BIND DNS issue



  • I'm looking to utilize the BIND Resolver so that I can host Primary and Secondary zones on my pfsense box.

    I'm initially just setting it up for secondary zones.  I believe I have it configured correctly, and can see in the logs (both on the Primary node and on pfsense) that the zone files are being transferred.  I have a few issues:

    1)  Under Services->BIND DNS Settings-> Zones I see my 3 currently configured secondary zones, but no serial number.  That seems odd.
    2)  If I Diagnostics ->DNS lookup, the system can resolve anything in the secondary files.  This is encouraging.
    3)  If I go to another server on my LAN, crank up nslookup, set pfsense as the server, I can lookup anything external, but nothing in the secondary zones.  All such request come back (and are logged) as Refused/Denied.

    Enable is toggled in Settings, with listen set to all interfaces, notify is enabled, hide version is enabled, logging is enabled, rate limit is enabled at set to 15.  Other settings are blank.
    I have defined a "trusted" ACL that contains my Primary servers, and all local LAN IP blocks.
    I have defined a "query" View with the following characteristics:
          Recursion Yes
          Match-clients any (Since I eventually want to register this as an official name server for my domains)
          Allow-recursion trusted
    Sync is not configured

    What else do I need to do?


Log in to reply