BIND Package (or similar functioning authoritative DNS server)
-
me too!
Is there a bounty we can donate to?
-
Hi,
no need for a donation or bounty.
We might require testing, I will write an update by the end of the week about it.
Best
SvenVoleatech
pfSense Select Partner -
I will be one of your tester.
-
Hi everyone,
so the pull request is out (https://github.com/pfsense/FreeBSD-ports/pull/134).
If you want to test the bind package, feedback is welcome:
https://owncloud.voleatech.de/index.php/s/DUo0JQDp7Rs87kf
You need to download both packages, copy them over to the pfSense.
Login via SSH and then add them with:pkg add pfsense-bind910-9.10.3P4.txz
pkg add pfSense-pkg-bind-9.10_7.txzthe order is important here.
Also make sure to disable unbound or any other DNS server before starting bind.
Otherwise the port is blocked.Best
SvenVoleatech
pfSense Select Partner -
I would like to test bind package, however:
pkg add pfsense-bind910-9.10.3P4.txz Installing pfsense-bind910-9.10.3P4... pkg: wrong architecture: FreeBSD:10:amd64 instead of FreeBSD:10:i386 Failed to install the following 1 package(s): pfsense-bind910-9.10.3P4.txzI have tried downloading bind99-9.9.8P4.txz from http://pkg.pfsense.org/orig-pfSense_v2_3_1_i386-pfSense_v2_3_1/All/, but I get the following error:
pkg add bind99-9.9.8P4.txz Installing bind99-9.9.8P4... pkg: bind99-9.9.8P4 conflicts with bind-tools-9.10.3P4 (installs files into the same place). Problematic file: /usr/local/bin/dig Failed to install the following 1 package(s): bind99-9.9.8P4.txzIf i try to remove problematic package, pfSense reports it will remove bind-tools-9.10.3P4 and pfSense-2.3.1, which I am not sure I want to do…
Is it possible to get bind9.10 i386 packages?
Thanks!
-
Hi,
the bind package from us is a different one than the bind package you are using.
Thats why it is labeled pfsense-bind, to avoid the problem you encountered.Unfortunately we do not have a i386 development environment for this.
I can send you the code if you like?
Otherwise the package should be merged soon.Best
SvenVoleatech
pfSense Select Partner -
First, I wanted to say thank you for providing this. Since BIND is what I'm most familiar with, I was disappointed when pfSense discontinued the package in the 2.3.0 branch. However, so far this has worked as a great drop-in replacement for the previous BIND package.
I can confirm the following with regards to my setup:
-
All my data from the previous package was maintained. For me, that includes settings (some custom), zones, ACLs, and views.
-
Dynamic updates from DHCP are working.
-
I'm able to add and remove records to zones through the GUI.
-
All queries are working, including zone transfers.
-
RNDC commands from the CLI are working.
I did have two issues, but nothing major.
-
My main forward zone complained that it was unable to load initially. It complained of the error: named[69987]: general: error: zone "$MYDOMAIN"/IN/default: journal rollforward failed: not exact However, deleting the .jnl file for the zone resolved the issue. I'm not sure if that was an issue with this package or the actual zone.
-
I don't seem to be able to uncheck "Enable BIND DNS server", it will complain with the error: The following input errors were detected:
The field Enable BIND is required.
However, for me, those are relatively minor. Thank you again for providing this!
-
-
Hi,
thank you for your feedback.
My main forward zone complained that it was unable to load initially. It complained of the error: named[69987]: general: error: zone "$MYDOMAIN"/IN/default: journal rollforward failed: not exact However, deleting the .jnl file for the zone resolved the issue. I'm not sure if that was an issue with this package or the actual zone.
I am not sure about his one either.
I don't seem to be able to uncheck "Enable BIND DNS server", it will complain with the error: The following input errors were detected:
The field Enable BIND is required.Thank you for this. I fixed it and uploaded the fix to the pull request.
If you want to fix it yourself do:
vi /usr/local/pkg/bind.xml
delete line 135 where it reads required.Best
SvenVoleatech
pfSense Select Partner -
Cheers!
Just wanted to alert you to the disable thing in case anyone else decided they wanted to disable BIND. I definitely don't want to go back to unbound. :D
-
Hi,
it is just so good you are not supposed to disable it ;)
We should call it a feature.Best
SvenVoleatech
pfSense Select Partner -
Hi Sven,
First of all, thanks for putting this package together, great work!
I'm having a bit of an issue getting BIND to start after following your instructions, just wondering if you have any ideas as to what might be wrong?I have set up the BIND server in the pfSense UI, clicked save, the changes seem to stick in the UI just fine (if I reload the page), but the service fails to start.
The log file shows…Jun 1 18:54:26 named 42941 exiting (due to fatal error) Jun 1 18:54:26 named 42941 loading configuration: failure Jun 1 18:54:26 named 42941 /etc/namedb/named.conf:27: missing ';' before '}' Jun 1 18:54:26 named 42941 loading configuration from '/etc/namedb/named.conf' Jun 1 18:54:26 named 42941 using up to 4096 sockets Jun 1 18:54:26 named 42941 using 8 UDP listeners per interface Jun 1 18:54:26 named 42941 found 16 CPUs, using 16 worker threads Jun 1 18:54:26 named 42941 ---------------------------------------------------- Jun 1 18:54:26 named 42941 available at https://www.isc.org/support Jun 1 18:54:26 named 42941 corporation. Support and training for BIND 9 are Jun 1 18:54:26 named 42941 Inc. (ISC), a non-profit 501(c)(3) public-benefit Jun 1 18:54:26 named 42941 BIND 9 is maintained by Internet Systems Consortium, Jun 1 18:54:26 named 42941 ---------------------------------------------------- Jun 1 18:54:26 named 42941 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-ledit' '--sysconfdir=/usr/local/etc/namedb' '--disable-fetchlimit' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--with-idn=/usr/local' '--enable-ipv6' '--disable-largefile' '--disable-newstats' '--without-python' '--disable-querytrace' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--enable-rrl' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--without-gost' '--enable-threads' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd10.3' 'build_alias=amd64-portbld-freebsd10.3' 'CC=cc' 'CFLAGS=-O2 -pipe -isystem /usr/local/include -DLIBICONV_PLUG -fstack-protector -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -fstack-protector' 'LIBS=' 'CPPFLAGS=-isystem /usr/local/include -DLIBICONV_PLUG' 'CPP=cpp' Jun 1 18:54:26 named 42941 starting BIND 9.10.3-P4 <id:ebd72b3>-c /etc/namedb/named.conf -u bind -t /cf/named/</id:ebd72b3>The config file in /usr/local/etc/namedb/named.conf doesn't appear to reflect the settings from the UI either.
By my count, line 27 of the config file is a comment line?! Is this the correct file? are the UI settings being saved somewhere else?// $FreeBSD$ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/local/share/doc/bind for more details. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { // All file and path names are relative to the chroot directory, // if any, and should be fully qualified. directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. listen-on { 127.0.0.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; // These zones are already covered by the empty zones listed below. // If you remove the related empty zones below, comment these lines out. disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */Any leads on where to go with this, was there anything else required beyond just disabling the other DNS services and installing the packages in the specified order?
Thanks in advance===========
EDITI've attached a copy of the http response I get from pfSense when saving the configuration in the UI. The response is "302 Moved", is this normal?
 -
Hi Sven,
First of all, thanks for putting this package together, great work!
I'm having a bit of an issue getting BIND to start after following your instructions, just wondering if you have any ideas as to what might be wrong?I have set up the BIND server in the pfSense UI, clicked save, the changes seem to stick in the UI just fine (if I reload the page), but the service fails to start.
The log file shows…Jun 1 18:54:26 named 42941 exiting (due to fatal error) Jun 1 18:54:26 named 42941 loading configuration: failure Jun 1 18:54:26 named 42941 /etc/namedb/named.conf:27: missing ';' before '}' Jun 1 18:54:26 named 42941 loading configuration from '/etc/namedb/named.conf' Jun 1 18:54:26 named 42941 using up to 4096 sockets Jun 1 18:54:26 named 42941 using 8 UDP listeners per interface Jun 1 18:54:26 named 42941 found 16 CPUs, using 16 worker threads Jun 1 18:54:26 named 42941 ---------------------------------------------------- Jun 1 18:54:26 named 42941 available at https://www.isc.org/support Jun 1 18:54:26 named 42941 corporation. Support and training for BIND 9 are Jun 1 18:54:26 named 42941 Inc. (ISC), a non-profit 501(c)(3) public-benefit Jun 1 18:54:26 named 42941 BIND 9 is maintained by Internet Systems Consortium, Jun 1 18:54:26 named 42941 ---------------------------------------------------- Jun 1 18:54:26 named 42941 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-ledit' '--sysconfdir=/usr/local/etc/namedb' '--disable-fetchlimit' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--with-idn=/usr/local' '--enable-ipv6' '--disable-largefile' '--disable-newstats' '--without-python' '--disable-querytrace' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--enable-rrl' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--without-gost' '--enable-threads' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd10.3' 'build_alias=amd64-portbld-freebsd10.3' 'CC=cc' 'CFLAGS=-O2 -pipe -isystem /usr/local/include -DLIBICONV_PLUG -fstack-protector -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -fstack-protector' 'LIBS=' 'CPPFLAGS=-isystem /usr/local/include -DLIBICONV_PLUG' 'CPP=cpp' Jun 1 18:54:26 named 42941 starting BIND 9.10.3-P4 <id:ebd72b3>-c /etc/namedb/named.conf -u bind -t /cf/named/</id:ebd72b3>The config file in /usr/local/etc/namedb/named.conf doesn't appear to reflect the settings from the UI either.
By my count, line 27 of the config file is a comment line?! Is this the correct file? are the UI settings being saved somewhere else?// $FreeBSD$ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/local/share/doc/bind for more details. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { // All file and path names are relative to the chroot directory, // if any, and should be fully qualified. directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. listen-on { 127.0.0.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; // These zones are already covered by the empty zones listed below. // If you remove the related empty zones below, comment these lines out. disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */Any leads on where to go with this, was there anything else required beyond just disabling the other DNS services and installing the packages in the specified order?
Thanks in advance===========
EDITI've attached a copy of the http response I get from pfSense when saving the configuration in the UI. The response is "302 Moved", is this normal?
/etc/namedb/named.conf:27: missing ';' before '}'
check your configInstalled bind yesterday on 2.3.3_1 and it is working flawlessly so far
-
Hi,
the configs are actually saved in a chrooted dir /cf/named/ .
Can you check the file in there? It should be /cf/named/etc/namedb/named.conf and let me know what it looks like on line 27?
The 302 is not an issue.
Best
SvenVoleatech
pfSense Select Partner -
Hi,
the package is merged and should be available soon.
Please let me know of any problems.
Best
SvenVoleatech
pfSense Select Partner -
Hi,
I checked the /cf/namedb/etc/namedb directory and found that it was because of this…
forwarders { 8.8.8.8;8.8.4.4 };When it needed to be…
forwarders { 8.8.8.8;8.8.4.4; };In the UI it states you need to seperate IP's with a semi-colon, but I didn't realise you also need end the string with a semi-colon too.
Maybe the hint message could be a bit more clear about this, or the server-side could just ensure it terminates the string with a semi-colon when writing out to the configuration file?All working now though, thanks.
-
Hi,
thanks for the feedback.
We will change the text for that field to make it clear that a semi-colon has to be added at the end as well.
It will be in the next update of the package.Best
SvenVoleatech
pfSense Select Partner -
just upgraded from pfsense 2.2 with bind to pfsense 2.3.1 without any problem, new bind is working perfect
Thanks for your work
-
Hi,
Thanks for the hard work that was put into this. I just upgraded from 2.2.6 to 2.3.1 and it worked nearly flawless. After the upgrade I had to login though and set the nameserver to 8.8.8.8 manually so that it was able to download all packages. After that everything installed itself including bind.
ciao,
Cybertoy -
Would you know how to get the below google safesearch info in pfSense BIND DNS?
server: include: /var/unbound/forecegoogle.conf
-
Would you know how to get the below google safesearch info in pfSense BIND DNS?
server: include: /var/unbound/forecegoogle.conf
Anyone?