Problem getting bind to work in 2.2
-
Services > DNS forwarder - Turn it off
Services > DNS Resolver - Turn it on.
DNSSEC on
Under advanced tab at top of DNS resolver page >
Prefetch Support
Prefetch DNS Key Support
Harden Glue
Harden DNSSEC data
All On….
System: General Setup:
Remove all the DNS server IP you have listed
Allow DNS server list to be overridden by DHCP/PPP on WAN - unchecked
Do not use the DNS Forwarder as a DNS server for the firewall - unchecked
Don't forget to click "save" after every page you change.
-
Thanks for your help.
I also found my mistake and add NS record and it works now.
-
@kejianshi those are for unbound, they are asking about BIND
-
haha - Thats what I get for not paying attention! :-\
-
Well the one guy thanked you. Guess he isn't paying much attention either ;) hehehe
-
He was being polite to the idiot (me)
-
What I don't get is if the guy just needs a mx record why not just do it in unbound
In the advanced section
local-data: "example.com. 86400 IN MX 10 mail.example.com."Then there you go – mx record..
C:>dig example.com mx
; <<>> DiG 9.10-P2 <<>> example.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47104
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN MX;; ANSWER SECTION:
example.com. 86400 IN MX 10 mail.example.com.;; Query time: 3 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Thu Feb 12 06:42:38 Central Standard Time 2015
;; MSG SIZE rcvd: 61 -
Not sure - He has probably been running BIND for years and didn't want to leave the devil he knows?
Nothing wrong with BIND.
-
Im a big fan of it as well - but seems like a lot of work to get a mx record ;) The way I read his post pfsense was working, which I assume he was either using the resolver or forwarder with and just needed a way to get a mx record for a local domain. Trying to install bind seems like a pain when it takes click click to get a simple mx record.
-
-
What I don't get is if the guy just needs a mx record why not just do it in unbound
In the advanced section
local-data: "example.com. 86400 IN MX 10 mail.example.com."Then there you go – mx record..
C:>dig example.com mx
; <<>> DiG 9.10-P2 <<>> example.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47104
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN MX
;; ANSWER SECTION:
example.com. 86400 IN MX 10 mail.example.com.
;; Query time: 3 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Thu Feb 12 06:42:38 Central Standard Time 2015
;; MSG SIZE rcvd: 61Thanks I'll give it a go. (As it happens I did what I should've done in the first place and kept the dns off the firewall.)
Yes, I only needed a single MX record (but now my lab is getting larger). And yes, as someone commented, I have used bind for years - but I'm always open to try new ways of skinning the virtual cat :)
-
Unbound is simple - I'm sure you can handle it with ease.
