*SOLVED*BIND-PFsense package not accepting Fixed Virtual IP Alias on PPoE as Interface but accepts ISP DHCP PPPoE as InterfaceIP

svanderlaars

HI Guys,

I've been breaking my head for a while now, and hopefully you can point me in the right direction.

I've installed the BIND pfsense package (v9.12 on Pfsense 2.4.4-Release-p3) to make our PFsense boxes Authorative DNS servers.

When i configure bind to listen to port 53 on the virtual IP 90.145.246.3 /29 it returns in the logging:

Sep 25 11:36:49	named	76510	not listening on any interfaces
Sep 25 11:36:49	named	76510	using default UDP/IPv4 port range: [49152, 65535]

However, when i change this to our WAN interface (Non fixed ip) it returns:

Sep 25 11:32:20	named	90897	sizing zone task pool based on 3 zones
Sep 25 11:32:20	named	90897	generating session key for dynamic DNS
Sep 25 11:32:20	named	90897	listening on IPv4 interface pppoe0, 84.53.91.128#53
Sep 25 11:32:20	named	90897	using default UDP/IPv4 port range: [49152, 65535]

Perfect! Although i want to use one of our designated fixed IP's for this occasion.
I have 6 virtual IP's, all bound to the WAN1 Interface with IP Alias Type.

Both DNS Resolver and DNS forwarder are off, i can see the entry in the firewall that the DNS traffic on the IP is allowed and passed.

The WAN1 interface itself is a PPPoE connection that receives a random IP address.
The other 6 virtual IP's are routed over this and work well, i have webservers running on 1 virtual ip and an MX server running on another.

I've also tried adding the loopback adapter to the BIND configuration and it accepts it as an interface:

I Can't figure out what i'm missing here, is there a second step i need to take to make Bind listen to the virtual IP? Do i create some sort of interface that is linked to the virtual IP?

Below is the Bind package Config:

#Bind pfsense configuration
#Do not edit this file!!!

 key "rndc-key" {
 	algorithm hmac-md5;
 	secret 
 };

 controls {
 	inet 127.0.0.1 port 953
 		allow { 127.0.0.1; } keys { "rndc-key"; };
 };



options {
	listen-on-v6 port 53 { none; };
	listen-on port 53 { 90.145.246.3; };
	directory "/cf/named/etc/namedb";
	pid-file "/var/run/named/pid";
	statistics-file "/var/log/named.stats";
	max-cache-size 512M;
	rate-limit { 
		responses-per-second 30;
		log-only yes;
	};
	notify yes;
	
};
	
logging {
	channel custom {
		syslog daemon;
		print-time no;
		print-severity yes;
		print-category yes;
		severity debug 5;
		};
	category client { custom; };
	category unmatched { custom; };
	category queries { custom; };
	category network { custom; };
	category dispatch { custom; };
	category dnssec { custom; };
};

view "Main View" { 
	recursion no;
	match-clients { any; };
	allow-recursion { localhost; localnets; };

	zone "vintagetulipcomputers.com" {
		type master;
		file "/etc/namedb/master/Main View/vintagetulipcomputers.com.DB";
		allow-query { any; };
		allow-transfer { none; };
		allow-update { any; };

		# look for dnssec keys here:
		key-directory "/etc/namedb/keys";

		# publish and activate dnssec keys:
		auto-dnssec maintain;

		# use inline signing:
		inline-signing yes;

	};

	zone "||tulip-computer.com||" {
		type master;
		file "/etc/namedb/master/Main View/||tulip-computer.com||.DB";
		allow-query { any; };
		allow-transfer { none; };
		allow-update { localhost; };

		# look for dnssec keys here:
		key-directory "/etc/namedb/keys";

		# publish and activate dnssec keys:
		auto-dnssec maintain;

		# use inline signing:
		inline-signing yes;

	};

	zone "." {
		type hint;
		file "/etc/namedb/named.root";
	};

};

Any clues and hints are welcome! If there is more information you need i'll pull up extra logs and config files.

Kind Regards
Sonny van der Laars

SOLUTION:

Thanks to Kiokoman we've found a solution/workaround for the problem.

kiokoman 23 minutes ago
ah i understand, this kind of configuration does not exist in my country
so if you select WAN1 as interface it take the fist dynamic ip that you don't need
if you select the virtual ip it does not start
let me do some test

how about select the loopback interface and add a port forward with destination 90.145.246.x 53 nat to 127.0.0.1 53 ?
i've tested it on my side and it seems to work

kiokoman

Sep 25 11:36:49	named	76510	not listening on any interfaces

i'm able to listen to virtual ip without problem so there must be some error somewhere that prevent it
another service using port 53 maybe (check with

sockstat -4 -l

) or some misconfiguration
you should check general log for why it's not starting

personally i have bind running on another linux machine, i don't like gui for this kind of stuff

svanderlaars

I've checked but right now while it is configured with the virtual IP alias port 53 is not used on anything.

I've turned on every logging option for bind with Debug Level 5. no other error is shown, just not listening to Interfaces when selecting a virtual IP Alias.

How is your virtual IP Configured? Alias? Carp? Other?

The only port that is registered with bind is currently 953 on the loopback interface.

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
bind     named      79473 21 tcp4   127.0.0.1:953         *:*
root     php-fpm    83502 4  udp4   *:*                   *:*
root     php-fpm    61177 4  udp4   *:*                   *:*
root     php-fpm    40956 4  udp4   *:*                   *:*
root     php-fpm    51781 4  udp4   *:*                   *:*
dhcpd    dhcpd      3200  16 udp4   *:67                  *:*
root     syslogd    95943 8  udp4   *:514                 *:*
root     upsd       19801 5  tcp4   127.0.0.1:3493        *:*
uucp     snmp-ups   85828 4  udp4   *:28386               *:*
root     miniupnpd  52977 6  tcp4   *:2189                *:*
root     miniupnpd  52977 7  udp4   *:1900                *:*
root     miniupnpd  52977 8  udp4   10.0.148.2:47717      *:*
root     miniupnpd  52977 10 udp4   10.0.148.2:5351       *:*
root     ntpd       91855 21 udp4   *:123                 *:*
root     ntpd       91855 26 udp4   127.0.0.1:123         *:*
root     ntpd       91855 29 udp4   10.0.148.2:123        *:*
root     ntpd       91855 31 udp4   10.0.150.2:123        *:*
root     ntpd       91855 33 udp4   10.0.152.2:123        *:*
root     ntpd       91855 35 udp4   10.0.120.2:123        *:*
root     ntpd       91855 37 udp4   10.0.149.2:123        *:*
root     ntpd       91855 40 udp4   10.0.154.2:123        *:*
root     ntpd       91855 42 udp4   192.168.1.200:123     *:*
root     ntpd       91855 44 udp4   192.168.0.200:123     *:*
root     ntpd       91855 46 udp4   10.0.140.2:123        *:*
root     ntpd       91855 48 udp4   172.16.0.1:123        *:*
REMOVED
root     ntpd       91855 52 udp4   10.0.8.1:123          *:*
root     nginx      90599 5  tcp4   *:40443               *:*
root     nginx      90316 5  tcp4   *:40443               *:*
root     nginx      90248 5  tcp4   *:40443               *:*
REMOVED
root     xinetd     64143 0  tcp4   127.0.0.1:19000       *:*
root     xinetd     64143 5  tcp4   127.0.0.1:19001       *:*
root     xinetd     64143 6  tcp4   127.0.0.1:19002       *:*
root     xinetd     64143 7  tcp4   127.0.0.1:19003       *:*
root     sshd       13531 4  tcp4   *:22                  *:*
root     php-fpm    339   4  udp4   *:*                   *:*

kiokoman

yes, i have 5 ip configured as ip alias

i've just configured one unused ip with bind9 on pfsense

Sep 26 10:14:14 	named 	63230 	listening on IPv4 interface em0, 151.***.***.214#53
Sep 26 10:14:14 	named 	63230 	using default UDP/IPv4 port range: [49152, 65535]
Sep 26 10:14:14 	named 	63230 	unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
Sep 26 10:14:14 	named 	63230 	loading configuration from '/etc/namedb/named.conf'
Sep 26 10:14:14 	named 	63230 	using up to 4096 sockets
Sep 26 10:14:14 	named 	63230 	using 3 UDP listeners per interface
Sep 26 10:14:14 	named 	63230 	found 4 CPUs, using 4 worker threads

try to reconfigure with the alias you need, connect via ssh and try from the console

killall named
/usr/local/sbin/named -4 -g -c /etc/namedb/named.conf -u bind -t /cf/named/ -d 1

and check the output for any error

svanderlaars

I can see that it sees your virtual interface as em0, i assume that is because it is bound to an Intel network card? or is it some sort of virtual interface? I've bound my virtual IP to my WAN (PPPoE) interface, and if i select the PPPoE interface it will start up correctly, but it refuses to listen to the virtual IP Alias. The PPPoE link is set to DHCP as it receives its ip directly from the ISP. With the virtual IP's being a fixed routed subnet.

I've tried setting it again, but still no error in the logs as far as i can see:

26-Sep-2019 17:27:32.428 starting BIND 9.11.4-P1 (Extended Support Version) <id:2b060b2>
26-Sep-2019 17:27:32.428 running on FreeBSD amd64 11.2-RELEASE-p10 FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce133(RELENG_2_4_4): Wed May 15 18:54:42 EDT 2019     root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense
26-Sep-2019 17:27:32.428 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-dnstap' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--without-idn' '--enable-ipv6' '--with-libjson=/usr/local' '--disable-largefile' '--without-lmdb' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-threads' '--with-tuning=default' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-python' '--without-gost' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.2' 'build_alias=amd64-portbld-freebsd11.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing' 'LDFLAGS= -fstack-protector' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp'
26-Sep-2019 17:27:32.428 running as: named -4 -g -c /etc/namedb/named.conf -u bind -t /cf/named/ -d 1
26-Sep-2019 17:27:32.428 compiled by CLANG 4.2.1 Compatible FreeBSD Clang 6.0.0 (tags/RELEASE_600/final 326565)
26-Sep-2019 17:27:32.428 compiled with OpenSSL version: OpenSSL 1.0.2o-freebsd  27 Mar 2018
26-Sep-2019 17:27:32.428 linked to OpenSSL version: OpenSSL 1.0.2o-freebsd  27 Mar 2018
26-Sep-2019 17:27:32.428 compiled with libxml2 version: 2.9.7
26-Sep-2019 17:27:32.428 linked to libxml2 version: 20907
26-Sep-2019 17:27:32.428 compiled with libjson-c version: 0.13
26-Sep-2019 17:27:32.428 linked to libjson-c version: 0.13
26-Sep-2019 17:27:32.428 compiled with zlib version: 1.2.11
26-Sep-2019 17:27:32.428 linked to zlib version: 1.2.11
26-Sep-2019 17:27:32.428 threads support is enabled
26-Sep-2019 17:27:32.428 ----------------------------------------------------
26-Sep-2019 17:27:32.428 BIND 9 is maintained by Internet Systems Consortium,
26-Sep-2019 17:27:32.428 Inc. (ISC), a non-profit 501(c)(3) public-benefit
26-Sep-2019 17:27:32.428 corporation.  Support and training for BIND 9 are
26-Sep-2019 17:27:32.428 available at https://www.isc.org/support
26-Sep-2019 17:27:32.428 ----------------------------------------------------
26-Sep-2019 17:27:32.428 found 4 CPUs, using 4 worker threads
26-Sep-2019 17:27:32.428 using 3 UDP listeners per interface
26-Sep-2019 17:27:32.429 using up to 4096 sockets
26-Sep-2019 17:27:32.438 loading configuration from '/etc/namedb/named.conf'
26-Sep-2019 17:27:32.439 /etc/namedb/named.conf:62: both "recursion no;" and "allow-recursion" active for view Main View
26-Sep-2019 17:27:32.439 unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
26-Sep-2019 17:27:32.439 using default UDP/IPv4 port range: [49152, 65535]
26-Sep-2019 17:27:32.440 not listening on any interfaces
26-Sep-2019 17:27:32.440 generating session key for dynamic DNS
26-Sep-2019 17:27:32.440 sizing zone task pool based on 3 zones
26-Sep-2019 17:27:32.441 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.441 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.441 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.441 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.445 set up managed keys zone for view Main View, file '1f857f9d43a912bc.mkeys'
26-Sep-2019 17:27:32.446 zone_settimer: zone version.bind/CH: enter
26-Sep-2019 17:27:32.446 zone_settimer: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.446 zone_settimer: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.446 zone_settimer: zone id.server/CH: enter
26-Sep-2019 17:27:32.449 command channel listening on 127.0.0.1#953
26-Sep-2019 17:27:32.449 not using config file logging statement for logging due to -g option
26-Sep-2019 17:27:32.450 load_configuration: success
26-Sep-2019 17:27:32.450 zone_timer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.450 zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.450 zone_timer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.450 zone_maintenance: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.450 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.450 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: starting load
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: loading from master file 1f857f9d43a912bc.mkeys failed: file not found
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: creating SOA
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: journal rollforward completed successfully: no journal
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: loaded; checking validity
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: synchronizing trusted keys
26-Sep-2019 17:27:32.450 zone_settimer: managed-keys-zone/Main View: enter
26-Sep-2019 17:27:32.450 managed-keys-zone/Main View: loaded serial 0
26-Sep-2019 17:27:32.450 zone authors.bind/CH: starting load
26-Sep-2019 17:27:32.450 zone vintagetulipcomputers.com/IN/Main View (unsigned): starting load
26-Sep-2019 17:27:32.450 zone tulip-computer.com/IN/Main View (unsigned): starting load
26-Sep-2019 17:27:32.450 zone version.bind/CH: starting load
26-Sep-2019 17:27:32.451 zone version.bind/CH: loaded; checking validity
26-Sep-2019 17:27:32.451 zone authors.bind/CH: loaded; checking validity
26-Sep-2019 17:27:32.451 zone_settimer: zone version.bind/CH: enter
26-Sep-2019 17:27:32.451 zone id.server/CH: starting load
26-Sep-2019 17:27:32.451 zone_settimer: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.451 zone id.server/CH: loaded; checking validity
26-Sep-2019 17:27:32.451 zone_settimer: zone id.server/CH: enter
26-Sep-2019 17:27:32.451 zone vintagetulipcomputers.com/IN/Main View (unsigned): journal rollforward completed successfully: up to date
26-Sep-2019 17:27:32.451 zone vintagetulipcomputers.com/IN/Main View (unsigned): loaded; checking validity
26-Sep-2019 17:27:32.451 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.451 zone tulip-computer.com/IN/Main View (unsigned): journal rollforward completed successfully: up to date
26-Sep-2019 17:27:32.451 zone vintagetulipcomputers.com/IN/Main View (unsigned): loaded serial 2569359389
26-Sep-2019 17:27:32.451 zone tulip-computer.com/IN/Main View (unsigned): loaded; checking validity
26-Sep-2019 17:27:32.451 zone vintagetulipcomputers.com/IN/Main View (signed): starting load
26-Sep-2019 17:27:32.452 zone_settimer: zone tulip-computer.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.452 zone tulip-computer.com/IN/Main View (unsigned): loaded serial 2569352809
26-Sep-2019 17:27:32.452 zone tulip-computer.com/IN/Main View (signed): starting load
26-Sep-2019 17:27:32.452 zone vintagetulipcomputers.com/IN/Main View (signed): journal rollforward completed successfully: up to date
26-Sep-2019 17:27:32.452 zone vintagetulipcomputers.com/IN/Main View (signed): loaded; checking validity
26-Sep-2019 17:27:32.452 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.452 zone vintagetulipcomputers.com/IN/Main View (signed): loaded serial 2569359393 (DNSSEC signed)
26-Sep-2019 17:27:32.452 zone tulip-computer.com/IN/Main View (signed): journal rollforward completed successfully: up to date
26-Sep-2019 17:27:32.452 zone tulip-computer.com/IN/Main View (signed): loaded; checking validity
26-Sep-2019 17:27:32.452 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.452 zone tulip-computer.com/IN/Main View (signed): loaded serial 2569352816 (DNSSEC signed)
26-Sep-2019 17:27:32.452 zone hostname.bind/CH: starting load
26-Sep-2019 17:27:32.452 zone hostname.bind/CH: loaded; checking validity
26-Sep-2019 17:27:32.452 zone_settimer: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.452 all zones loaded
26-Sep-2019 17:27:32.452 dns_zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.452 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.452 dns_zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.452 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.452 dns_zone_maintenance: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.452 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.452 dns_zone_maintenance: zone tulip-computer.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.452 zone_settimer: zone tulip-computer.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.453 dns_zone_maintenance: managed-keys-zone/Main View: enter
26-Sep-2019 17:27:32.453 zone_settimer: managed-keys-zone/Main View: enter
26-Sep-2019 17:27:32.453 dns_zone_maintenance: zone version.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone version.bind/CH: enter
26-Sep-2019 17:27:32.453 dns_zone_maintenance: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.453 dns_zone_maintenance: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.453 dns_zone_maintenance: zone id.server/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone id.server/CH: enter
26-Sep-2019 17:27:32.453 running
26-Sep-2019 17:27:32.453 zone_timer: zone version.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_timer: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_maintenance: zone version.bind/CH: enter
26-Sep-2019 17:27:32.453 receive_secure_serial: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.453 receive_secure_serial: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.453 zone_maintenance: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone authors.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_timer: zone id.server/CH: enter
26-Sep-2019 17:27:32.453 zone_maintenance: zone id.server/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone id.server/CH: enter
26-Sep-2019 17:27:32.453 zone_timer: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_maintenance: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone hostname.bind/CH: enter
26-Sep-2019 17:27:32.453 zone_settimer: zone version.bind/CH: enter
26-Sep-2019 17:27:32.453 zone tulip-computer.com/IN/Main View (signed): receive_secure_serial: unchanged
26-Sep-2019 17:27:32.453 zone vintagetulipcomputers.com/IN/Main View (signed): receive_secure_serial: unchanged
26-Sep-2019 17:27:32.453 zone_timer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.453 zone_maintenance: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.453 zone_timer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.453 zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.453 zone tulip-computer.com/IN/Main View (signed): reconfiguring zone keys
26-Sep-2019 17:27:32.453 zone vintagetulipcomputers.com/IN/Main View (signed): reconfiguring zone keys
26-Sep-2019 17:27:32.458 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.458 zone vintagetulipcomputers.com/IN/Main View (signed): next key event: 26-Sep-2019 18:27:32.453
26-Sep-2019 17:27:32.458 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.458 zone_timer: zone vintagetulipcomputers.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.458 zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.458 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.469 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.469 zone tulip-computer.com/IN/Main View (signed): next key event: 26-Sep-2019 18:27:32.453
26-Sep-2019 17:27:32.469 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 17:27:32.469 zone_timer: zone tulip-computer.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.469 zone_maintenance: zone tulip-computer.com/IN/Main View (unsigned): enter
26-Sep-2019 17:27:32.469 zone_settimer: zone tulip-computer.com/IN/Main View (unsigned): enter
26-Sep-2019 18:27:32.469 not listening on any interfaces
26-Sep-2019 18:27:32.469 zone_timer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.469 zone_timer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.469 zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.470 zone_maintenance: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.470 zone vintagetulipcomputers.com/IN/Main View (signed): reconfiguring zone keys
26-Sep-2019 18:27:32.470 zone tulip-computer.com/IN/Main View (signed): reconfiguring zone keys
26-Sep-2019 18:27:32.474 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.474 zone vintagetulipcomputers.com/IN/Main View (signed): next key event: 26-Sep-2019 19:27:32.470
26-Sep-2019 18:27:32.474 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.485 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 18:27:32.485 zone tulip-computer.com/IN/Main View (signed): next key event: 26-Sep-2019 19:27:32.470
26-Sep-2019 18:27:32.485 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.504 zone_timer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.504 zone_maintenance: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.504 zone_timer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.504 zone tulip-computer.com/IN/Main View (signed): reconfiguring zone keys
26-Sep-2019 19:27:32.504 zone_maintenance: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.504 zone vintagetulipcomputers.com/IN/Main View (signed): reconfiguring zone keys
26-Sep-2019 19:27:32.509 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.509 zone vintagetulipcomputers.com/IN/Main View (signed): next key event: 26-Sep-2019 20:27:32.504
26-Sep-2019 19:27:32.509 zone_settimer: zone vintagetulipcomputers.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.520 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.520 zone tulip-computer.com/IN/Main View (signed): next key event: 26-Sep-2019 20:27:32.504
26-Sep-2019 19:27:32.520 zone_settimer: zone tulip-computer.com/IN/Main View (signed): enter
26-Sep-2019 19:27:32.520 not listening on any interfaces

kiokoman

em0 is an intel network card, i don't have pppoe on that location but i have it at home, let me check what happen here...

edit:

Sep 27 13:45:50	named	68049	generating session key for dynamic DNS
Sep 27 13:45:50	named	68049	not listening on any interfaces

ergo you can't have it on a pppoe wan interface, there must be another way :)

svanderlaars

Hmm, that's odd, you would assume that Bind would not make any difference if the virtual IP is connected to PPPoE or Ethernet, which would mean that it would be usable with all cable, fiber and other connections but not with xDSL connections :(

Is there a way to create some sort of virtual interface that i'm overlooking, or is this a little bug in the way Bind / PFsense sees the PPPoE interface... i'll tinker some more this weekend, if i found a way i'll post back, ofcourse anybody with ideas are welcome.

kiokoman

sorry errata corrige copied the wrong log

Sep 27 13:52:58	named	5710	listening on IPv4 interface pppoe0, 217.***.***.***#53
Sep 27 13:52:58	named	5710	using default UDP/IPv4 port range: [49152, 65535]

ergo you can have it on a pppoe wan interface, there must be something wrong on your side :)

svanderlaars

@kiokoman

Thanks for the reply, i'm baffled, do you have any ideas where i can look any further?
Do you have a Fixed PPPoE connection or DHCP granted PPPoE connection?

kiokoman

uhm i don't understand what you mean, i have a pppoe connection with 1 static ip from my isp .
the modem from my isp is in bridge mode and pfsense do the pppoe connection

make a screenshot of your bind configuration and interface configuration maybe we can find a clue from them

svanderlaars

I've got my WAN1 interface configured in PPPoE, bound on ethernet port igb3 with VLAN 6 as required by the ISP. It connects to a Draytek 2860 DSL modem that is in Full bridge mode

PFsense initiates the PPPoE Connection through the Draytak and receives a DHCP address from my ISP.

I have a total of 6 fixed IP addresses within a routed subnet from my ISP., of which 3 are currently in use. the WWW and MX are redirected toward virtual servers inside the network and work just fine.

The Bind configuration is listening on the 3rd IP alias, at least thats what i want it to do.

I've copied the PPP log from the last time i've rebooted the PFsense box.

Sep 27 17:49:42	ppp		[wan] 84.53.91.128 -> 90.145.146.131
Sep 27 17:49:42	ppp		[wan] IPCP: LayerUp
Sep 27 17:49:42	ppp		[wan] IPCP: state change Ack-Sent --> Opened
Sep 27 17:49:42	ppp		[wan] IPADDR 84.53.91.128
Sep 27 17:49:42	ppp		[wan] IPCP: rec'd Configure Ack #3 (Ack-Sent)
Sep 27 17:49:42	ppp		[wan] IFACE: Rename interface ng0 to pppoe0
Sep 27 17:49:42	ppp		[wan] IFACE: Up event
Sep 27 17:49:42	ppp		[wan] 0000:0000:0000:0001 -> be16:65ff:fe7e:0400
Sep 27 17:49:42	ppp		[wan] IPV6CP: LayerUp
Sep 27 17:49:42	ppp		[wan] IPV6CP: state change Ack-Sent --> Opened
Sep 27 17:49:42	ppp		[wan] IPV6CP: rec'd Configure Ack #2 (Ack-Sent)
Sep 27 17:49:42	ppp		[wan] IPADDR 84.53.91.128
Sep 27 17:49:42	ppp		[wan] IPCP: SendConfigReq #3
Sep 27 17:49:42	ppp		[wan] 84.53.91.128 is OK
Sep 27 17:49:42	ppp		[wan] IPADDR 84.53.91.128
Sep 27 17:49:42	ppp		[wan] IPCP: rec'd Configure Nak #2 (Ack-Sent)
Sep 27 17:49:42	ppp		[wan] IPV6CP: SendConfigReq #2
Sep 27 17:49:42	ppp		[wan] IPV6CP: rec'd Configure Nak #1 (Ack-Sent)
Sep 27 17:49:42	ppp		[wan] IPADDR 0.0.0.0
Sep 27 17:49:42	ppp		[wan] IPCP: SendConfigReq #2
Sep 27 17:49:42	ppp		[wan] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Sep 27 17:49:42	ppp		[wan] IPCP: rec'd Configure Reject #1 (Ack-Sent)
Sep 27 17:49:42	ppp		[wan] IPV6CP: state change Req-Sent --> Ack-Sent
Sep 27 17:49:42	ppp		[wan] IPV6CP: SendConfigAck #1
Sep 27 17:49:42	ppp		[wan] IPV6CP: rec'd Configure Request #1 (Req-Sent)
Sep 27 17:49:42	ppp		[wan] IPCP: state change Req-Sent --> Ack-Sent
Sep 27 17:49:42	ppp		[wan] IPADDR 90.145.146.131
Sep 27 17:49:42	ppp		[wan] IPCP: SendConfigAck #1
Sep 27 17:49:42	ppp		[wan] 90.145.146.131 is OK
Sep 27 17:49:42	ppp		[wan] IPADDR 90.145.146.131
Sep 27 17:49:42	ppp		[wan] IPCP: rec'd Configure Request #1 (Req-Sent)
Sep 27 17:49:42	ppp		[wan] IPV6CP: SendConfigReq #1
Sep 27 17:49:42	ppp		[wan] IPV6CP: state change Starting --> Req-Sent
Sep 27 17:49:42	ppp		[wan] IPV6CP: Up event
Sep 27 17:49:42	ppp		[wan] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Sep 27 17:49:42	ppp		[wan] IPADDR 0.0.0.0
Sep 27 17:49:42	ppp		[wan] IPCP: SendConfigReq #1
Sep 27 17:49:42	ppp		[wan] IPCP: state change Starting --> Req-Sent
Sep 27 17:49:42	ppp		[wan] IPCP: Up event
Sep 27 17:49:42	ppp		[wan] IPV6CP: LayerStart
Sep 27 17:49:42	ppp		[wan] IPV6CP: state change Initial --> Starting
Sep 27 17:49:42	ppp		[wan] IPV6CP: Open event
Sep 27 17:49:42	ppp		[wan] IPCP: LayerStart
Sep 27 17:49:42	ppp		[wan] IPCP: state change Initial --> Starting
Sep 27 17:49:42	ppp		[wan] IPCP: Open event
Sep 27 17:49:42	ppp		[wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Sep 27 17:49:42	ppp		[wan_link0] Link: Join bundle "wan"
Sep 27 17:49:42	ppp		[wan_link0] Link: Matched action 'bundle "wan" ""'
Sep 27 17:49:42	ppp		[wan_link0] LCP: authorization successful
Sep 27 17:49:42	ppp		[wan_link0] PAP: rec'd ACK #1 len: 5
Sep 27 17:49:41	ppp		[wan_link0] LCP: LayerUp
Sep 27 17:49:41	ppp		[wan_link0] PAP: sending REQUEST #1 len: 28
Sep 27 17:49:41	ppp		[wan_link0] PAP: using authname "ed539518@wxdsl"
Sep 27 17:49:41	ppp		[wan_link0] LCP: auth: peer wants PAP, I want nothing
Sep 27 17:49:41	ppp		[wan_link0] LCP: state change Ack-Rcvd --> Opened
Sep 27 17:49:41	ppp		[wan_link0] ENDPOINTDISC [LOCAL] 41 4d 53 2d 55 4e 45 54 2d 44 43 32 2d 45 52 30 38
Sep 27 17:49:41	ppp		[wan_link0] MAGICNUM 0x06162e0f
Sep 27 17:49:41	ppp		[wan_link0] AUTHPROTO PAP
Sep 27 17:49:41	ppp		[wan_link0] MRU 1492
Sep 27 17:49:41	ppp		[wan_link0] LCP: SendConfigAck #2
Sep 27 17:49:41	ppp		[wan_link0] ENDPOINTDISC [LOCAL] 41 4d 53 2d 55 4e 45 54 2d 44 43 32 2d 45 52 30 38
Sep 27 17:49:41	ppp		[wan_link0] MAGICNUM 0x06162e0f
Sep 27 17:49:41	ppp		[wan_link0] AUTHPROTO PAP
Sep 27 17:49:41	ppp		[wan_link0] MRU 1492
Sep 27 17:49:41	ppp		[wan_link0] LCP: rec'd Configure Request #2 (Ack-Rcvd)
Sep 27 17:49:41	ppp		[wan_link0] LCP: state change Req-Sent --> Ack-Rcvd
Sep 27 17:49:41	ppp		[wan_link0] MAGICNUM 0x4b2a5e44
Sep 27 17:49:41	ppp		[wan_link0] MRU 1492
Sep 27 17:49:41	ppp		[wan_link0] PROTOCOMP
Sep 27 17:49:41	ppp		[wan_link0] LCP: rec'd Configure Ack #1 (Req-Sent)
Sep 27 17:49:41	ppp		[wan_link0] MP MRRU 1524
Sep 27 17:49:41	ppp		[wan_link0] LCP: SendConfigRej #1
Sep 27 17:49:41	ppp		[wan_link0] ENDPOINTDISC [LOCAL] 41 4d 53 2d 55 4e 45 54 2d 44 43 32 2d 45 52 30 38
Sep 27 17:49:41	ppp		[wan_link0] MP MRRU 1524
Sep 27 17:49:41	ppp		[wan_link0] MAGICNUM 0x06162e0f
Sep 27 17:49:41	ppp		[wan_link0] AUTHPROTO PAP
Sep 27 17:49:41	ppp		[wan_link0] MRU 1492
Sep 27 17:49:41	ppp		[wan_link0] LCP: rec'd Configure Request #1 (Req-Sent)
Sep 27 17:49:41	ppp		[wan_link0] MAGICNUM 0x4b2a5e44
Sep 27 17:49:41	ppp		[wan_link0] MRU 1492
Sep 27 17:49:41	ppp		[wan_link0] PROTOCOMP
Sep 27 17:49:41	ppp		[wan_link0] LCP: SendConfigReq #1
Sep 27 17:49:41	ppp		[wan_link0] LCP: state change Starting --> Req-Sent
Sep 27 17:49:41	ppp		[wan_link0] LCP: Up event
Sep 27 17:49:41	ppp		[wan_link0] Link: UP event
Sep 27 17:49:41	ppp		[wan_link0] PPPoE: connection successful
Sep 27 17:49:41	ppp		PPPoE: rec'd ACNAME "AMS-UNET-DC2-ER08"
Sep 27 17:49:39	ppp		[wan_link0] PPPoE: Connecting to ''
Sep 27 17:49:39	ppp		[wan_link0] LCP: LayerStart
Sep 27 17:49:39	ppp		[wan_link0] LCP: state change Initial --> Starting
Sep 27 17:49:39	ppp		[wan_link0] LCP: Open event
Sep 27 17:49:39	ppp		[wan_link0] Link: OPEN event
Sep 27 17:49:39	ppp		[wan] Bundle: Interface ng0 created
Sep 27 17:49:39	ppp		web: web is not running
Sep 27 17:49:39	ppp		process 27954 started, version 5.8 (root@pfSense_v2_4_4_amd64-pfSense_v2_4_4-job-09 11:56 16-Nov-2018)
Sep 27 17:49:39	ppp		Multi-link PPP daemon for FreeBSD

I've also included the general log entry after the reboot:

General log 27-9.txt

kiokoman

ah i understand, this kind of configuration does not exist in my country
so if you select WAN1 as interface it take the fist dynamic ip that you don't need
if you select the virtual ip it does not start
let me do some test ..

how about select the loopback interface and add a port forward with destination 90.145.246.x 53 nat to 127.0.0.1 53 ?
i've tested it on my side and it seems to work

svanderlaars

@kiokoman It is set to DHCP, in theory i might be able to change it to fixed ip, but to do that i have to sacrifice one of the other 6 for it. Right now we use the 6 IP aliasses for different services and the DHCP address is used for "regular" internet traffic that is not bound to any fixed port or IP in either direction.

Though, when WLAN1 PPPoE is set to DHCP, bind listenes to the DHCP granted IP address. it just refuses to listen to a virtual IP Alias.

I've tried adding both WAN1 (PPPoE) and Virtual IP interfaces but no response would come from the Virtual IP Alias. Also tried setting it to WAN1 (PPPoE) and changing the IP inside the Bind config file, but that resulted in error where bind refuses to start.

I'll test the port redirection for the loopback and report back!

svanderlaars

Perfect! Now It works!

Now it receives and responds flawlessly on the Virtual IP Alias and i can see queries coming in from the Log files!

Thank you so much for sticking with me! Thought i do feel that doing it this way seems more like a workaround but that does not bother me, i can live with it the way it works now!

Thank you so much Kiokoman! :)

kiokoman

i'm glad it work, it seems a workaround indeed , until someone come out with a better idea ...

kiokoman

just for completeness, i'm unable to reproduce this problem on my test vm machine