Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind 0.4.2 on pfSense 2.2.5 , unable to serve zones

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eagle72
      last edited by

      I have recently setup bind on pfSense.  I have a basic/working knowledge of the bind/named process (having set it up several times before on Linux including configuring zones, etc…).  After setting up a zone on pfSense I found that it wasn't resolving on my local network. 
      Here's a brief description of the current settings:

      BIND: DNS Settings
      Settings (tab)
      Daemon Setings

      Enable Bind

        IP Version = IPv4
        Listen On = LAN,Loopback  are selected
      Logging Options
      Enable Logging

        Logging Severity = Critical
        Logging Options = 'Default'

      Zones (tab)
      shows this line:
        status = Enabled  , Name = localdomain (I've also tested this with 'myexample.com' and it didn't work), type = master, views= (empty)
      Master Zone Configuration (section)
        TTL = 60 (for testing)
        Name Server = (LAN-IP of my pfSense setup)
        Base Domain IP = (LAN-IP of my pfSense setup)
        Mail Admin Zone =  (tried this blank, and also as root.localdomain, or root.myexample.com)
        Serial = (assigned by pfSense)
        Refresh = (assigned by pfSense)
        Retry = (assigned by pfSense)
        Expire = (assigned by pfSense)
        Minimum = (assigned by pfSense)
        Allow update = none
        Allow query = any
        Allow transfer = none

      Zone Domain Records (still on Zones tab)
        Record = findme , Type = A , Priority = (blank) , IP address = a random IP on my test network, same network as the LAN

      –----------
      After saving all of that then coming back into the record I also observe that the 'Resulting zone config file' is empty.

      It appears behind the scenes, that the configuration file for this process is actually stored under
      /cf/named/etc/namedb/named.conf

      If I look in this file I do not see declarations for any zone that I create, which to my understanding is why is one reason I would not have any resolution on the zones.  I'm not sure where the zonefiles themselves would be stored I would have checked there as well.  The location /usr/pbi/bind-amd64/  and it's subdirectories seem to have the program only.

      Offhand it looks like the scripts that build the named.conf file are not entering in information for the zones that are defined.  Since I'm not sure where the zone files would be stored I couldn't check there but doing a 'find /*|grep -i myexample'  does not give me any files with that name as part of the filename.

      If I've failed to setup something in the GUI please advise.

      Otherwise - it appears that the BIND 0.4.2 (and 0.4.1 which I had setup first) on pfSense 2.2.5  is not working correctly.

      Please advise if you see my error or (for the maintainer) please repair.  Thanks!

      To the maintainer:  Thank you for porting this to pfSense and creating a front-end for it's management!

      1 Reply Last reply Reply Quote 0
      • S
        Scissorfish
        last edited by

        @Eagle72:

        I have recently setup bind on pfSense.  I have a basic/working knowledge of the bind/named process (having set it up several times before on Linux including configuring zones, etc…).  After setting up a zone on pfSense I found that it wasn't resolving on my local network. 
        Here's a brief description of the current settings:

        BIND: DNS Settings
        Settings (tab)
        Daemon Setings

        Enable Bind

          IP Version = IPv4
          Listen On = LAN,Loopback  are selected
        Logging Options
        Enable Logging

          Logging Severity = Critical
          Logging Options = 'Default'

        Zones (tab)
        shows this line:
          status = Enabled  , Name = localdomain (I've also tested this with 'myexample.com' and it didn't work), type = master, views= (empty)
        Master Zone Configuration (section)
          TTL = 60 (for testing)
          Name Server = (LAN-IP of my pfSense setup)
          Base Domain IP = (LAN-IP of my pfSense setup)
          Mail Admin Zone =  (tried this blank, and also as root.localdomain, or root.myexample.com)
          Serial = (assigned by pfSense)
          Refresh = (assigned by pfSense)
          Retry = (assigned by pfSense)
          Expire = (assigned by pfSense)
          Minimum = (assigned by pfSense)
          Allow update = none
          Allow query = any
          Allow transfer = none

        Zone Domain Records (still on Zones tab)
          Record = findme , Type = A , Priority = (blank) , IP address = a random IP on my test network, same network as the LAN

        –----------
        After saving all of that then coming back into the record I also observe that the 'Resulting zone config file' is empty.

        It appears behind the scenes, that the configuration file for this process is actually stored under
        /cf/named/etc/namedb/named.conf

        If I look in this file I do not see declarations for any zone that I create, which to my understanding is why is one reason I would not have any resolution on the zones.  I'm not sure where the zonefiles themselves would be stored I would have checked there as well.  The location /usr/pbi/bind-amd64/  and it's subdirectories seem to have the program only.

        Offhand it looks like the scripts that build the named.conf file are not entering in information for the zones that are defined.  Since I'm not sure where the zone files would be stored I couldn't check there but doing a 'find /*|grep -i myexample'  does not give me any files with that name as part of the filename.

        If I've failed to setup something in the GUI please advise.

        Otherwise - it appears that the BIND 0.4.2 (and 0.4.1 which I had setup first) on pfSense 2.2.5  is not working correctly.

        Please advise if you see my error or (for the maintainer) please repair.  Thanks!

        To the maintainer:  Thank you for porting this to pfSense and creating a front-end for it's management!

        your zone setup is incorrect

        Name Server = NS.YOURDOMAIN
        Base Domain IP = YOUR LAN ADDRESS
        Mail Admin Zone =  HOSTMASTER.YOURDOMAIN
        Allow update = create ACL with definitions of who can update your zone (check ACLs tab)
        Allow query = any
        Allow transfer = none
        Zone Domain Records:
            record  type priority alias or ip address
              ns        A                  YOUR LAN IP

        also create a view for your zone:
        match-clients = ACL for your zone (or select any)
        allow-recursion = ACL for your zone (or select any)

        and don't forget to create reverse zone

        1 Reply Last reply Reply Quote 0
        • E
          Eagle72
          last edited by

          Scissorfish:  Thank you very much - I tried the settings as you suggested and they worked - thanks a lot!

          So, just out of curiosity I re-tried these with just the views (which I had not previously needed to define myself in the simple-configuration I had under Linux - so this part was foreign to me).  Changing just the Views entry seems to have been the critical piece.  I then proceeded to make the other changes you recommended as well, but it seems the key part here was to define the view and associate it to the zones.  I did already have a reverse zone defined but didn't list that as I didn't want to give extraneous info.

          Again - Thank you very much for your help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.