DNS Resolver won't start with BIND running



  • I'm using BIND for many zones and the default DNS resolver for pfSense. it's been working for years.

    I'm trying to set BIND as the public DNS only and use DNS Resolver for the pfSense DNS.

    I set BIND to use specific virtual IPs only (public static IP addresses). I set DNS Resolver to use LAN and localhost.

    I don't get any config error, and I can apply changes. However, unbound won't start and the only DNS system log entries are from named. I can't find any log entries for unbound.

    I've tried adding, removing entries in the general setup for dns servers. none of that helped.

    How can I troubleshoot why unbound service won't start?

    -Stuart


  • LAYER 8 Global Moderator

    did you change the control port - they like to use the same 953 port. You can change it in the bind config to use a different port.

    Why do you want/need to run both? If your running bind it can do anything unbound can do, etc.



  • Thanks for the suggestion. I added "controls { };" to the global settings, but unbound still doesn't start and I still don't see anything in the system log about the failed start.

    I want to enable DNSBL in pfBlockerNG. It says you have to use DNS Resolver, I assume so it can dynamically add the blacklisted domains?


  • LAYER 8 Global Moderator

    @gogglespisano said in DNS Resolver won't start with BIND running:

    I added "controls { };

    Huh? Dude change the port in BIND... Bottom show advanced settings. If unbound can not start you would see it in the log... You sure you even have it enabled?



  • I found the log entry. The conflict is port 953 on 172.0.0.1.

    From what I read in the BIND documentation, control { }; is supposed to disable remote administration. I can still connect to 127.0.0.1:953 so it isn't working.

    Sorry, I don't see "advanced settings" in BIND settings.



  • The BIND config has an entry for controls, so my entry isn't disabling it.

    #Bind pfsense configuration
    #Do not edit this file!!!

    key "rndc-key" {
    algorithm hmac-md5;
    secret "xxxxxx";
    };

    controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "rndc-key"; };
    };


  • LAYER 8 Global Moderator

    On the bottom of the page

    0_1548454694031_bindadvanced.png



  • You must have a different version. This is what I have.

    0_1548454878094_c36931c8-0e93-4746-906d-dd10e5e1ffa1-image.png

    0_1548454854474_ed26e2be-a197-44bd-ab78-b57a8214a4da-image.png

    0_1548454816670_f758a331-1c86-4f44-a016-af4e5aaaa320-image.png


  • LAYER 8 Global Moderator

    Dude I am on the current version - if you do not see advanced on the bottom you have a problem

    0_1548455105789_bindpng.png

    Your global and custom are in the advanced section... I would reinstall the package, clear your browser cache.



  • I just reinstalled the BIND package and now I see the advanced settings.

    Trying to change the control port now...



  • Works now!

    Thanks for the help.


Log in to reply