MIGRATING FROM SOLARIS™ 9 ENTERPRISE ON SUN FIRE™ V440 WITH BIND 8.3.3 TO SOLARIS™ 10 ENTERPRISE ON DELL™ POWEREDGE™ R900 WITH BIND 9.3.
Table of contents Table of contents .......................................................... 2 Introduction ................................................................. 3 Scope of this Guide ...................................................... 3 New features of Solaris 10 ............................................ 5 New features of BIND 9 ................................................ 5 Pre-migration considerations .......................................... 7 General considerations ..........
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Introduction Dell PowerEdge R900 The Dell™ PowerEdge™ R900 is an excellent server for upgrading critical Domain Name Service (DNS) servers from BIND 8 running on Solaris™ 9 to BIND 9 running on Solaris 10.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 virtualization in Solaris. Containers combine Zones with Solaris 10’s resource management capabilities. "A DNS server … is a core service that needs to be isolated in case it is compromised and to prevent something else from bringing it down.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 New features of Solaris 10 Solaris 10 introduces a wide variety of new features. While there are far too many to discuss in this Guide, the following list mentions some of the more significant ones: • • • • • • DTrace. DTrace provides a comprehensive view of application and operating system activity.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 address some significant issues in the underlying architecture of BIND. We discuss some of the differences between BIND 8 and BIND 9 below. Some of the important features of BIND 9 include the following: • DNS security.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Pre-migration considerations This section reviews some of the topics you should consider prior to migrating your DNS servers. We consider some general concerns and then focus on some of the differences between BIND 8 and BIND 9.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 organization may have particular security concerns or contractual obligations that will prevent such a consolidation. Differences between BIND 8 and BIND 9 We list below of some of the more significant differences between BIND 8 and BIND 9. You can find a fuller discussion in the file /usr/share/doc/bind/migration.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 o o Line breaks not within parentheses will cause a syntax error. BIND 9 now deprecates $$ in favor of \$. Interoperability impact of new protocol features • EDNS0. Support for EDNS0 is new in BIND 9. BIND 9 assumes that servers not supporting EDNS0 will return an error. However, some servers ignore EDNS0 requests.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Installing and setting up Solaris 10 In this section, we focus on installing and setting up Solaris 10 on the Dell PowerEdge R900 server. We begin by defining our environment. Next, we present an overview of the steps we took to configure the drives and to install and configure Solaris 10.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Figure 1. The setup we used in our hands-on testing and research for this Guide. Figures 2 and 3 present the hardware and software we used in our BIND 8 and BIND 9 DNS servers. Server Processor Memory Disk Sun Fire V440 (legacy DNS server) 4x UltraSparc™ IIIi 1.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Server Sun Fire V440 (legacy DNS server) Dell PowerEdge R900 (new DNS server) Server operating system Sun Solaris 9 9/05 Operating System for SPARC-based systems (64-bit) Sun Solaris 10 5/08 Operating System for x86-based systems (64-bit) Version of BIND BIND 8.3.3 BIND 9.3.5-P1 Figure 3.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Figure 4. The drive configuration we used in our hands-on testing and research for this Guide. The first RAID array held the OS. The second array held the container for DNS. The third and fourth arrays were available for consolidating other servers. For detailed steps on configuring the RAID groups, see Appendix A.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Figure 5. Confirming time and date. 3. Set the root password, and then verify and confirm all your information. Accept the license agreement, and choose to perform an initial, custom install. Select the character set and products you want to install. Complete all install options, and review your choices (see Figure 6).
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Figure 6. Ready to install. 4. When the system reboots, remember to eject the disk. Otherwise, Solaris will try to install itself again. (40 minutes) 5. After the systems finishes booting, log on as root, and select your desktop. Creating the Solaris Container This section provides an overview of the Solaris Container creation process.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 pooladm | more. You will see the resource pool listed in the output (see Figure 7). system default string int boolean string system.comment system.version 1 system.bind-default true system.poold.objectives wt-load pool dns-pool int boolean boolean int string pset pool.sys_id 1 pool.active true pool.default false pool.importance 1 pool.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 cpu int string string cpu.sys_id 9 cpu.comment cpu.status on-line int string string cpu.sys_id 15 cpu.comment cpu.status on-line ……… cpu Figure 7. Truncated sample output from the pooladm command, with 20 of the CPUs removed. 2. Create the Solaris container using the zonecfg utility. 3. Use the zonecfg utility to configure the container. 4.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Migrating DNS services This section summarizes the steps required to migrate DNS services running on a legacy Sun Fire V440 to a new Dell PowerEdge R900 server running Solaris Containers. As we noted previously, there are multiple ways of accomplishing the same goal. For clarity, we chose to manually copy and edit the configuration files.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 • • latest data. You will find the latest version at ftp://ftp.rs.internic.net/domain/named.root. Zone files. Every domain will have at least two zone files: one for forward lookups, which convert hostnames to IP addresses, and one for reverse lookups, which convert IP addresses to hostnames. These files typically follow the naming convention of db.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Filename Typical path Migration action named.conf /etc The name of this file is always named.conf. As we noted previously, you will need to check for BIND 8 to BIND 9 issues. If you are not replacing the old server, you may need to modify named.conf with a new serial number and new server information. db.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Filename Typical path Migration action db.127.0.0 /var/named The name of this file is typically db.127.0.0, although your naming conventions may differ. If you are not replacing the old server, you may need to modify db.127.0.0 with a new serial number and new server information. resolv.conf /etc The name of this file is always resolv.conf.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 server altogether. To avoid having to reconfigure clients, we made the IP address the same as our legacy server. 4. Verify your new configuration using the named-checkconf utility, and then start BIND using the Service Management Framework (SMF) svcadm utility. 5.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Post-migration considerations Managing your DNS services Service Management Facility utilities The Service Management Facility (SMF) is a part of the Predictive Self-Healing technology in Solaris 10. The SMF is a service management feature that allows system administrators to view, manipulate, and administer services within Solaris.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 the SMF, which tracks service interdependencies. The example below shows a simple stop and then start of the DNS service. svcadm disable network/dns/server svcadm enable network/dns/server • svccfg. You use the svccfg tool to manipulate properties of services in the service configuration repository.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Summing up Solaris 10 and BIND 9 introduce many new features and enhancements. As this Guide has explained, the process of deploying these products on a Dell PowerEdge R900 Server and migrating your Solaris 9/BIND 8 DNS servers to the new environment is relatively straightforward; you can perform a basic installation and migration in a few hours.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Appendix A. Methodology: Creating the RAID disk groups For our installation, we decided to use two RAID 1 groups, which we allocated as follows: • • operating system files the Solaris Zone containing our DNS server We configured the remaining disks as two additional RAID 1 groups, which were available for other consolidation.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 11. Highlight Controller 0, press F2, and select Create New VD. 12. With the RAID level field highlighted, press Enter to open the drop-down list, and select RAID 1. 13. Using the Tab key for navigation, move to the Physical Disks section, and use the space bar to select the next two remaining drives (Drives 4 and 5).
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Appendix B. Methodology: Installing Solaris 10 on the PowerEdge R900 Install Solaris 10 by following these steps. Allow at least 60 minutes to complete the installation. We used version Solaris 10 10/08 Operating System for x86-based systems (64-bit), which we downloaded from http://www.sun.com/software/solaris/get.jsp and burned to a DVD.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 8. At the Select a Language prompt, select the language that applies to you. The instructions below assume you chose 0, English. Press Enter. A Please Wait While the System Information is Loaded screen appears. (less than 1 minute) 9. After a few seconds, a Welcome message appears. Click Next.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 the DNS server will have the same host name as the existing DNS server.) Click Next. 22. On the IP Address for bnx1 screen, enter the same IP address as your current DNS server. Remember that, at this point, bnx1 is not connected to the network. Click Next. 23. On the Netmask for bnx1 screen, enter the correct netmask for your network. The default is 255.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Note: We received a notice saying “You must also manually eject the CD/DVD or select a different boot device after reboot to avoid repeating the installation process.” We clicked OK. 38. On the Specify Media Screen, accept the default of CD/DVD, and click Next. (1 minute) 39.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 during the reboot, or Solaris will start installing itself again. (7 minutes) 54. After the system reboots, log in as root. 55. Select your desktop. We accepted the default of Sun Java Desktop System Release 3. 56. On the Welcome to the Sun Java Desktop System splash screen, click Close.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 Appendix C. Methodology: Migrating your DNS server Preliminary steps NOTE: We chose to completely decommission our legacy DNS server. Therefore, to avoid client issues or other hosts that refer to the legacy DNS server by IP address, we chose to assign the same hostname and IP address to our new DNS server.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 5. To make sure the interface will be available after rebooting, you must edit its interface file. For the interface bnx1, you can edit it with the following command line: gedit /etc/hostname.bnx1 The hostname.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. In our example, we use the address 10.5.41.103. As we noted previously, we use the name bnx1. The root directory of the zone may not allow any group or world level access.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 zlogin -C Provide the following answers to the questions it asks: • For the console type, type 3 to choose VT100. • Accept the default of for bnx1. • Accept the default of no Kerebos. • Set name service to None. • Accept the default of using the NFSv4 domain name derived by the system.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 5. Create a new user called named and add it to the named group. The command below creates a user called named with a UID of 2000, belonging to the group ID 500 (the named group above), and creates and sets the default directory: useradd -u 2000 -g 500 -d /export/named -c “named user for dns server” -m named 6.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 chmod 662 /var/named/pidlocation chown named:named /var/named/pidlocation 5. Use the gedit text editor to modify named.conf with the following command: gedit /etc/named.conf 6. Add the relevant path pointing to the folder where the DNS server stores the PID file. Type the following in the options section of named.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 svcs -a | grep dns You should see output like this: online 12:42:22 svc:/network/dns/client:default online 12:47:26 svc:/network/dns/server:default 14. Login to the legacy server as root. 15. Shut down the legacy server by typing or selecting the following command: shutdown 16. Plug the Ethernet cable into the PowerEdge R900. 17.
Migrating from Solaris 9 Enterprise Edition on Sun Fire V440 with BIND 8.3.3 to Solaris 10 Enterprise Edition on Dell PowerEdge R900 with BIND 9.3.5-P1 About Principled Technologies We provide industry-leading technology assessment and fact-based marketing services. We bring to every assignment extensive experience with and expertise in all aspects of technology testing and analysis, from researching new technologies, to developing new methodologies, to testing with existing and new tools.
