Versions Compared

Old Version 1

changes.mady.by.user Shwetha S

Saved on

compared with

New Version Current

changes.mady.by.user Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Upgrade a specific member during the scheduled Grid upgrade. For information about how to upgrade a single member during a scheduled Grid upgrade, see “Upgrading a Single Member Immediately” in Upgrading NIOS Software.

  • Revert a single member that has already been upgraded to troubleshoot issues, such as service outages, on that specific member. The upgrade of that member can then be rescheduled. For more information, see “Reverting a Single Member” in Upgrading NIOS Software.

  • Clear authentication cache and authentication records.

  • Perform AD (Active Directory) configurations. Note that the keytab file must be uploaded before the upgrade starts.

  • Add, modify, or delete a zone. Note

...

  • Any action that requires a service restart for configuration changes to take effect are not recommended and can result in upgrade issues.

  • Do not addthat the Microsoft Management zone is limited until the managing member completes the upgrade and exits the revert window.

  • Import zone.

  • Add, modify, or delete a nameserver group.

  • Do not addAdd, modify, or delete manually created nameserver records.Do not adda nameserver records.

  • Add, modify, or delete shared record group operation

  • Add, modify, or delete DNS View operation.

  • DNSSEC Sign Zone operation and replicate to the Grid Master Candidate that has not completed the upgrade. It is recommended that GMC is upgraded immediately after the Grid Master’s upgrade.

  • DNSSEC rollover KSK and ZSK operations. It is recommended that GMC is upgraded immediately after the Grid Master’s upgrade.

  • DNSSEC Unsigned zone. It is recommended that GMC is upgraded immediately after the Grid Master’s upgrade.

  • Add, modify, or delete IPv4 and IPv6 networks that are under Microsoft Management until the managing member of the Microsoft servers has completed its upgrade and exited its revert time window. 

  • Add, modify, or delete a zone.Do not assign DHCPv4/DHCPv6 Range operation.

  • Add, delete, or modify a Add Filter operation.

  • Add Match Rule operation-Need to confirm.

  • Add Option Space.

  • Add Failover Association.

  • Configure DDNS operation.

  • Complete an Order DHCP Range operation.

  • Clear the Authentication Cache operation.

  • Clear the Authentication Record operation.

  • It is recommended to wait until the affected Grid member has finished upgrading before making any changes to its properties (DNS, DHCP, and File Distribution).-Need to confirm if recommendations can be added here or not.

  • Assign or unassign an nameserver group to a zone.

  • Do not change Change the nameserver group assigned to a zone.

  • Add, delete, or modify a DHCP range, a filter, or a fixed address.

  • Import the DHCP lease history file.

  • Delete DNS views during schedule Grid upgrade.

  • You can configure the All available load balancing method for a DTC pool.

  • The record types are reset to default record types (A and AAAA records) and you modify the record types for an LBDN.

Note the below restrictions when scheduling a full upgrade:

  • NIOS 9.0.4 supports TLS version 1.3. However, Splunk does not support TLS version 1.3.

  • Do not change the host name of the Grid members that are assigned to a zone if the members have not been upgraded, have been reverted, or are in the revert time window..

  • Do not restart DNS and DHCP services or schedule a restart for these services on Grid members that have not been upgraded. For information about restarting groups, see Restarting Services.

  • Do not add, delete, or modify a DHCP range, a filter, or a fixed address.Do not modify the settings for automated mitigation of phantom domain attacks using the CLI commands on a Grid member until the member has completed the upgrade.

  • Due to new validation checks introduced in BIND 9.16, a few resource records that were invalid RDATA in BIND 9.11 are considered invalid in BIND 9.16. If you add such invalid Resource Records (RR) to a zone, the zone fails to load during an upgrade, or a Grid restore. An error message is displayed when you add invalid Resource Records (RR) or Resource Records (RR) with invalid RDATA under a zone.

...

  • Do not modify member properties for the following: DNS, DHCP, TFTP/HTTP/FTP, bloxTools, Captive Portal, Reporting, and load balancing until the member has completed the upgrade and exited its revert time window.Do not delete DNS views until the entire Grid upgrade is complete.

  • Do not delete DNS zones and IPv4 and IPv6 networks that are under Microsoft Management until the managing member of the Microsoft servers has completed its upgrade and exited its revert time window. Synchronization between load balancers and the appliance is disabled until the load balancer managing member has completed its upgrade. Do not change the managing member during the upgrade, a warning message is displayed.

  • Do not add, modify, or delete network views, rulesets, and DNS64 synthesis groups until the entire Grid upgrade is complete.Replication of Grid and member DNS and DHCP properties is not supported.

  • Do not create additional named Access Control Lists (ACLs) until after the entire Grid has been upgraded. For information about named ACLs, see Configuring Access Control.

During a scheduled full upgrade, the Grid Master skips Grid members that do not complete their NIOS upgrade within 10 minutes, the default upgrade policy time, and moves to the next Grid member within the upgrade schedule.

During a scheduled full upgrade, do not perform the following tasks on a Grid member that has not been upgraded yet:

  • Import the DHCP lease history file

  • Use the DHCP expert mode configuration featureClear the NAC authentication cache of a DHCP member

  • Set the time zone for a Grid member

  • View the capacity report of a Grid member

  • Test the email configuration settings of a Grid memberCheck whether an IPv6 address is already configured on a Grid member

When scheduling a full upgrade from a previous NIOS release to a release that includes the DHCP fingerprint detection feature, the following rules apply until the entire Grid has been upgraded:

  • DHCP fingerprint detection is disabled

  • Do not add DHCP fingerprint filters

  • Do not apply DHCP fingerprint filters to any DHCP address range

When scheduling a full upgrade from a previous NIOS release to a release that includes the multi-primary zone feature, the following rules apply until the entire Grid has been upgraded:

  • Do not configure multiple primary servers for an authoritative zone or configure a name server group that contains multiple primary servers.

  • Do not assign or unassign a Grid member to an authoritative zone or name server group.

  • Do not change the stealth state of an authoritative zone or name server group.

When scheduling a full upgrade from a previous NIOS release to a release that includes the Infoblox Threat Protection feature, do not perform the following on a Grid member until the member has completed the upgrade:

  • Start or stop the Threat Protection and DNS services.

  • Activate a ruleset.

  • Perform any threat protection related tasks such as adding custom rules and activating rulesets.

Before scheduling a full upgrade from a previous NIOS release to a release that includes the IPv6 Grid feature, the following rules apply:

  • If the Grid has an HA Master or HA member and if it is configured with IPv6 VIP address, IPv6 addresses must be configured for both node 1 and node 2.

  • Both the Grid Master and the Grid Master Candidate must have the same type of network connectivityAny Network configuration cannot be updated while schedule upgrade is in progress.

  • The current configuration and database must be backed up.

  • If the subscriber site has HA and the HA passive node is the first to upgrade, the data repository connectivity uses the IPv4 protocol for the site members. If you want the data repository to be connected over the IPv6 protocol, you must stop and restart the subscriber service in the upgraded Grid. The subscriber data is lost when the service is stopped and restarted. It is recommended to stop/start the service of each member at a time to synchronize the subscriber cache with the next active member on the same site.

...

  • Do not add an SNMP health monitor.

  • Do not configure the All available load balancing method for a DTC pool.

  • The record types are reset to default record types (A and AAAA records) and do not modify the record types for an LBDN.

Upgrading Parental Control at DNS Cache Acceleration

...