Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind view+sync bug

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 702 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hcoin
      last edited by

      The Bind package supports both 'sync' and 'views'.  In a two system failover setup, if:

      1. sync to configured backup server is enabled. and
      2. there are two views of the same domain, one to include the LAN subnet and the other to exclude the LAN subnet (www only)
      3. dnssec enabled (don't know if this is or isn't necessary to demonstrate the bug)

      then

      All dns requests to the slave mode / backup computer will resolve using only the LAN name database.  The version running as the master name server will do the 'split dns' resolution normally.

      v 2.3.1-RELEASE-p1

      Workaround:

      Use Bind for only the www name database, exclude the WAN.  Single view.  Enable the local resolver / Unbound for the LAN lookups.  Be sure to delete /cf/named/etc/namedb/slave/<domain>/* or it will still resolve the old LAN names.</domain>

      1 Reply Last reply Reply Quote 0
      • H
        hcoin
        last edited by

        PS.  The namedb files in /cf/named/etc/namedb/slave/LAN and …/WAN are the same, and match those under /LAN on the master.  The  ..../WAN db on the master is correct.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.