[SOLVED] BIND setup. How?



  • Hello all!

    I've got troubles with installing BIND. It's not resolving DNS that is added via WebUI. What I am doing:

    • Ensure that DNS Resolver and Forwarder switched off
    • Ensure that BIND started and operational (it's shown on dashboard that all is OK) and it's return on dig in console
    [2.4.4-RELEASE][user@pfsense]$ dig @127.0.0.1 . ANY
    
    ; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 . ANY
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47008
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;.				IN	ANY
    
    ;; ANSWER SECTION:
    .			518360	IN	NS	a.root-servers.net.
    .			518360	IN	NS	b.root-servers.net.
    .			518360	IN	NS	c.root-servers.net.
    .			518360	IN	NS	d.root-servers.net.
    .			518360	IN	NS	e.root-servers.net.
    .			518360	IN	NS	f.root-servers.net.
    .			518360	IN	NS	g.root-servers.net.
    .			518360	IN	NS	h.root-servers.net.
    .			518360	IN	NS	i.root-servers.net.
    .			518360	IN	NS	j.root-servers.net.
    .			518360	IN	NS	k.root-servers.net.
    .			518360	IN	NS	l.root-servers.net.
    .			518360	IN	NS	m.root-servers.net.
    .			518360	IN	RRSIG	NS 8 0 518400 20190502050000 20190419040000 25266 . uY8e/0R6YXnWHY0GYYe4PfqHKYN6pK4IKiXCxCmQm60AosCob7uTRRdB 3XqW4rojym0hZUHhHUVUbiFmGpHgS8qTwpcq01Alsl6o/p3XH09bar3N XY9aOfCfVutPWfLZ0geg/LrhUn1QwQwHBQmk4CIWBIvU8/11lPaJ95En h2VIcbCDItMoeSNoyM/VW73O9LP6xTyPXN4VSEML3MVH5LNZhPUjwwa/ mGMg1aGO7iR+NxOju5Tue6HIbpvORozH0vVnPAI426xeia2Wbl2NblJ/ jq3BdDb4mY+rSoybyaXaIGreckZifL90f/GXxNnysVp0xTkkNIlaxx7t 5TyK8g==
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Apr 19 09:04:31 *** 2019
    ;; MSG SIZE  rcvd: 525
    
    • Added zone via GUI

    Screen Shot 2019-04-19 at 09.43.09.png

    I'd done it before via configuration files many times. I am trying to add the same from working on pure FreeBSD servers - but in result nothing.

    The symptoms:

    • The field of resulting conf file empty

    Screen Shot 2019-04-19 at 09.45.34.png

    • The dig command return this:
    dig @127.0.0.1 test.test ANY
    
    ; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 test.test ANY
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48031
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ; COOKIE: 58eff4223ab9c460dd5322a95cb963044827eaa0caaf25bc (good)
    ;; QUESTION SECTION:
    ;test.test.			IN	ANY
    
    ;; Query time: 6 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Apr 19 08:56:20 *** 2019
    ;; MSG SIZE  rcvd: 65
    
    • Nothing in conf file appeared after adding anything
    #Bind pfsense configuration
    #Do not edit this file!!!
    
     key "rndc-key" {
            algorithm hmac-md5;
            secret "wwwwwwww==";
     };
    
     controls {
            inet 127.0.0.1 port 953
                    allow { 127.0.0.1; } keys { "rndc-key"; };
     };
    
    
    
    options {
            directory "/etc/namedb";
            pid-file "/var/run/named/pid";
            statistics-file "/var/log/named.stats";
            max-cache-size 256M;
            rate-limit {
                    responses-per-second 15;
                    log-only no;
            };
            listen-on-v6 port 53 { ::1;  };
            listen-on port 53 { 172.16.0.1; 172.16.1.1; 127.0.0.1;  };
            forwarders { 8.8.8.8; };
            version none;
    
    };
    
    • nothing in namedb directory
    $ ls -la /cf/named//etc/namedb/
    total 15
    drwxr-xr-x  3 bind  wheel     6 Apr 19 09:43 .
    drwxr-xr-x  3 root  wheel     4 Apr 17 19:30 ..
    drwxr-xr-x  2 bind  wheel     2 Apr 17 19:30 keys
    -rw-r--r--  1 root  wheel   541 Apr 19 09:43 named.conf
    -rw-r--r--  1 root  wheel  3313 Apr 17 19:30 named.root
    -rw-r--r--  1 root  wheel   163 Apr 19 09:43 rndc.conf
    

    What am I missing? Is there any manual about setting it up via Web UI?



  • Just tried to use DNS Resolver instead of BIND. The same issue - it looks like it adding to pfSense DB but not adding it to configs. I've done adding the myhost.example.com through the DNS resolver

    Screen Shot 2019-04-19 at 11.07.33.png

    In dig command reply I've got this:

    $ dig @127.0.0.1 myhost.example.com ANY
    
    ; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 myhost.example.com ANY
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56266
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;myhost.example.com.		IN	ANY
    
    ;; AUTHORITY SECTION:
    example.com.		3600	IN	SOA	sns.dns.icann.org. noc.dns.icann.org. 2019041009 7200 3600 1209600 3600
    
    ;; Query time: 670 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Apr 19 11:09:22 *** 2019
    ;; MSG SIZE  rcvd: 104
    

    It looks like web UI isn't adding anything into config files but it's appearing in pfSense UI DB.



  • Just tried to check permissions (I've been adding not under "admin" user) - under "admin" user the same issue appeared.

    Screen Shot 2019-04-19 at 11.26.24.png


  • LAYER 8 Global Moderator

    Where did you get the idea that ANY is going to return anything?

    Do an actual query for a FQDN that you entered!

    in your example there your fully qualified name would be

    myhost.myhost.example.com no myhost.example.com

    examplequery.png

    ANY hasn't been a valid sort of query for long time!



  • Got it! It's working! Thanks.


  • LAYER 8 Global Moderator

    Also bind works too - did you hit save? If you do not hit save where you create your zone, then the config will not be generated.. Also you will need to create a view that your zone is in, etc...

    bindworks.png



  • @johnpoz For BIND I did everything that you mentioning. But nothing appeared for me. Only DNS Resolver working right now. And really don't know why. What I see from screenshot - the diff is createview, I havent't it. In my version it's empty.


  • LAYER 8 Global Moderator

    You have to hit the SAVE button!!

    savebutton.png

    Outside off the zone.. Then go back into your zone and you will see your conf file..



  • @johnpoz What I see from screenshot - the diff is createview, I havent't it. In my version it's empty.


  • LAYER 8 Global Moderator

    You didn't create a view would be my guess!



  • @johnpoz Yes. I've been pressing this button. For me creating view is a little new way. I've been only writing configs for BIND on pure FreeBSD. What does it mean VIEW?


  • LAYER 8 Global Moderator

    You have been using bind for how long? And you don't know what a view is?

    views.png

    it determines what a specific client will be able to view in the zone..

    edit:
    https://kb.isc.org/docs/aa-00851
    Understanding views in BIND 9, by example



  • @johnpoz About 10 years. I've been only writing zone files and add it in named.conf and everything was working. From now started to read about it. Thanks a lot.


  • LAYER 8 Global Moderator

    Views have been around a REALLY Long time!! Pretty sure views have been available since the release of 9, like 2000 was it?


Log in to reply