DHCP, DHCPv6 and TFTP (3 and 4-port appliances only). If
Dedicated Management has been previously enabled, you will see the
IPv4 address you configured on eth2 in the DNS/DHCP Server
- IPv6 Address and Subnet—configure an
IPv6 address and subnet to the Services interface (eth2). If
you assigned an IPv6 address from the DNS/DHCP Server Administration Console during initial setup of the DNS/DHCP Server, the fields will be automatically
populated. For example:
- IPv6 address: 2001:db8::AC10:FE02
- Subnet: 64Note: The configured IPv6 address is automatically set as the Primary IPv6 address. You must set the Primary IPv6 address BEFORE placing the server under Address Manager control.Note: You cannot set the IPv6 gateway from the Address Manager user interface. You must configure an IPv6 gateway from the DNS/DHCP Server Administration Console to ensure correct operation of IPv6 functionality.
- IPv6 Address and Subnet—configure an IPv6 address and subnet to the Services interface (eth2). If you assigned an IPv6 address from the DNS/DHCP Server Administration Console during initial setup of the DNS/DHCP Server, the fields will be automatically populated. For example:
- XHA Backbone—select the check box if you want to configure the xHA interface and specify the IPv4 address and netmask to be used.
- Enable Redundancy—select the check box to
enable networking redundancy (4-port appliances only) or
deselect to disable network redundancy. From the
Scenario drop-down menu, select either
Active/Backup or Active/Active
(802.3ad).Note: You cannot enable network redundancy from the Add Server page if any VLAN interfaces are present on the Services interface (eth0). If necessary, remove any configured VLAN interfaces using the DNS/DHCP Server Administration Console, then add the server to Address Manager and enable network redundancy. Once the server is under Address Manager control you can configure VLAN interfaces from the Address Manager user interface ( ).
If you require VLAN Tagging with port bonding, you must first enable bonding then immediately configure VLAN interfaces.
- Services Interface—set an IPv4 address and netmask that will be used only for services traffic such as DNS, DHCP, DHCPv6 and TFTP (3 and 4-port appliances only). If Dedicated Management has been previously enabled, you will see the IPv4 address you configured on eth2 in the DNS/DHCP Server Administration Console.
OPTIONAL: Under Monitoring Settings, select
the following (only available if the DNS/DHCP Server Monitoring
Service is enabled):
- Using default monitoring setting [Enabled]—selected by default. Leave selected to use the DNS/DHCP Server monitoring settings configured for the configuration.
- Override global monitoring setting—select to
set custom monitoring settings for the server, then select
Monitor this Server and configure the
following SNMP Parameter settings:
- Version—select the SNMP version for the monitored servers.
- Port Number—indicates the SNMP port Address Manager uses to communicate with the monitored servers. The default port is 161. You cannot change the port.
- Community String—type the SNMP Community String used for authentication and click Add. The Community String appears in the list. You can add up to 100 Community Strings to the list. Strings are used in the order presented in the list. To remove a string, select it from the list and click Remove. To change the order of items in the list, select an item in the list and click Move up or Move down.
Support, complete the following:
- Select the check box, Enable HSM Support. The Add Server page refreshes to show your HSM configuration and a drop-down menu of HSM servers.
- From the HSM Servers drop-down menu, select an HSM server and click Add. Repeat this step to add multiple HSM servers.
- To re-order the hierarchy of the HSM servers in the list, select an HSM server and click Move Up or Move Down. The HSM server at the top of the order will be the Primary; HSM servers below the Primary will be the Secondary, Tertiary. Click Remove to delete an HSM server from the list.
- Under Change Control, add comments, if required.
- Click Replace.
- Deploy the configuration to the replaced server to ensure proper operation of services.
- Log in to Address Manager via SSH as root.
- Run the following command:
Address Manager should return ‘connection status OK’ for each HSM server. Ensure that the number of connection status messages matches the number of HSM servers you configured in the Address Manager user interface.
If Address Manager cannot connect to an HSM server(s), or if the confirmed connections are less that the number of HSM servers added to the Address Manager user interface, refer to Troubleshooting.