Bind upgrade producing errors on pfsense 2.5 upgrade
- 
 @viktor_g Modifying the BIND configuration via the WebGUI doesn't appear to do anything. Changing the unbound configuration to use port 8953 is a strange suggestion; no one in this thread appears to be seeing "can't bind socket" errors from unbound, and I can assure you that when named is segfaulting on my system, neither is unbound running, nor is anything using port 953. 
- 
 What appliance are you using? 
 VM, Netgate appliance, other hardware?
- 
 Same issues here with Bind, I tried everything I could to get this running, I am running on a VM (VMware) Bind currently is NOT compatible with pfSense 2.5.0 period ! Just try to run Bind and rncd on a different port (under the advanced button on the main Bind config window in de web config, and try to run Bind or reinstall Bind and see what happens) I can hardly believe this package was tested on 2.5.0, of course an issue can happen from time to time with a major release, but I am struggling with the Bind control port for years. I did a clean install and restored my configuration, no show for bind what ever I do. It should run on 127.0.0.1 on port 953 and control port on 127.0.0.1 9953 in my configuration Here the log when I try to start Bind: Feb 21 12:43:39 named 11107 starting BIND 9.16.11 (Stable Release) id:9ff601b 
 Feb 21 12:43:39 named 11107 running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
 Feb 21 12:43:39 named 11107 built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
 Feb 21 12:43:39 named 11107 running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
 Feb 21 12:43:39 named 11107 compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
 Feb 21 12:43:39 named 11107 compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
 Feb 21 12:43:39 named 11107 linked to OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
 Feb 21 12:43:39 named 11107 compiled with libxml2 version: 2.9.10
 Feb 21 12:43:39 named 11107 linked to libxml2 version: 20910
 Feb 21 12:43:39 named 11107 compiled with json-c version: 0.15
 Feb 21 12:43:39 named 11107 linked to json-c version: 0.15
 Feb 21 12:43:39 named 11107 compiled with zlib version: 1.2.11
 Feb 21 12:43:39 named 11107 linked to zlib version: 1.2.11
 Feb 21 12:43:39 named 11107 ----------------------------------------------------
 Feb 21 12:43:39 named 11107 BIND 9 is maintained by Internet Systems Consortium,
 Feb 21 12:43:39 named 11107 Inc. (ISC), a non-profit 501(c)(3) public-benefit
 Feb 21 12:43:39 named 11107 corporation. Support and training for BIND 9 are
 Feb 21 12:43:39 named 11107 available at https://www.isc.org/support
 Feb 21 12:43:39 named 11107 ----------------------------------------------------
 Feb 21 12:43:39 named 11107 found 4 CPUs, using 4 worker threads
 Feb 21 12:43:39 named 11107 using 4 UDP listeners per interface
 Feb 21 12:43:39 named 11107 using up to 21000 sockets
 Feb 21 12:43:39 named 11107 loading configuration from '/etc/namedb/named.conf'
 Feb 21 12:43:39 named 11107 unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
 Feb 21 12:43:39 named 11107 using default UDP/IPv4 port range: [49152, 65535]
 Feb 21 12:43:39 named 11107 using default UDP/IPv6 port range: [49152, 65535]
 Feb 21 12:43:39 named 11107 listening on IPv6 interface vmx1, xxxxxIPv6xxxxxxxxxxxxxxxx#953
 Feb 21 12:43:39 named 11107 listening on IPv6 interface lo0, ::1#953
 Feb 21 12:43:39 named 11107 listening on IPv4 interface lo0, 127.0.0.1#953
 Feb 21 12:43:39 named 11107 creating TCP socket: address in use
 Feb 21 12:43:39 named 11107 generating session key for dynamic DNS
 Feb 21 12:43:39 named 11107 sizing zone task pool based on 4 zones
- 
 So I rolled back to pfSense 2.4 because of Bind not working at all 
 I have the 2.5.0 Vmware VM still available so if I need to test something of provide logging or so, I will be ready to helpKr Matthijs 
- 
 The same for me. Seems named is going to Segmentation faultif tried to start with-t(chroot).
 Looking forward to a fix.
 Roll back to2.4
- 
 still don't understand how to reproduce this issue, 
 clean install on 2.5 CE with minimal configuration:Feb 21 19:56:08 pf42 named[54874]: starting BIND 9.16.11 (Stable Release) <id:9ff601b> Feb 21 19:56:08 pf42 named[54874]: running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense Feb 21 19:56:08 pf42 named[54874]: built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf' Feb 21 19:56:08 pf42 named[54874]: running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/ Feb 21 19:56:08 pf42 named[54874]: compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2) Feb 21 19:56:08 pf42 named[54874]: compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020 Feb 21 19:56:08 pf42 named[54874]: linked to OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020 Feb 21 19:56:08 pf42 named[54874]: compiled with libxml2 version: 2.9.10 Feb 21 19:56:08 pf42 named[54874]: linked to libxml2 version: 20910 Feb 21 19:56:08 pf42 named[54874]: compiled with json-c version: 0.15 Feb 21 19:56:08 pf42 named[54874]: linked to json-c version: 0.15 Feb 21 19:56:08 pf42 named[54874]: compiled with zlib version: 1.2.11 Feb 21 19:56:08 pf42 named[54874]: linked to zlib version: 1.2.11 Feb 21 19:56:08 pf42 named[54874]: ---------------------------------------------------- Feb 21 19:56:08 pf42 named[54874]: BIND 9 is maintained by Internet Systems Consortium, Feb 21 19:56:08 pf42 named[54874]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Feb 21 19:56:08 pf42 named[54874]: corporation. Support and training for BIND 9 are Feb 21 19:56:08 pf42 named[54874]: available at https://www.isc.org/support Feb 21 19:56:08 pf42 named[54874]: ---------------------------------------------------- Feb 21 19:56:08 pf42 named[54874]: found 1 CPU, using 1 worker thread Feb 21 19:56:08 pf42 named[54874]: using 1 UDP listener per interface Feb 21 19:56:08 pf42 named[54874]: using up to 21000 sockets Feb 21 19:56:08 pf42 named[54874]: loading configuration from '/etc/namedb/named.conf' Feb 21 19:56:08 pf42 named[54874]: unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv4 port range: [49152, 65535] Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv6 port range: [49152, 65535] Feb 21 19:56:08 pf42 named[54874]: listening on IPv4 interface vtnet2, 172.16.16.42#53 Feb 21 19:56:08 pf42 named[54874]: listening on IPv6 interface vtnet2, fc00:172::42#53 Feb 21 19:56:08 pf42 named[54874]: generating session key for dynamic DNS Feb 21 19:56:08 pf42 named[54874]: sizing zone task pool based on 0 zones Feb 21 19:56:08 pf42 named[54874]: using built-in root key for view _default Feb 21 19:56:08 pf42 named[54874]: set up managed keys zone for view _default, file 'managed-keys.bind' Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 10.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 16.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 17.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 18.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 19.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 20.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 21.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 22.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 23.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 24.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 25.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 26.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 27.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 28.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 29.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 30.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 31.172.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 168.192.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 64.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 65.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 66.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 67.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 68.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 69.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 70.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 71.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 72.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 73.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 74.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 75.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 76.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 77.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 78.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 79.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 80.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 81.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 82.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 83.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 84.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 85.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 86.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 87.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 88.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 89.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 90.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 91.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 92.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 93.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 94.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 95.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 96.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 97.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 98.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 99.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 101.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 102.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 103.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 104.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 105.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 106.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 107.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 108.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 109.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 110.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 111.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 112.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 114.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 115.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 116.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 117.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 118.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 119.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 120.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 121.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 122.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 123.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 124.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 125.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 126.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.100.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 254.169.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: D.F.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.E.F.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 9.E.F.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: A.E.F.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: B.E.F.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: EMPTY.AS112.ARPA Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: HOME.ARPA Feb 21 19:56:08 pf42 named[54874]: command channel listening on 127.0.0.1#8953 Feb 21 19:56:08 pf42 named[54874]: dns_rdata_fromtext: managed-keys.bind:10: near eol: unexpected end of input Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loading from master file managed-keys.bind failed: unexpected end of input Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loaded serial 11 Feb 21 19:56:08 pf42 named[54874]: all zones loaded Feb 21 19:56:08 pf42 named[54874]: running Feb 21 19:56:08 pf42 named[54874]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 8.8.8.8#53 Feb 21 19:56:18 pf42 named[54874]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out Feb 21 19:56:18 pf42 named[54874]: resolver priming query complete/cf/named/etc/namedb/named.conf:#Bind pfsense configuration #Do not edit this file!!! key "rndc-key" { algorithm hmac-sha256; secret "UeBwwrg21QirnwHQnl/H36PjGXa0q3hBIewPKXH6/20="; }; controls { inet 127.0.0.1 port 8953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; statistics-file "/var/log/named.stats"; max-cache-size 256M; dnssec-validation auto; listen-on-v6 port 53 { fc00:172::42; }; listen-on port 53 { 172.16.16.42; }; forwarders { 8.8.8.8; }; };
- 
 In my case its saying after listening on IP interfaces in the log creating TCP socket: address in use like port 953 is already in use or so 
- 
 Might be a problem in our configs. Hope to have an extra box tomorrow night so I can build a fresh install and load my config sometime after that. I can't take down my failed box. Have uninstalled Bind and turned on unbound and switched to Bind on another box until this is resolved. 
- 
 FYI I already did a fresh install and restored my configuration, same problem 
- 
 @matthijs did bind work before you installed your config ? 
- 
 I have a working 2.4.5 VM running (with no bind problems), If I upgrade to 2.5 I have bind issues. 
 I also did a fresh 2.5.0 install and restored my 2.4.5 configuration, in both situations I have bind issues
- 
 I also have ACME implemented with Bind/DNS, so I have ACME keys in Global Settings (main configuration menu - > Advanced Options button) Maybe this is something in common with other people also having issues with bind and 2.5.0 ? 
- 
 @matthijs I was asking if you tried to install and test Bind on a fresh install of 2.5 before your loaded your config into it ? 
- 
 @wrgraves No I did not do a fresh bind install on a fresh 2.5.0 install (I guess that works fine, like in your situation?) 
- 
 After upgrade to 2.5. Simple run:/usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/result isSegmentation fault.I'm using common bind setup - 1 view, 2 zones, 4 ACLs, No Sync. 
- 
 @matthijs I have not done that yet. It would take too much downtime. I have a spare system on order that is do tomorrow. Once that's available I should be able to build a stand alone system and try that. 
- 
 @wrgraves 
 I guess that would work, but I am hoping a full manual reconfiguration of my bind/acme setup with all the dns zones wont be necessary ;-)
- 
 
- 
 @nordeep said in Bind upgrade producing errors on pfsense 2.5 upgrade: After upgrade to 2.5. Simple run:/usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/result isSegmentation fault.I'm using common bind setup - 1 view, 2 zones, 4 ACLs, No Sync. /usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/works fine for meCould you provide your views/zones/acls configuration? 
 You can hide your private data by changing domain/IP.
- 
 @viktor_g said in Bind upgrade producing errors on pfsense 2.5 upgrade: Could you provide your views/zones/acls configuration? cat /cf/named//etc/namedb/named.conf#Bind pfsense configuration #Do not edit this file!!! key "rndc-key" { algorithm hmac-sha256; secret "===="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; statistics-file "/var/log/named.stats"; max-cache-size 256M; dnssec-validation auto; listen-on-v6 port 53 { any; }; listen-on port 53 { any; }; notify yes; version none; }; acl "ff" { 8.8.8.8; 8.8.4.4; 4.4.8.8; }; acl "dd" { 8.8.8.8; }; acl "gw" { 9.9.9.9; }; view "default" { recursion yes; match-clients { any; }; allow-recursion { localhost; localnets; }; zone "13" { type master; file "/etc/namedb/master/default/13.DB"; allow-query { any; localhost; localnets; ff; dd; gw; }; allow-transfer { ff; }; allow-update { localhost; gw; }; also-notify { 9.9.9.9;}; }; zone "tt.spb.ru" { type master; file "/etc/namedb/master/default/tt.spb.ru.DB"; allow-query { any; }; allow-transfer { ff; }; allow-update { localhost; }; }; zone "." { type hint; file "/etc/namedb/named.root"; }; };
