Bind view+sync bug

pfSense Packages
Log in to reply
  • H

    The Bind package supports both 'sync' and 'views'.  In a two system failover setup, if:

    1. sync to configured backup server is enabled. and
    2. there are two views of the same domain, one to include the LAN subnet and the other to exclude the LAN subnet (www only)
    3. dnssec enabled (don't know if this is or isn't necessary to demonstrate the bug)

    then

    All dns requests to the slave mode / backup computer will resolve using only the LAN name database.  The version running as the master name server will do the 'split dns' resolution normally.

    v 2.3.1-RELEASE-p1

    Workaround:

    Use Bind for only the www name database, exclude the WAN.  Single view.  Enable the local resolver / Unbound for the LAN lookups.  Be sure to delete /cf/named/etc/namedb/slave/<domain>/* or it will still resolve the old LAN names.</domain>

    0
  • H

    PS.  The namedb files in /cf/named/etc/namedb/slave/LAN and …/WAN are the same, and match those under /LAN on the master.  The  ..../WAN db on the master is correct.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy