Problem getting bind to work in 2.2
-
Hi
I've been using the firewall for a while with no problem – good product :)
Anyway I wanted to install Zimbra in my virtual lab, but it needs a domain name with an MX record. So I looked around and aha, pfsense has bind!
I installed the package and, as told, turned off the forwarder and resolver before initialling bind. So far so good! Setup the zone records but, when I save them nothing appears in the resulting conf file box. So I had a look around and found that no zone file had been created that I could see and named.conf didn't point to one anyway.
I tried this several times each time going with a simplified DNS setup but to no-avail.
I've poked around in the file system, I even tried manually changing named.conf (which it says not to). I've read various posts on bind on pfsense forum (but they mostly refer to previous versions which require manual install of bind). All to no avail.
So, has anyone actually setup bind successfully on 2.2? If so, please let me know and maybe give me a hint how you did it.
Hopefully
Tris :)
-
I also can't setup bind but i can see resulting conf file box when i create a view and select it from zone edit page.
When i run a query it gives Server Failed now.
I activated full logging but only starting and stopping logs are logged. I can't see query logs or why server failed.
Any suggestion?
-
Services > DNS forwarder - Turn it off
Services > DNS Resolver - Turn it on.
DNSSEC on
Under advanced tab at top of DNS resolver page >
Prefetch Support
Prefetch DNS Key Support
Harden Glue
Harden DNSSEC data
All On….
System: General Setup:
Remove all the DNS server IP you have listed
Allow DNS server list to be overridden by DHCP/PPP on WAN - unchecked
Do not use the DNS Forwarder as a DNS server for the firewall - unchecked
Don't forget to click "save" after every page you change.
-
Thanks for your help.
I also found my mistake and add NS record and it works now.
-
@kejianshi those are for unbound, they are asking about BIND
-
haha - Thats what I get for not paying attention! :-\
-
Well the one guy thanked you. Guess he isn't paying much attention either ;) hehehe
-
He was being polite to the idiot (me)
-
What I don't get is if the guy just needs a mx record why not just do it in unbound
In the advanced section
local-data: "example.com. 86400 IN MX 10 mail.example.com."Then there you go – mx record..
C:>dig example.com mx
; <<>> DiG 9.10-P2 <<>> example.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47104
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN MX;; ANSWER SECTION:
example.com. 86400 IN MX 10 mail.example.com.;; Query time: 3 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Thu Feb 12 06:42:38 Central Standard Time 2015
;; MSG SIZE rcvd: 61 -
Not sure - He has probably been running BIND for years and didn't want to leave the devil he knows?
Nothing wrong with BIND.
-
Im a big fan of it as well - but seems like a lot of work to get a mx record ;) The way I read his post pfsense was working, which I assume he was either using the resolver or forwarder with and just needed a way to get a mx record for a local domain. Trying to install bind seems like a pain when it takes click click to get a simple mx record.
-
-
What I don't get is if the guy just needs a mx record why not just do it in unbound
In the advanced section
local-data: "example.com. 86400 IN MX 10 mail.example.com."Then there you go – mx record..
C:>dig example.com mx
; <<>> DiG 9.10-P2 <<>> example.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47104
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN MX
;; ANSWER SECTION:
example.com. 86400 IN MX 10 mail.example.com.
;; Query time: 3 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Thu Feb 12 06:42:38 Central Standard Time 2015
;; MSG SIZE rcvd: 61Thanks I'll give it a go. (As it happens I did what I should've done in the first place and kept the dns off the firewall.)
Yes, I only needed a single MX record (but now my lab is getting larger). And yes, as someone commented, I have used bind for years - but I'm always open to try new ways of skinning the virtual cat :)
-
Unbound is simple - I'm sure you can handle it with ease.
