DHCP updates stopped working after the upgrade to 2.2
-
Can you check if unbound is not enabled too? It's a new service/feature on 2.2 for dns.
-
That updates function can be lost if unbound is activated AND there are not DNS servers listed in system > general AND Do not use the DNS Forwarder as a DNS server for the firewall isn't checked AND Allow DNS server list to be overridden by DHCP/PPP on WAN isn't checked
-
Thank you all for prompt response. this is what i got for now:
-
Services: DNS forwarder: Enable DNS forwarder is un-checked
-
Services: DNS Resolver: Enable DNS Resolver is un-checked
-
System: General Setup: One entry for DNS servers pointing to 127.0.0.1
-
Services: DNS forwarder : Do not forward private reverse lookup is un-checked
-
System: General Setup: Allow DNS server list to be overridden by DHCP/PPP on WAN is un-checked
Seems everything is configured as it supposed to be but yet i get this message and my zones are not updated.
What am i missing? -
-
"System: General Setup: One entry for DNS servers pointing to 127.0.0.1" - I'd remove that
"Services: DNS Resolver: Enable DNS Resolver is un-checked" - Ummmmm - I think I'd put a check there (-:
after that, in system > general, I'd also put a check in "Do not use the DNS Forwarder as a DNS server for the firewall"
-
Thanks . ill try this but i was confused by the following statement on Bind Service configuration screen:
Enable BIND
Enable BIND DNS server
Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND.My goal is to use bind as a DNS server and have dhcp server to update forward/reverse mapping. I just not sure i understand how DNS Resolver(Unbound ) fits in to this picture working together with named and dhcpd.
Thanks
-
Haha - You seriously need to pick 1 DNS resolver/forwarder and stick with it and then deactivate / uninstall the rest.
If you want BIND from the packages, then deactivate both resolver and forwarder I'd guess.
If you want unbound, use the one BUILT INTO pfsense 2.2 and uninstall BIND and deactivate forwarder.
You don't get better DNS by running a bunch of forwarders and resolvers.
Personally, I'd run Unbound, which is being called "DNS Resolver" and I would uninstall BIND and turn off DNS forwarder.
But whatever you prefer and need. Do you have a particular need for BIND?
-
BTW - When I answered, I had previously totally glossed over the fact that you had been using BIND - My bad.
Still - I do prefer unbound unless you have some great reason to persist with bind.
-
I dont want to start another topic of bind vs unbound vs… dont have anything against any of those (for now) .Im trying to bring my net back after pfsense update and then to do an intelligent decision (maybe even with your help :) )
So i just verified that nsupdate works from cli and correctly updates bind zones.
So the next step is to make sure that dhcpd actually send update requests to correct DNS server (mine at 127.0.0.1)
Any idea where to dig? -
I'm clueless on that (Bind) and several other subjects (-:
I will follow the thread though.Later if you decide on either unbound or dnsmasq, thats easy enough.
Primary reason I'd favor unbound is its the new default and built into the base BSD distro. Thinking better vetted. -
After poking around i was able to solve the problem. I'm sharing my findings hopefully it will help others.
From what i was able to find, dhcpd supposed to use SOA record to locate DNS server to send DNS updates to. This was working fine on pfsense 2.1.5 (not sure what version of dhcpd it has).The only configuration i had is the domain name under Dynamic DNS section of DHCP server.Now, with 2.2 i added primary dns and key information (which i took from:```
/cf/named/etc/namedb/named.conf
