BIND Package (or similar functioning authoritative DNS server)

voleatech

Hi,

the package is merged and should be available soon.

Please let me know of any problems.

Best
Sven

Voleatech
pfSense Select Partner

rhyskoedijk

Hi,

I checked the /cf/namedb/etc/namedb directory and found that it was because of this…

        forwarders { 8.8.8.8;8.8.4.4 };

When it needed to be…

        forwarders { 8.8.8.8;8.8.4.4; };

In the UI it states you need to seperate IP's with a semi-colon, but I didn't realise you also need end the string with a semi-colon too.
Maybe the hint message could be a bit more clear about this, or the server-side could just ensure it terminates the string with a semi-colon when writing out to the configuration file?

All working now though, thanks.

voleatech

Hi,

thanks for the feedback.

We will change the text for that field to make it clear that a semi-colon has to be added at the end as well.
It will be in the next update of the package.

Best
Sven

Voleatech
pfSense Select Partner

opty

just upgraded from pfsense 2.2 with bind to pfsense 2.3.1 without any problem, new bind is working perfect

Thanks for your work

Cybertoy

Hi,

Thanks for the hard work that was put into this. I just upgraded from 2.2.6 to 2.3.1 and it worked nearly flawless. After the upgrade I had to login though and set the nameserver to 8.8.8.8 manually so that it was able to download all packages. After that everything installed itself including bind.

ciao,
Cybertoy

asterix

Would you know how to get the below google safesearch info in pfSense BIND DNS?

server: include: /var/unbound/forecegoogle.conf

asterix

@Asterix:

Would you know how to get the below google safesearch info in pfSense BIND DNS?

server: include: /var/unbound/forecegoogle.conf

Anyone?

voleatech

Hi,

from looking at it briefly the file does not have a format the bind will understand.
You have to take the entries and create a new zone with them in bind.

Best
Sven

MROX

HI,

I have been using bind already for years, but pfsense since a couple of months, where I bought a SG-4860. With the upgrade to 2.3.2, I was thinking of installing bind as a slave server on the pfsense. In principle, I have bind working fine, as long as I specify the config via /cf/named/etc/namedb/named.conf manually.

I did the following that goes wrong:
a - In the View custom options, in a Windows browser, I entered, multiple options with a carriage return and new line.
b - in the named.conf of the pfsense, I can see the ^M from the windows browser.

To be sure, I stopped the named service, edited the named.conf by removing the ^M and started this again, to make sure it was working fine, which it does. With the ^M, I had bind behavior which I did not expect.

Now the problem and questions:
1 - When I edit the same view again by changing another option, the view custom options is back to the old situation with ^M
2 - I noticed that the backup of the config file using pfsense Web UI is not storing any of the manual changes to named.conf.

So clearly, the Web UI settings are stored somewhere else and used for the backup.
I am perfectly fine to backup the named.conf manually, but prefer this automatically if at all possible with pfsense backup and restore functionality.

So
i. is there any way to fix the ^M behavior?
ii. Where are the Web Ui settings be stored? Can I enter my bind settings over there in a command line to workaround this windows browser, so with any backup and restore my named changes are stored automatically? (Unfortunately, I have no linux browser to workaround this, also I noticed in the xml backup file that the custom options is encrypted, not plain text, otherwise I would have changed it in the xml file.)

Thanks,

CaptainElmo

Upgraded from 2.2.6 to 2.3.2 and the named service won't start. It gives no error and produces no system logs. No other service is using port 53 and the bind configs were all working under the previous version.

Ideas on where to start troubleshooting?

voleatech

@MROX:

Now the problem and questions:
1 - When I edit the same view again by changing another option, the view custom options is back to the old situation with ^M
2 - I noticed that the backup of the config file using pfsense Web UI is not storing any of the manual changes to named.conf.

So clearly, the Web UI settings are stored somewhere else and used for the backup.
I am perfectly fine to backup the named.conf manually, but prefer this automatically if at all possible with pfsense backup and restore functionality.

So
i. is there any way to fix the ^M behavior?
ii. Where are the Web Ui settings be stored? Can I enter my bind settings over there in a command line to workaround this windows browser, so with any backup and restore my named changes are stored automatically? (Unfortunately, I have no linux browser to workaround this, also I noticed in the xml backup file that the custom options is encrypted, not plain text, otherwise I would have changed it in the xml file.)

Thanks,

Hi Mrox,

configs are always saved in the config.xml of pfSense.
Since you are using a browser to set the configs there should not be a ^M since that is a newline in windows encoded textfiles.
Maybe you are copying from a textfile?
You can try and use notepad++ or another editor, create a UTF8 file, type your config and then copy and paste that in the custom field.

Best
Sven

Voleatech
pfSense Select Partner

voleatech

@CaptainElmo:

Upgraded from 2.2.6 to 2.3.2 and the named service won't start. It gives no error and produces no system logs. No other service is using port 53 and the bind configs were all working under the previous version.

Ideas on where to start troubleshooting?

Hi,

that is odd.
You can start by looking in /var/log/system.log for error messages or /var/log/resolver.log .
Can you see any error when you start the daemon?

Best
Sven

Voleatech
pfSense Select Partner

CaptainElmo

Hello Sven. Thank you for doing this - I'm super excited to get this working.

When I click the start arrow on the named service from the dashboard page it spins for about 10 seconds like it is starting up but then stops spinning without starting. There are no error messages. The resolver.log only contains entries from filterdns about some failures in resolving aliases saved under Firewall->Aliases. The system.log has nothing pertaining to the BIND package or the named service.

I'm at a complete loss as to how to troubleshoot this. Of course the first thing I tried was to uninstall the BIND package and re-install but that didn't fix it. Then I tried removing all of the zones in case there was a damaged zone causing trouble, but that didn't fix it either.

sgoldtho

Currently running pfSense:
  2.3.2-RELEASE (i386)
  built on Tue Jul 19 13:09:39 CDT 2016
  FreeBSD 10.3-RELEASE-p5

With BIND:
  9.10_9 GUI
  9.10.4P2 bind package

The named service doesn't start and there are no entries in either the system or resolver logs.

Can bind be started from the command prompt, it may give an indication as to what is "not" happening?

Thanks,
Steve

wxop

Hi there

I've got the exact same problem as  @sgoldtho and @CaptainElmo either with a fresh 2.3.1-RELEASE (nanoBSD) or when upgraded to 2.3.2.

Symptom :
Bind cannot be launched from the GUI, while it can be started from the command line using:

/usr/local/etc/rc.d/named onestart

or

/usr/local/sbin/named  -c /etc/namedb/named.conf -u bind -t /cf/named/

BTW When Bind is launched (from CLI first) it can be stopped from the GUI.
And there is nothing showing in the log file….

After fighting a few hours I finally found the fix  8) :

In the rcfile : /usr/local/etc/rc.d/named.sh

change this line:

		if [ -z "`/bin/ps auxw | /usr/bin/grep "[n]amed" | /usr/bin/awk '{print $2}'`" ]; then

to

		if [ -z "`/bin/ps auxw | /usr/bin/grep "[n]amed " | /usr/bin/awk '{print $2}'`" ]; then

–-->Notice the vicious SPACE after [n]amed !

I hope that the maintainer would check this easy fix and include it in the Bind pkg so that next pkg upgrade should work flawlessly.

HTH

voleatech

Hi,

sorry for the restart bug.
That line of code changed because it was not working on ipv4 and ipv6 enabled bind systems.
@wxop thank you for finding the fix.
A new version was just submitted.

Best
Sven

Voleatech
pfSense Select Partner

helge000

@wxop cheers!

Was fighting over the same issue. I can reconfirm the extra space does the trick.

wxop

@voleatech
Thank for your amazing fast reaction, I just saw your PR at:
https://github.com/pfsense/FreeBSD-ports/pull/193/files
while I was myself just figuring on which GH branch I should post the fix to ;-)

You definitely rock !!!!!!

BTW, now that i found the bug (comparing this file with the squid.sh rcfile), I can not understand why this extra space character is needed even after re-reading the grep manual. As a reward for me having spent hours, to find/fix this bug, would someone be kind enough to explain me WHY the hell this fu***g space is mandatory  in the grep pattern ?
best regards

voleatech

@wxop
Thanks :)

the PR just got merged.

I honestly don't know at this point why it didn't work.
When I run it on the shell in pfSense both versions work on my box and output the PID.

Best
Sven

Voleatech
pfSense Select Partner

wxop

@voleatech:

the PR just got merged.

Whaou !!! The Pf team is just as amazing as you… or I guess this is just a merge bot !  ;D

I honestly don't know at this point why it didn't work. When I run it on the shell in pfSense both versions work on my box and output the PID.

That's why it did take me hours to figure out why the "if/ps/grep/awk" statement was not working as expected… This is really weird!

Any grep guru out there, to show us the light?

all the best