• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Bind upgrade producing errors on pfsense 2.5 upgrade

Scheduled Pinned Locked Moved pfSense Packages
112 Posts 16 Posters 30.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wrgraves
    last edited by Feb 17, 2021, 9:59 PM

    During the reboot of the Pfsense upgrade from 2.4.1 to 2.5 Bind hung on 'rndc: connect failed: 127.0.0.1#953: timed out' errors so after 5minutes I power cycled it and it came up but with no bind service listed. So I reinstalled the Bind package and it produced the same error and finally completed, this is the log...

    Upgrading pfSense-pkg-bind...
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    The following 1 package(s) will be affected (of 0 checked):

    Installed packages to be REINSTALLED:
    pfSense-pkg-bind-9.16_9 [pfSense]

    Number of packages to be reinstalled: 1

    21 KiB to be downloaded.
    [1/1] Fetching pfSense-pkg-bind-9.16_9.txz: ... done
    Checking integrity... done (0 conflicting)
    [1/1] Reinstalling pfSense-pkg-bind-9.16_9...
    [1/1] Extracting pfSense-pkg-bind-9.16_9: .......... done
    Removing bind components...
    Menu items... done.
    Services... done.
    Loading package instructions...
    Saving updated package information...
    overwrite!
    Loading package configuration... done.
    Configuring package components...
    Loading package instructions...
    Custom commands...
    Executing custom_php_install_command()...done.
    Executing custom_php_resync_config_command()...rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    rndc: connect failed: 127.0.0.1#953: timed out
    done.
    Menu items... done.
    Services... done.
    Writing configuration... done.

    Cleaning up cache... done.
    Success

    The Service is now there but named will not start. I haven't figured out why as of yet but I thought I would report the issue since I could not find it anywhere.

    1 Reply Last reply Reply Quote 4
    • A
      anthonypants
      last edited by Feb 18, 2021, 4:56 AM

      I’m having issues with BIND too. After upgrading to 21.02, named wouldn’t start and the logs said it was segfaulting (“signal 11”). So I rebooted, which took a while to kick off, and then named was just gone from the Services list. It was still in my list of installed packages, so I figured I’d try reinstalling it, but after the Executing custom_php_resync_config_command() step, I’m just getting a bunch of rndc: connect failed: 127.0.0.1#953: timed out messages on the Package Reinstallation screen.

      1 Reply Last reply Reply Quote 0
      • A
        anthonypants
        last edited by Feb 18, 2021, 5:17 AM

        Since it seemed like it was waiting for something on port 953 to respond, I opened up a new tab and turned on unbound/"DNS Resolver". Either doing this or simply waiting long enough got the installation process to finally start moving, and when I tabbed back to the reinstallation process, it had finished. Right now, unbound/"DNS Resolver" says it's off, and named says it's still segfaulting whenever I try to start it, but sockstat -4l | grep :53 says unbound is listening on my interfaces.

        I'm gonna try another reboot. I'd post my logs from the reinstall process, but I get this popup that "Akismet.com" says it's spam.

        1 Reply Last reply Reply Quote 0
        • A
          anthonypants
          last edited by anthonypants Feb 18, 2021, 5:50 AM Feb 18, 2021, 5:50 AM

          I know those are defaults, but should those paths /etc paths exist under /cf/named?

          [21.02-RELEASE][admin@hostname]/root: named -V
          BIND 9.16.11 (Stable Release) <id:9ff601b>
          running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE 38a4c12973d(plus-devel-12) pfSense
          built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
          compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
          compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
          linked to OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
          compiled with libuv version: 1.40.0
          linked to libuv version: 1.40.0
          compiled with libxml2 version: 2.9.10
          linked to libxml2 version: 20910
          compiled with json-c version: 0.15
          linked to json-c version: 0.15
          compiled with zlib version: 1.2.11
          linked to zlib version: 1.2.11
          compiled with protobuf-c version: 1.3.2
          linked to protobuf-c version: 1.3.2
          threads support is enabled
          
          default paths:
            named configuration:  /usr/local/etc/namedb/named.conf
            rndc configuration:   /usr/local/etc/namedb/rndc.conf
            DNSSEC root key:      /usr/local/etc/namedb/bind.keys
            nsupdate session key: /var/run/named/session.key
            named PID file:       /var/run/named/pid
            named lock file:      /var/run/named/named.lock
          [21.02-RELEASE][admin@hostname]/root: ls -la /cf/named/usr/local/etc/
          ls: /cf/named/usr/local/etc/: No such file or directory
          
          A 1 Reply Last reply Feb 18, 2021, 5:52 AM Reply Quote 0
          • A
            anthonypants @anthonypants
            last edited by Feb 18, 2021, 5:52 AM

            Also, do these need to be owned by the bind user? I'm not too familiar with how FreeBSD chroots work.

            [21.02-RELEASE][admin@hostname]/root: ls -la /cf/named/
            total 21
            drwxr-xr-x  6 root  wheel  512 Apr 29  2020 .
            drwxr-xr-x  4 root  wheel  512 Feb  8 12:43 ..
            dr-xr-xr-x  8 root  wheel  512 Feb 18 05:20 dev
            drwxr-xr-x  3 root  wheel  512 Mar 31  2019 etc
            drwxr-xr-x  3 root  wheel  512 Apr 29  2020 usr
            drwxr-xr-x  6 root  wheel  512 Mar 31  2019 var
            

            (I don't mean to double-post, but apparently if I make these posts too long they're "spam".)

            A 1 Reply Last reply Feb 18, 2021, 6:02 AM Reply Quote 0
            • A
              anthonypants @anthonypants
              last edited by Feb 18, 2021, 6:02 AM

              The permissions in these folders are real inconsistent, but setting them all to bind:wheel didn't help, either. Can't print out the text of ls -laR /cf/named, because that's spam!

              Forgot to mention earlier, but named-checkconf -t /cf/named /etc/namedb/named.conf doesn't return errors. Doesn't return anything, in fact.

              1 Reply Last reply Reply Quote 0
              • W
                wrgraves
                last edited by Feb 18, 2021, 5:06 PM

                The problem seems to be with starting up named under chroot. I can't figure out how to restart named in the jail. I tried a number of things up it always fails. It doesn't appear to be able to work correctly unless it's running under bind with chroot /cf/named/etc/namedb/ but I can't seem to figure out how to start that up. Without the chroot it fails ...
                18-Feb-2021 08:55:02.213 loading configuration from '/cf/named/etc/namedb/named.conf'
                18-Feb-2021 08:55:02.213 directory '/etc/namedb' is not writable
                18-Feb-2021 08:55:02.213 /cf/named/etc/namedb/named.conf:17: parsing failed: permission denied
                18-Feb-2021 08:55:02.213 load_configuration: permission denied
                18-Feb-2021 08:55:02.214 loading configuration: permission denied
                18-Feb-2021 08:55:02.214 exiting (due to fatal error)

                A 1 Reply Last reply Feb 18, 2021, 6:13 PM Reply Quote 0
                • V
                  viktor_g Netgate
                  last edited by Feb 18, 2021, 5:30 PM

                  Please create a bugreport:
                  https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html

                  1 Reply Last reply Reply Quote 1
                  • A
                    anthonypants @wrgraves
                    last edited by Feb 18, 2021, 6:13 PM

                    @wrgraves I can get it to run in the chroot -- named -u bind -t /cf/named -- and it starts just fine, but it doesn't like my conf file. I'm not getting permissions errors, and my logs are showing that the conf file is being parsed, but it's not throwing any errors. I think rather than get lldb/gdb installed on here to further troubleshoot that segfault I should just set up DNS/DHCP on a different box.

                    1 Reply Last reply Reply Quote 0
                    • W
                      wrgraves
                      last edited by Feb 18, 2021, 6:49 PM

                      @anthonypants Looks like '/usr/local/etc/rc.d/named.sh start' is suppose to start it up but no error messages and it doesn't start

                      @viktor_g I'm a little overwhelmed by the submission process

                      A 1 Reply Last reply Feb 18, 2021, 8:40 PM Reply Quote 0
                      • A
                        anthonypants @wrgraves
                        last edited by Feb 18, 2021, 8:40 PM

                        @wrgraves Yeah, if you open up that script file, it says that when it's called to start the job, it'll check if named exists in the list of running processes (ps auxw), and if it isn't already running, it'll run the command /usr/local/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/. -t says it needs to run inside the chroot at /cf/named/, -c points to the configuration file it's going to use (also inside the chroot), and -u says which user it'll run as.

                        And my Redmine bug report is here, if you want to add your details.

                        1 Reply Last reply Reply Quote 1
                        • V
                          viktor_g Netgate
                          last edited by viktor_g Feb 19, 2021, 10:20 AM Feb 19, 2021, 10:19 AM

                          could you try to re-save BIND configuration in the WebGUI and check again?
                          that can be related to https://redmine.pfsense.org/issues/7271

                          A 1 Reply Last reply Feb 21, 2021, 7:36 AM Reply Quote 0
                          • W
                            wrgraves
                            last edited by Feb 19, 2021, 5:36 PM

                            Without named running I could not re-save the config. I check and unbound is not running during this. Not sure how that might make named exit with a segmentation fault...
                            root@pfSense:~# dmesg | grep named
                            pid 72980 (named), jid 0, uid 0: exited on signal 11
                            pid 48394 (named), jid 0, uid 0: exited on signal 11
                            pid 9508 (named), jid 0, uid 0: exited on signal 11
                            pid 77683 (named), jid 0, uid 0: exited on signal 11
                            pid 84007 (named), jid 0, uid 0: exited on signal 11
                            pid 35131 (named), jid 0, uid 0: exited on signal 11

                            signal 11, also know as "segmentation fault

                            1 Reply Last reply Reply Quote 0
                            • A
                              anthonypants @viktor_g
                              last edited by Feb 21, 2021, 7:36 AM

                              @viktor_g Modifying the BIND configuration via the WebGUI doesn't appear to do anything. Changing the unbound configuration to use port 8953 is a strange suggestion; no one in this thread appears to be seeing "can't bind socket" errors from unbound, and I can assure you that when named is segfaulting on my system, neither is unbound running, nor is anything using port 953.

                              1 Reply Last reply Reply Quote 0
                              • V
                                viktor_g Netgate
                                last edited by Feb 21, 2021, 9:00 AM

                                What appliance are you using?
                                VM, Netgate appliance, other hardware?

                                1 Reply Last reply Reply Quote 0
                                • M
                                  matthijs
                                  last edited by matthijs Feb 21, 2021, 11:58 AM Feb 21, 2021, 11:41 AM

                                  Same issues here with Bind, I tried everything I could to get this running, I am running on a VM (VMware) Bind currently is NOT compatible with pfSense 2.5.0 period ! Just try to run Bind and rncd on a different port (under the advanced button on the main Bind config window in de web config, and try to run Bind or reinstall Bind and see what happens) I can hardly believe this package was tested on 2.5.0, of course an issue can happen from time to time with a major release, but I am struggling with the Bind control port for years. I did a clean install and restored my configuration, no show for bind what ever I do. It should run on 127.0.0.1 on port 953 and control port on 127.0.0.1 9953 in my configuration

                                  Here the log when I try to start Bind:

                                  Feb 21 12:43:39 named 11107 starting BIND 9.16.11 (Stable Release) id:9ff601b
                                  Feb 21 12:43:39 named 11107 running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
                                  Feb 21 12:43:39 named 11107 built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
                                  Feb 21 12:43:39 named 11107 running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
                                  Feb 21 12:43:39 named 11107 compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
                                  Feb 21 12:43:39 named 11107 compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
                                  Feb 21 12:43:39 named 11107 linked to OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
                                  Feb 21 12:43:39 named 11107 compiled with libxml2 version: 2.9.10
                                  Feb 21 12:43:39 named 11107 linked to libxml2 version: 20910
                                  Feb 21 12:43:39 named 11107 compiled with json-c version: 0.15
                                  Feb 21 12:43:39 named 11107 linked to json-c version: 0.15
                                  Feb 21 12:43:39 named 11107 compiled with zlib version: 1.2.11
                                  Feb 21 12:43:39 named 11107 linked to zlib version: 1.2.11
                                  Feb 21 12:43:39 named 11107 ----------------------------------------------------
                                  Feb 21 12:43:39 named 11107 BIND 9 is maintained by Internet Systems Consortium,
                                  Feb 21 12:43:39 named 11107 Inc. (ISC), a non-profit 501(c)(3) public-benefit
                                  Feb 21 12:43:39 named 11107 corporation. Support and training for BIND 9 are
                                  Feb 21 12:43:39 named 11107 available at https://www.isc.org/support
                                  Feb 21 12:43:39 named 11107 ----------------------------------------------------
                                  Feb 21 12:43:39 named 11107 found 4 CPUs, using 4 worker threads
                                  Feb 21 12:43:39 named 11107 using 4 UDP listeners per interface
                                  Feb 21 12:43:39 named 11107 using up to 21000 sockets
                                  Feb 21 12:43:39 named 11107 loading configuration from '/etc/namedb/named.conf'
                                  Feb 21 12:43:39 named 11107 unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
                                  Feb 21 12:43:39 named 11107 using default UDP/IPv4 port range: [49152, 65535]
                                  Feb 21 12:43:39 named 11107 using default UDP/IPv6 port range: [49152, 65535]
                                  Feb 21 12:43:39 named 11107 listening on IPv6 interface vmx1, xxxxxIPv6xxxxxxxxxxxxxxxx#953
                                  Feb 21 12:43:39 named 11107 listening on IPv6 interface lo0, ::1#953
                                  Feb 21 12:43:39 named 11107 listening on IPv4 interface lo0, 127.0.0.1#953
                                  Feb 21 12:43:39 named 11107 creating TCP socket: address in use
                                  Feb 21 12:43:39 named 11107 generating session key for dynamic DNS
                                  Feb 21 12:43:39 named 11107 sizing zone task pool based on 4 zones

                                  M 1 Reply Last reply Feb 21, 2021, 11:50 AM Reply Quote 0
                                  • M
                                    matthijs @matthijs
                                    last edited by Feb 21, 2021, 11:50 AM

                                    So I rolled back to pfSense 2.4 because of Bind not working at all
                                    I have the 2.5.0 Vmware VM still available so if I need to test something of provide logging or so, I will be ready to help

                                    Kr Matthijs

                                    1 Reply Last reply Reply Quote 0
                                    • N
                                      nordeep
                                      last edited by Feb 21, 2021, 4:25 PM

                                      The same for me. Seems named is going to Segmentation fault if tried to start with -t(chroot).
                                      Looking forward to a fix.
                                      Roll back to 2.4

                                      1 Reply Last reply Reply Quote 0
                                      • V
                                        viktor_g Netgate
                                        last edited by Feb 21, 2021, 5:00 PM

                                        still don't understand how to reproduce this issue,
                                        clean install on 2.5 CE with minimal configuration:

                                        Feb 21 19:56:08 pf42 named[54874]: starting BIND 9.16.11 (Stable Release) <id:9ff601b>
                                        Feb 21 19:56:08 pf42 named[54874]: running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
                                        Feb 21 19:56:08 pf42 named[54874]: built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
                                        Feb 21 19:56:08 pf42 named[54874]: running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
                                        Feb 21 19:56:08 pf42 named[54874]: compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
                                        Feb 21 19:56:08 pf42 named[54874]: compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
                                        Feb 21 19:56:08 pf42 named[54874]: linked to OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
                                        Feb 21 19:56:08 pf42 named[54874]: compiled with libxml2 version: 2.9.10
                                        Feb 21 19:56:08 pf42 named[54874]: linked to libxml2 version: 20910
                                        Feb 21 19:56:08 pf42 named[54874]: compiled with json-c version: 0.15
                                        Feb 21 19:56:08 pf42 named[54874]: linked to json-c version: 0.15
                                        Feb 21 19:56:08 pf42 named[54874]: compiled with zlib version: 1.2.11
                                        Feb 21 19:56:08 pf42 named[54874]: linked to zlib version: 1.2.11
                                        Feb 21 19:56:08 pf42 named[54874]: ----------------------------------------------------
                                        Feb 21 19:56:08 pf42 named[54874]: BIND 9 is maintained by Internet Systems Consortium,
                                        Feb 21 19:56:08 pf42 named[54874]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
                                        Feb 21 19:56:08 pf42 named[54874]: corporation.  Support and training for BIND 9 are 
                                        Feb 21 19:56:08 pf42 named[54874]: available at https://www.isc.org/support
                                        Feb 21 19:56:08 pf42 named[54874]: ----------------------------------------------------
                                        Feb 21 19:56:08 pf42 named[54874]: found 1 CPU, using 1 worker thread
                                        Feb 21 19:56:08 pf42 named[54874]: using 1 UDP listener per interface
                                        Feb 21 19:56:08 pf42 named[54874]: using up to 21000 sockets
                                        Feb 21 19:56:08 pf42 named[54874]: loading configuration from '/etc/namedb/named.conf'
                                        Feb 21 19:56:08 pf42 named[54874]: unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
                                        Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv4 port range: [49152, 65535]
                                        Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv6 port range: [49152, 65535]
                                        Feb 21 19:56:08 pf42 named[54874]: listening on IPv4 interface vtnet2, 172.16.16.42#53
                                        Feb 21 19:56:08 pf42 named[54874]: listening on IPv6 interface vtnet2, fc00:172::42#53
                                        Feb 21 19:56:08 pf42 named[54874]: generating session key for dynamic DNS
                                        Feb 21 19:56:08 pf42 named[54874]: sizing zone task pool based on 0 zones
                                        Feb 21 19:56:08 pf42 named[54874]: using built-in root key for view _default
                                        Feb 21 19:56:08 pf42 named[54874]: set up managed keys zone for view _default, file 'managed-keys.bind'
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 10.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 16.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 17.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 18.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 19.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 20.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 21.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 22.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 23.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 24.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 25.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 26.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 27.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 28.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 29.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 30.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 31.172.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 168.192.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 64.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 65.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 66.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 67.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 68.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 69.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 70.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 71.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 72.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 73.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 74.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 75.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 76.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 77.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 78.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 79.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 80.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 81.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 82.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 83.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 84.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 85.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 86.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 87.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 88.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 89.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 90.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 91.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 92.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 93.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 94.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 95.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 96.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 97.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 98.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 99.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 101.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 102.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 103.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 104.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 105.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 106.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 107.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 108.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 109.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 110.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 111.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 112.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 114.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 115.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 116.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 117.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 118.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 119.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 120.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 121.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 122.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 123.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 124.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 125.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 126.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.100.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 254.169.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: D.F.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.E.F.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 9.E.F.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: A.E.F.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: B.E.F.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: EMPTY.AS112.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: HOME.ARPA
                                        Feb 21 19:56:08 pf42 named[54874]: command channel listening on 127.0.0.1#8953
                                        Feb 21 19:56:08 pf42 named[54874]: dns_rdata_fromtext: managed-keys.bind:10: near eol: unexpected end of input
                                        Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loading from master file managed-keys.bind failed: unexpected end of input
                                        Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loaded serial 11
                                        Feb 21 19:56:08 pf42 named[54874]: all zones loaded
                                        Feb 21 19:56:08 pf42 named[54874]: running
                                        Feb 21 19:56:08 pf42 named[54874]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 8.8.8.8#53
                                        Feb 21 19:56:18 pf42 named[54874]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
                                        Feb 21 19:56:18 pf42 named[54874]: resolver priming query complete
                                        

                                        /cf/named/etc/namedb/named.conf:

                                        #Bind pfsense configuration
                                        #Do not edit this file!!!
                                        
                                         key "rndc-key" {
                                         	algorithm hmac-sha256;
                                         	secret "UeBwwrg21QirnwHQnl/H36PjGXa0q3hBIewPKXH6/20=";
                                         };
                                        
                                         controls {
                                         	inet 127.0.0.1 port 8953
                                         		allow { 127.0.0.1; } keys { "rndc-key"; };
                                         };
                                        
                                        
                                        
                                        options {
                                        	directory "/etc/namedb";
                                        	pid-file "/var/run/named/pid";
                                        	statistics-file "/var/log/named.stats";
                                        	max-cache-size 256M;
                                        	dnssec-validation auto;
                                        
                                        	listen-on-v6 port 53 { fc00:172::42;  };
                                        	listen-on port 53 { 172.16.16.42;  };
                                        	forwarders { 8.8.8.8; };
                                        	
                                        };
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          matthijs
                                          last edited by Feb 21, 2021, 5:09 PM

                                          In my case its saying after listening on IP interfaces in the log

                                          creating TCP socket: address in use

                                          like port 953 is already in use or so

                                          1 Reply Last reply Reply Quote 0
                                          3 out of 112
                                          • First post
                                            3/112
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received