Possible bug with BIND config generate in 2.4.5 (bind package: 9.14_3)
-
I have just upgraded pfsense to version 2.4.5. After that action bind stopped working (cannot start) ending with errors:
- rpz is not master or slave zone
- loading configuration: not found
After analysis I found that invalid /cf/named/etc/namedb/named.conf file was generated.
In section OPTIONS, response-policy configuration is missing ".in-addr.arpa" suffix for reverse zone. In a view reverse zone has correct format (also with suffix).
That cause miscofiguration.
Generated invalid config file example:
options { ... response-policy { zone "0.168.192"; }; .... }; view "local view" { recursion yes; zone "0.168.192.in-addr.arpa" { type master; file "/etc/namedb/master/local view/0.168.192.DB"; allow-query { localhost; localnets; }; allow-update { localhost; localnets; }; }; zone "." { type hint; file "/etc/namedb/named.root"; }; };Manual edit of file /cf/named/etc/namedb/named.conf and adding suffix fix the issue.
Can you clarify, please?
-
i have bind on a dedicated server not inside pfsense but
for me, response policy is defined inside view also i don't have a reverse for rpz, noob question but why a reverse?RPZ is essentially a filtering mechanism, either preventing people from visiting internet domains, or pointing them to other locations by manipulating the DNS answers in different ways
-
My bind service also failed to start after upgrading to 2.4.5, with this same exact error. After deleting my RPZ zone, it started up fine. I believe it is likely a bug, as you said.
-
This post is deleted! -
Linked issue:
https://redmine.pfsense.org/issues/10445