Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind upgrade producing errors on pfsense 2.5 upgrade

    Scheduled Pinned Locked Moved pfSense Packages
    112 Posts 16 Posters 29.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wrgraves
      last edited by

      @anthonypants Looks like '/usr/local/etc/rc.d/named.sh start' is suppose to start it up but no error messages and it doesn't start

      @viktor_g I'm a little overwhelmed by the submission process

      A 1 Reply Last reply Reply Quote 0
      • A
        anthonypants @wrgraves
        last edited by

        @wrgraves Yeah, if you open up that script file, it says that when it's called to start the job, it'll check if named exists in the list of running processes (ps auxw), and if it isn't already running, it'll run the command /usr/local/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/. -t says it needs to run inside the chroot at /cf/named/, -c points to the configuration file it's going to use (also inside the chroot), and -u says which user it'll run as.

        And my Redmine bug report is here, if you want to add your details.

        1 Reply Last reply Reply Quote 1
        • viktor_gV
          viktor_g Netgate
          last edited by viktor_g

          could you try to re-save BIND configuration in the WebGUI and check again?
          that can be related to https://redmine.pfsense.org/issues/7271

          A 1 Reply Last reply Reply Quote 0
          • W
            wrgraves
            last edited by

            Without named running I could not re-save the config. I check and unbound is not running during this. Not sure how that might make named exit with a segmentation fault...
            root@pfSense:~# dmesg | grep named
            pid 72980 (named), jid 0, uid 0: exited on signal 11
            pid 48394 (named), jid 0, uid 0: exited on signal 11
            pid 9508 (named), jid 0, uid 0: exited on signal 11
            pid 77683 (named), jid 0, uid 0: exited on signal 11
            pid 84007 (named), jid 0, uid 0: exited on signal 11
            pid 35131 (named), jid 0, uid 0: exited on signal 11

            signal 11, also know as "segmentation fault

            1 Reply Last reply Reply Quote 0
            • A
              anthonypants @viktor_g
              last edited by

              @viktor_g Modifying the BIND configuration via the WebGUI doesn't appear to do anything. Changing the unbound configuration to use port 8953 is a strange suggestion; no one in this thread appears to be seeing "can't bind socket" errors from unbound, and I can assure you that when named is segfaulting on my system, neither is unbound running, nor is anything using port 953.

              1 Reply Last reply Reply Quote 0
              • viktor_gV
                viktor_g Netgate
                last edited by

                What appliance are you using?
                VM, Netgate appliance, other hardware?

                1 Reply Last reply Reply Quote 0
                • M
                  matthijs
                  last edited by matthijs

                  Same issues here with Bind, I tried everything I could to get this running, I am running on a VM (VMware) Bind currently is NOT compatible with pfSense 2.5.0 period ! Just try to run Bind and rncd on a different port (under the advanced button on the main Bind config window in de web config, and try to run Bind or reinstall Bind and see what happens) I can hardly believe this package was tested on 2.5.0, of course an issue can happen from time to time with a major release, but I am struggling with the Bind control port for years. I did a clean install and restored my configuration, no show for bind what ever I do. It should run on 127.0.0.1 on port 953 and control port on 127.0.0.1 9953 in my configuration

                  Here the log when I try to start Bind:

                  Feb 21 12:43:39 named 11107 starting BIND 9.16.11 (Stable Release) id:9ff601b
                  Feb 21 12:43:39 named 11107 running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
                  Feb 21 12:43:39 named 11107 built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
                  Feb 21 12:43:39 named 11107 running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
                  Feb 21 12:43:39 named 11107 compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
                  Feb 21 12:43:39 named 11107 compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
                  Feb 21 12:43:39 named 11107 linked to OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
                  Feb 21 12:43:39 named 11107 compiled with libxml2 version: 2.9.10
                  Feb 21 12:43:39 named 11107 linked to libxml2 version: 20910
                  Feb 21 12:43:39 named 11107 compiled with json-c version: 0.15
                  Feb 21 12:43:39 named 11107 linked to json-c version: 0.15
                  Feb 21 12:43:39 named 11107 compiled with zlib version: 1.2.11
                  Feb 21 12:43:39 named 11107 linked to zlib version: 1.2.11
                  Feb 21 12:43:39 named 11107 ----------------------------------------------------
                  Feb 21 12:43:39 named 11107 BIND 9 is maintained by Internet Systems Consortium,
                  Feb 21 12:43:39 named 11107 Inc. (ISC), a non-profit 501(c)(3) public-benefit
                  Feb 21 12:43:39 named 11107 corporation. Support and training for BIND 9 are
                  Feb 21 12:43:39 named 11107 available at https://www.isc.org/support
                  Feb 21 12:43:39 named 11107 ----------------------------------------------------
                  Feb 21 12:43:39 named 11107 found 4 CPUs, using 4 worker threads
                  Feb 21 12:43:39 named 11107 using 4 UDP listeners per interface
                  Feb 21 12:43:39 named 11107 using up to 21000 sockets
                  Feb 21 12:43:39 named 11107 loading configuration from '/etc/namedb/named.conf'
                  Feb 21 12:43:39 named 11107 unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
                  Feb 21 12:43:39 named 11107 using default UDP/IPv4 port range: [49152, 65535]
                  Feb 21 12:43:39 named 11107 using default UDP/IPv6 port range: [49152, 65535]
                  Feb 21 12:43:39 named 11107 listening on IPv6 interface vmx1, xxxxxIPv6xxxxxxxxxxxxxxxx#953
                  Feb 21 12:43:39 named 11107 listening on IPv6 interface lo0, ::1#953
                  Feb 21 12:43:39 named 11107 listening on IPv4 interface lo0, 127.0.0.1#953
                  Feb 21 12:43:39 named 11107 creating TCP socket: address in use
                  Feb 21 12:43:39 named 11107 generating session key for dynamic DNS
                  Feb 21 12:43:39 named 11107 sizing zone task pool based on 4 zones

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    matthijs @matthijs
                    last edited by

                    So I rolled back to pfSense 2.4 because of Bind not working at all
                    I have the 2.5.0 Vmware VM still available so if I need to test something of provide logging or so, I will be ready to help

                    Kr Matthijs

                    1 Reply Last reply Reply Quote 0
                    • N
                      nordeep
                      last edited by

                      The same for me. Seems named is going to Segmentation fault if tried to start with -t(chroot).
                      Looking forward to a fix.
                      Roll back to 2.4

                      1 Reply Last reply Reply Quote 0
                      • viktor_gV
                        viktor_g Netgate
                        last edited by

                        still don't understand how to reproduce this issue,
                        clean install on 2.5 CE with minimal configuration:

                        Feb 21 19:56:08 pf42 named[54874]: starting BIND 9.16.11 (Stable Release) <id:9ff601b>
Feb 21 19:56:08 pf42 named[54874]: running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
Feb 21 19:56:08 pf42 named[54874]: built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
Feb 21 19:56:08 pf42 named[54874]: running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
Feb 21 19:56:08 pf42 named[54874]: compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
Feb 21 19:56:08 pf42 named[54874]: compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
Feb 21 19:56:08 pf42 named[54874]: linked to OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
Feb 21 19:56:08 pf42 named[54874]: compiled with libxml2 version: 2.9.10
Feb 21 19:56:08 pf42 named[54874]: linked to libxml2 version: 20910
Feb 21 19:56:08 pf42 named[54874]: compiled with json-c version: 0.15
Feb 21 19:56:08 pf42 named[54874]: linked to json-c version: 0.15
Feb 21 19:56:08 pf42 named[54874]: compiled with zlib version: 1.2.11
Feb 21 19:56:08 pf42 named[54874]: linked to zlib version: 1.2.11
Feb 21 19:56:08 pf42 named[54874]: ----------------------------------------------------
Feb 21 19:56:08 pf42 named[54874]: BIND 9 is maintained by Internet Systems Consortium,
Feb 21 19:56:08 pf42 named[54874]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Feb 21 19:56:08 pf42 named[54874]: corporation.  Support and training for BIND 9 are 
Feb 21 19:56:08 pf42 named[54874]: available at https://www.isc.org/support
Feb 21 19:56:08 pf42 named[54874]: ----------------------------------------------------
Feb 21 19:56:08 pf42 named[54874]: found 1 CPU, using 1 worker thread
Feb 21 19:56:08 pf42 named[54874]: using 1 UDP listener per interface
Feb 21 19:56:08 pf42 named[54874]: using up to 21000 sockets
Feb 21 19:56:08 pf42 named[54874]: loading configuration from '/etc/namedb/named.conf'
Feb 21 19:56:08 pf42 named[54874]: unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv4 port range: [49152, 65535]
Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv6 port range: [49152, 65535]
Feb 21 19:56:08 pf42 named[54874]: listening on IPv4 interface vtnet2, 172.16.16.42#53
Feb 21 19:56:08 pf42 named[54874]: listening on IPv6 interface vtnet2, fc00:172::42#53
Feb 21 19:56:08 pf42 named[54874]: generating session key for dynamic DNS
Feb 21 19:56:08 pf42 named[54874]: sizing zone task pool based on 0 zones
Feb 21 19:56:08 pf42 named[54874]: using built-in root key for view _default
Feb 21 19:56:08 pf42 named[54874]: set up managed keys zone for view _default, file 'managed-keys.bind'
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 10.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 16.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 17.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 18.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 19.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 20.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 21.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 22.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 23.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 24.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 25.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 26.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 27.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 28.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 29.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 30.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 31.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 168.192.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 64.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 65.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 66.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 67.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 68.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 69.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 70.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 71.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 72.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 73.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 74.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 75.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 76.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 77.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 78.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 79.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 80.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 81.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 82.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 83.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 84.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 85.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 86.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 87.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 88.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 89.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 90.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 91.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 92.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 93.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 94.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 95.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 96.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 97.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 98.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 99.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 101.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 102.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 103.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 104.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 105.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 106.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 107.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 108.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 109.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 110.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 111.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 112.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 114.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 115.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 116.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 117.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 118.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 119.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 120.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 121.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 122.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 123.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 124.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 125.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 126.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: D.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: A.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: B.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: EMPTY.AS112.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: HOME.ARPA
Feb 21 19:56:08 pf42 named[54874]: command channel listening on 127.0.0.1#8953
Feb 21 19:56:08 pf42 named[54874]: dns_rdata_fromtext: managed-keys.bind:10: near eol: unexpected end of input
Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loading from master file managed-keys.bind failed: unexpected end of input
Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loaded serial 11
Feb 21 19:56:08 pf42 named[54874]: all zones loaded
Feb 21 19:56:08 pf42 named[54874]: running
Feb 21 19:56:08 pf42 named[54874]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 8.8.8.8#53
Feb 21 19:56:18 pf42 named[54874]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Feb 21 19:56:18 pf42 named[54874]: resolver priming query complete

                        /cf/named/etc/namedb/named.conf:

                        #Bind pfsense configuration
#Do not edit this file!!!

 key "rndc-key" {
 	algorithm hmac-sha256;
 	secret "UeBwwrg21QirnwHQnl/H36PjGXa0q3hBIewPKXH6/20=";
 };

 controls {
 	inet 127.0.0.1 port 8953
 		allow { 127.0.0.1; } keys { "rndc-key"; };
 };



options {
	directory "/etc/namedb";
	pid-file "/var/run/named/pid";
	statistics-file "/var/log/named.stats";
	max-cache-size 256M;
	dnssec-validation auto;

	listen-on-v6 port 53 { fc00:172::42;  };
	listen-on port 53 { 172.16.16.42;  };
	forwarders { 8.8.8.8; };
	
};
                        1 Reply Last reply Reply Quote 0
                        • M
                          matthijs
                          last edited by

                          In my case its saying after listening on IP interfaces in the log

                          creating TCP socket: address in use

                          like port 953 is already in use or so

                          1 Reply Last reply Reply Quote 0
                          • W
                            wrgraves
                            last edited by

                            Might be a problem in our configs. Hope to have an extra box tomorrow night so I can build a fresh install and load my config sometime after that. I can't take down my failed box. Have uninstalled Bind and turned on unbound and switched to Bind on another box until this is resolved.

                            1 Reply Last reply Reply Quote 0
                            • M
                              matthijs
                              last edited by

                              FYI I already did a fresh install and restored my configuration, same problem

                              W 1 Reply Last reply Reply Quote 0
                              • W
                                wrgraves @matthijs
                                last edited by wrgraves

                                @matthijs did bind work before you installed your config ?

                                1 Reply Last reply Reply Quote 0
                                • M
                                  matthijs
                                  last edited by

                                  I have a working 2.4.5 VM running (with no bind problems), If I upgrade to 2.5 I have bind issues.
                                  I also did a fresh 2.5.0 install and restored my 2.4.5 configuration, in both situations I have bind issues

                                  W 1 Reply Last reply Reply Quote 0
                                  • M
                                    matthijs
                                    last edited by

                                    I also have ACME implemented with Bind/DNS, so I have ACME keys in Global Settings (main configuration menu - > Advanced Options button) Maybe this is something in common with other people also having issues with bind and 2.5.0 ?

                                    1 Reply Last reply Reply Quote 0
                                    • W
                                      wrgraves @matthijs
                                      last edited by

                                      @matthijs I was asking if you tried to install and test Bind on a fresh install of 2.5 before your loaded your config into it ?

                                      M A 2 Replies Last reply Reply Quote 0
                                      • M
                                        matthijs @wrgraves
                                        last edited by matthijs

                                        @wrgraves No I did not do a fresh bind install on a fresh 2.5.0 install (I guess that works fine, like in your situation?)

                                        W 1 Reply Last reply Reply Quote 0
                                        • N
                                          nordeep
                                          last edited by

                                          After upgrade to 2.5. Simple run: /usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/ result is Segmentation fault.

                                          I'm using common bind setup - 1 view, 2 zones, 4 ACLs, No Sync.

                                          viktor_gV 1 Reply Last reply Reply Quote 0
                                          • W
                                            wrgraves @matthijs
                                            last edited by

                                            @matthijs I have not done that yet. It would take too much downtime. I have a spare system on order that is do tomorrow. Once that's available I should be able to build a stand alone system and try that.

                                            M 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.