[SOLVED] BIND setup. How?

bogong

Hello all!

I've got troubles with installing BIND. It's not resolving DNS that is added via WebUI. What I am doing:

Ensure that DNS Resolver and Forwarder switched off
Ensure that BIND started and operational (it's shown on dashboard that all is OK) and it's return on dig in console

[2.4.4-RELEASE][user@pfsense]$ dig @127.0.0.1 . ANY

; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 . ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47008
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.				IN	ANY

;; ANSWER SECTION:
.			518360	IN	NS	a.root-servers.net.
.			518360	IN	NS	b.root-servers.net.
.			518360	IN	NS	c.root-servers.net.
.			518360	IN	NS	d.root-servers.net.
.			518360	IN	NS	e.root-servers.net.
.			518360	IN	NS	f.root-servers.net.
.			518360	IN	NS	g.root-servers.net.
.			518360	IN	NS	h.root-servers.net.
.			518360	IN	NS	i.root-servers.net.
.			518360	IN	NS	j.root-servers.net.
.			518360	IN	NS	k.root-servers.net.
.			518360	IN	NS	l.root-servers.net.
.			518360	IN	NS	m.root-servers.net.
.			518360	IN	RRSIG	NS 8 0 518400 20190502050000 20190419040000 25266 . uY8e/0R6YXnWHY0GYYe4PfqHKYN6pK4IKiXCxCmQm60AosCob7uTRRdB 3XqW4rojym0hZUHhHUVUbiFmGpHgS8qTwpcq01Alsl6o/p3XH09bar3N XY9aOfCfVutPWfLZ0geg/LrhUn1QwQwHBQmk4CIWBIvU8/11lPaJ95En h2VIcbCDItMoeSNoyM/VW73O9LP6xTyPXN4VSEML3MVH5LNZhPUjwwa/ mGMg1aGO7iR+NxOju5Tue6HIbpvORozH0vVnPAI426xeia2Wbl2NblJ/ jq3BdDb4mY+rSoybyaXaIGreckZifL90f/GXxNnysVp0xTkkNIlaxx7t 5TyK8g==

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 19 09:04:31 *** 2019
;; MSG SIZE  rcvd: 525

Added zone via GUI

Screen Shot 2019-04-19 at 09.43.09.png

I'd done it before via configuration files many times. I am trying to add the same from working on pure FreeBSD servers - but in result nothing.

The symptoms:

The field of resulting conf file empty

Screen Shot 2019-04-19 at 09.45.34.png

The dig command return this:

dig @127.0.0.1 test.test ANY

; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 test.test ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48031
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 58eff4223ab9c460dd5322a95cb963044827eaa0caaf25bc (good)
;; QUESTION SECTION:
;test.test.			IN	ANY

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 19 08:56:20 *** 2019
;; MSG SIZE  rcvd: 65

Nothing in conf file appeared after adding anything

#Bind pfsense configuration
#Do not edit this file!!!

 key "rndc-key" {
        algorithm hmac-md5;
        secret "wwwwwwww==";
 };

 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };



options {
        directory "/etc/namedb";
        pid-file "/var/run/named/pid";
        statistics-file "/var/log/named.stats";
        max-cache-size 256M;
        rate-limit {
                responses-per-second 15;
                log-only no;
        };
        listen-on-v6 port 53 { ::1;  };
        listen-on port 53 { 172.16.0.1; 172.16.1.1; 127.0.0.1;  };
        forwarders { 8.8.8.8; };
        version none;

};

nothing in namedb directory

$ ls -la /cf/named//etc/namedb/
total 15
drwxr-xr-x  3 bind  wheel     6 Apr 19 09:43 .
drwxr-xr-x  3 root  wheel     4 Apr 17 19:30 ..
drwxr-xr-x  2 bind  wheel     2 Apr 17 19:30 keys
-rw-r--r--  1 root  wheel   541 Apr 19 09:43 named.conf
-rw-r--r--  1 root  wheel  3313 Apr 17 19:30 named.root
-rw-r--r--  1 root  wheel   163 Apr 19 09:43 rndc.conf

What am I missing? Is there any manual about setting it up via Web UI?

bogong

Just tried to use DNS Resolver instead of BIND. The same issue - it looks like it adding to pfSense DB but not adding it to configs. I've done adding the myhost.example.com through the DNS resolver

Screen Shot 2019-04-19 at 11.07.33.png

In dig command reply I've got this:

$ dig @127.0.0.1 myhost.example.com ANY

; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 myhost.example.com ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56266
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myhost.example.com.		IN	ANY

;; AUTHORITY SECTION:
example.com.		3600	IN	SOA	sns.dns.icann.org. noc.dns.icann.org. 2019041009 7200 3600 1209600 3600

;; Query time: 670 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 19 11:09:22 *** 2019
;; MSG SIZE  rcvd: 104

It looks like web UI isn't adding anything into config files but it's appearing in pfSense UI DB.

bogong

Just tried to check permissions (I've been adding not under "admin" user) - under "admin" user the same issue appeared.

Screen Shot 2019-04-19 at 11.26.24.png

johnpoz

Where did you get the idea that ANY is going to return anything?

Do an actual query for a FQDN that you entered!

in your example there your fully qualified name would be

myhost.myhost.example.com no myhost.example.com

ANY hasn't been a valid sort of query for long time!

bogong

Got it! It's working! Thanks.

johnpoz

Also bind works too - did you hit save? If you do not hit save where you create your zone, then the config will not be generated.. Also you will need to create a view that your zone is in, etc...

bogong

@johnpoz For BIND I did everything that you mentioning. But nothing appeared for me. Only DNS Resolver working right now. And really don't know why. What I see from screenshot - the diff is createview, I havent't it. In my version it's empty.

johnpoz

You have to hit the SAVE button!!

Outside off the zone.. Then go back into your zone and you will see your conf file..

bogong

@johnpoz What I see from screenshot - the diff is createview, I havent't it. In my version it's empty.

johnpoz

You didn't create a view would be my guess!

bogong

@johnpoz Yes. I've been pressing this button. For me creating view is a little new way. I've been only writing configs for BIND on pure FreeBSD. What does it mean VIEW?

johnpoz

You have been using bind for how long? And you don't know what a view is?

it determines what a specific client will be able to view in the zone..

edit:
https://kb.isc.org/docs/aa-00851
Understanding views in BIND 9, by example

bogong

@johnpoz About 10 years. I've been only writing zone files and add it in named.conf and everything was working. From now started to read about it. Thanks a lot.

johnpoz

Views have been around a REALLY Long time!! Pretty sure views have been available since the release of 9, like 2000 was it?