Bind DNS problem with HA cfg
-
Hy!
I have a problem with my Bind dns server.
Now we are runing on HA cfg and if i change the ha to my backup node the bind dns is not working properly.It looks like the cfg changes sync working but on the secondary node the resulting zone cfg file field is empty.
I dont know why.
On the primary node it is filled.
Somebody expert give me some help about this?
Thanks for the help!
bolvar
-
Seriously nobody has a solution for this? :/
-
I'm not familiar with that package but since it is a package, does it have its own ability to sync configuration, and what to sync? For instance pfBlockerNG and Suricata handle that in each package's settings.
-
Packages themselves have to make specific calls to the pfSense base system, and also perform some other code mini-miracles, in order to sync their configuration across multiple hosts. I'm not intimately familiar with the
bindpackage, but I do know that in the two packages I support (Suricata and Snort) I had to write quite a bit of code to accomplish syncing settings across mutliple hosts.My guess, from looking at what you posted, is the
bindpackage creator is not grabbing and syncing all the configuration fields from the bind section of the master firewall'sconfig.xmlfile. For example, that area you posted may very well actually be populated by the content of another physical file on the master firewall. Perhaps thebindpackage is not copying that master file to all the replication partners ?? Only thebindpackage creator/maintainer is likely to be able to answer that question. Anyone else would have to study the package source code and attempt to reverse-engineer the logic in order to figure out what's missing in the replication. -
-
@bolvar said in Bind DNS problem with HA cfg:
Thanks for the advise, i will look around on the bind forums then.
bolvar
I didn't mean the upstream
bindpackage creator, I meant the person who created the package for pfSense. The upstream folks on thebindforums will not be able to help unless it was one of them that created the pfSense GUI package forbind.Packages used on pfSense that have a GUI are created especially for pfSense. The underlying binary that performs the actual task is maintained by others, but the GUI you see is provided by PHP code written by the person who created the package for pfSense. The GUI generally is just a front-end tool that makes it easy to input configuration parameters that eventually are written to some conf file the underlying binary is looking for.
-
Aha, but where :D Maybe i thinked a little too much, if i use this forum i will get help about the problem, because after i made the HA config and tried a full reset on my second node, the problem camed up.
-
@bolvar
Your issue is, I believe, most definitely related to the GUI code in the pfSense package and not a problem with thebindbinary.I do not know who was the original creator of the pfSense
bindGUI package. -
I looked in the package manifest (really the Makefile), and this person is listed as the maintainer:
tech@voleatech.de
Don't know if that is still current.
-
The PHP file that contains the actual XMLRPC sync code is this one, if you want to have a look and are familiar with PHP programming:
/usr/local/pkg/bind.incI see that it syncs all the info stored in
config.xmlbybind, but it is not syncing any external configuration file contents. Don't know if that option box you show in your first post is actually an external file or not. By "external file" I mean data that is stored somewhere on the file system that is not encoded within theconfig.xmlmaster configuration file used on pfSense. -
Thanks for the help, try to contact with the creator of the pacage, but still sad that nobody has an aswere for this from pfsense support...Because the error camed when i used the HA cfg what is supported by the pfsense coders not the bind package creator.
-
I think i found the problem.
In slave state the zone file didnt get generated.
If i sate the state on my secondary node to master to zone file get generated, and mxtoolbox query workes.Someone can give advise about this?
