Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind upgrade producing errors on pfsense 2.5 upgrade

    Scheduled Pinned Locked Moved pfSense Packages
    112 Posts 16 Posters 32.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wrgraves
      last edited by

      During the reboot of the Pfsense upgrade from 2.4.1 to 2.5 Bind hung on 'rndc: connect failed: 127.0.0.1#953: timed out' errors so after 5minutes I power cycled it and it came up but with no bind service listed. So I reinstalled the Bind package and it produced the same error and finally completed, this is the log...

      Upgrading pfSense-pkg-bind...
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      pfSense repository is up to date.
      All repositories are up to date.
      The following 1 package(s) will be affected (of 0 checked):

      Installed packages to be REINSTALLED:
      pfSense-pkg-bind-9.16_9 [pfSense]

      Number of packages to be reinstalled: 1

      21 KiB to be downloaded.
      [1/1] Fetching pfSense-pkg-bind-9.16_9.txz: ... done
      Checking integrity... done (0 conflicting)
      [1/1] Reinstalling pfSense-pkg-bind-9.16_9...
      [1/1] Extracting pfSense-pkg-bind-9.16_9: .......... done
      Removing bind components...
      Menu items... done.
      Services... done.
      Loading package instructions...
      Saving updated package information...
      overwrite!
      Loading package configuration... done.
      Configuring package components...
      Loading package instructions...
      Custom commands...
      Executing custom_php_install_command()...done.
      Executing custom_php_resync_config_command()...rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      rndc: connect failed: 127.0.0.1#953: timed out
      done.
      Menu items... done.
      Services... done.
      Writing configuration... done.

      Cleaning up cache... done.
      Success

      The Service is now there but named will not start. I haven't figured out why as of yet but I thought I would report the issue since I could not find it anywhere.

      1 Reply Last reply Reply Quote 4
      • A
        anthonypants
        last edited by

        I’m having issues with BIND too. After upgrading to 21.02, named wouldn’t start and the logs said it was segfaulting (“signal 11”). So I rebooted, which took a while to kick off, and then named was just gone from the Services list. It was still in my list of installed packages, so I figured I’d try reinstalling it, but after the Executing custom_php_resync_config_command() step, I’m just getting a bunch of rndc: connect failed: 127.0.0.1#953: timed out messages on the Package Reinstallation screen.

        1 Reply Last reply Reply Quote 0
        • A
          anthonypants
          last edited by

          Since it seemed like it was waiting for something on port 953 to respond, I opened up a new tab and turned on unbound/"DNS Resolver". Either doing this or simply waiting long enough got the installation process to finally start moving, and when I tabbed back to the reinstallation process, it had finished. Right now, unbound/"DNS Resolver" says it's off, and named says it's still segfaulting whenever I try to start it, but sockstat -4l | grep :53 says unbound is listening on my interfaces.

          I'm gonna try another reboot. I'd post my logs from the reinstall process, but I get this popup that "Akismet.com" says it's spam.

          1 Reply Last reply Reply Quote 0
          • A
            anthonypants
            last edited by anthonypants

            I know those are defaults, but should those paths /etc paths exist under /cf/named?

            [21.02-RELEASE][admin@hostname]/root: named -V
BIND 9.16.11 (Stable Release) <id:9ff601b>
running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE 38a4c12973d(plus-devel-12) pfSense
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
linked to OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.2
linked to protobuf-c version: 1.3.2
threads support is enabled

default paths:
  named configuration:  /usr/local/etc/namedb/named.conf
  rndc configuration:   /usr/local/etc/namedb/rndc.conf
  DNSSEC root key:      /usr/local/etc/namedb/bind.keys
  nsupdate session key: /var/run/named/session.key
  named PID file:       /var/run/named/pid
  named lock file:      /var/run/named/named.lock
[21.02-RELEASE][admin@hostname]/root: ls -la /cf/named/usr/local/etc/
ls: /cf/named/usr/local/etc/: No such file or directory
            A 1 Reply Last reply Reply Quote 0
            • A
              anthonypants @anthonypants
              last edited by

              Also, do these need to be owned by the bind user? I'm not too familiar with how FreeBSD chroots work.

              [21.02-RELEASE][admin@hostname]/root: ls -la /cf/named/
total 21
drwxr-xr-x  6 root  wheel  512 Apr 29  2020 .
drwxr-xr-x  4 root  wheel  512 Feb  8 12:43 ..
dr-xr-xr-x  8 root  wheel  512 Feb 18 05:20 dev
drwxr-xr-x  3 root  wheel  512 Mar 31  2019 etc
drwxr-xr-x  3 root  wheel  512 Apr 29  2020 usr
drwxr-xr-x  6 root  wheel  512 Mar 31  2019 var

              (I don't mean to double-post, but apparently if I make these posts too long they're "spam".)

              A 1 Reply Last reply Reply Quote 0
              • A
                anthonypants @anthonypants
                last edited by

                The permissions in these folders are real inconsistent, but setting them all to bind:wheel didn't help, either. Can't print out the text of ls -laR /cf/named, because that's spam!

                Forgot to mention earlier, but named-checkconf -t /cf/named /etc/namedb/named.conf doesn't return errors. Doesn't return anything, in fact.

                1 Reply Last reply Reply Quote 0
                • W
                  wrgraves
                  last edited by

                  The problem seems to be with starting up named under chroot. I can't figure out how to restart named in the jail. I tried a number of things up it always fails. It doesn't appear to be able to work correctly unless it's running under bind with chroot /cf/named/etc/namedb/ but I can't seem to figure out how to start that up. Without the chroot it fails ...
                  18-Feb-2021 08:55:02.213 loading configuration from '/cf/named/etc/namedb/named.conf'
                  18-Feb-2021 08:55:02.213 directory '/etc/namedb' is not writable
                  18-Feb-2021 08:55:02.213 /cf/named/etc/namedb/named.conf:17: parsing failed: permission denied
                  18-Feb-2021 08:55:02.213 load_configuration: permission denied
                  18-Feb-2021 08:55:02.214 loading configuration: permission denied
                  18-Feb-2021 08:55:02.214 exiting (due to fatal error)

                  A 1 Reply Last reply Reply Quote 0
                  • viktor_gV
                    viktor_g Netgate
                    last edited by

                    Please create a bugreport:
                    https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html

                    1 Reply Last reply Reply Quote 1
                    • A
                      anthonypants @wrgraves
                      last edited by

                      @wrgraves I can get it to run in the chroot -- named -u bind -t /cf/named -- and it starts just fine, but it doesn't like my conf file. I'm not getting permissions errors, and my logs are showing that the conf file is being parsed, but it's not throwing any errors. I think rather than get lldb/gdb installed on here to further troubleshoot that segfault I should just set up DNS/DHCP on a different box.

                      1 Reply Last reply Reply Quote 0
                      • W
                        wrgraves
                        last edited by

                        @anthonypants Looks like '/usr/local/etc/rc.d/named.sh start' is suppose to start it up but no error messages and it doesn't start

                        @viktor_g I'm a little overwhelmed by the submission process

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          anthonypants @wrgraves
                          last edited by

                          @wrgraves Yeah, if you open up that script file, it says that when it's called to start the job, it'll check if named exists in the list of running processes (ps auxw), and if it isn't already running, it'll run the command /usr/local/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/. -t says it needs to run inside the chroot at /cf/named/, -c points to the configuration file it's going to use (also inside the chroot), and -u says which user it'll run as.

                          And my Redmine bug report is here, if you want to add your details.

                          1 Reply Last reply Reply Quote 1
                          • viktor_gV
                            viktor_g Netgate
                            last edited by viktor_g

                            could you try to re-save BIND configuration in the WebGUI and check again?
                            that can be related to https://redmine.pfsense.org/issues/7271

                            A 1 Reply Last reply Reply Quote 0
                            • W
                              wrgraves
                              last edited by

                              Without named running I could not re-save the config. I check and unbound is not running during this. Not sure how that might make named exit with a segmentation fault...
                              root@pfSense:~# dmesg | grep named
                              pid 72980 (named), jid 0, uid 0: exited on signal 11
                              pid 48394 (named), jid 0, uid 0: exited on signal 11
                              pid 9508 (named), jid 0, uid 0: exited on signal 11
                              pid 77683 (named), jid 0, uid 0: exited on signal 11
                              pid 84007 (named), jid 0, uid 0: exited on signal 11
                              pid 35131 (named), jid 0, uid 0: exited on signal 11

                              signal 11, also know as "segmentation fault

                              1 Reply Last reply Reply Quote 0
                              • A
                                anthonypants @viktor_g
                                last edited by

                                @viktor_g Modifying the BIND configuration via the WebGUI doesn't appear to do anything. Changing the unbound configuration to use port 8953 is a strange suggestion; no one in this thread appears to be seeing "can't bind socket" errors from unbound, and I can assure you that when named is segfaulting on my system, neither is unbound running, nor is anything using port 953.

                                1 Reply Last reply Reply Quote 0
                                • viktor_gV
                                  viktor_g Netgate
                                  last edited by

                                  What appliance are you using?
                                  VM, Netgate appliance, other hardware?

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    matthijs
                                    last edited by matthijs

                                    Same issues here with Bind, I tried everything I could to get this running, I am running on a VM (VMware) Bind currently is NOT compatible with pfSense 2.5.0 period ! Just try to run Bind and rncd on a different port (under the advanced button on the main Bind config window in de web config, and try to run Bind or reinstall Bind and see what happens) I can hardly believe this package was tested on 2.5.0, of course an issue can happen from time to time with a major release, but I am struggling with the Bind control port for years. I did a clean install and restored my configuration, no show for bind what ever I do. It should run on 127.0.0.1 on port 953 and control port on 127.0.0.1 9953 in my configuration

                                    Here the log when I try to start Bind:

                                    Feb 21 12:43:39 named 11107 starting BIND 9.16.11 (Stable Release) id:9ff601b
                                    Feb 21 12:43:39 named 11107 running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
                                    Feb 21 12:43:39 named 11107 built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
                                    Feb 21 12:43:39 named 11107 running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
                                    Feb 21 12:43:39 named 11107 compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
                                    Feb 21 12:43:39 named 11107 compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
                                    Feb 21 12:43:39 named 11107 linked to OpenSSL version: OpenSSL 1.1.1i-freebsd 8 Dec 2020
                                    Feb 21 12:43:39 named 11107 compiled with libxml2 version: 2.9.10
                                    Feb 21 12:43:39 named 11107 linked to libxml2 version: 20910
                                    Feb 21 12:43:39 named 11107 compiled with json-c version: 0.15
                                    Feb 21 12:43:39 named 11107 linked to json-c version: 0.15
                                    Feb 21 12:43:39 named 11107 compiled with zlib version: 1.2.11
                                    Feb 21 12:43:39 named 11107 linked to zlib version: 1.2.11
                                    Feb 21 12:43:39 named 11107 ----------------------------------------------------
                                    Feb 21 12:43:39 named 11107 BIND 9 is maintained by Internet Systems Consortium,
                                    Feb 21 12:43:39 named 11107 Inc. (ISC), a non-profit 501(c)(3) public-benefit
                                    Feb 21 12:43:39 named 11107 corporation. Support and training for BIND 9 are
                                    Feb 21 12:43:39 named 11107 available at https://www.isc.org/support
                                    Feb 21 12:43:39 named 11107 ----------------------------------------------------
                                    Feb 21 12:43:39 named 11107 found 4 CPUs, using 4 worker threads
                                    Feb 21 12:43:39 named 11107 using 4 UDP listeners per interface
                                    Feb 21 12:43:39 named 11107 using up to 21000 sockets
                                    Feb 21 12:43:39 named 11107 loading configuration from '/etc/namedb/named.conf'
                                    Feb 21 12:43:39 named 11107 unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
                                    Feb 21 12:43:39 named 11107 using default UDP/IPv4 port range: [49152, 65535]
                                    Feb 21 12:43:39 named 11107 using default UDP/IPv6 port range: [49152, 65535]
                                    Feb 21 12:43:39 named 11107 listening on IPv6 interface vmx1, xxxxxIPv6xxxxxxxxxxxxxxxx#953
                                    Feb 21 12:43:39 named 11107 listening on IPv6 interface lo0, ::1#953
                                    Feb 21 12:43:39 named 11107 listening on IPv4 interface lo0, 127.0.0.1#953
                                    Feb 21 12:43:39 named 11107 creating TCP socket: address in use
                                    Feb 21 12:43:39 named 11107 generating session key for dynamic DNS
                                    Feb 21 12:43:39 named 11107 sizing zone task pool based on 4 zones

                                    M 1 Reply Last reply Reply Quote 0
                                    • M
                                      matthijs @matthijs
                                      last edited by

                                      So I rolled back to pfSense 2.4 because of Bind not working at all
                                      I have the 2.5.0 Vmware VM still available so if I need to test something of provide logging or so, I will be ready to help

                                      Kr Matthijs

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        nordeep
                                        last edited by

                                        The same for me. Seems named is going to Segmentation fault if tried to start with -t(chroot).
                                        Looking forward to a fix.
                                        Roll back to 2.4

                                        1 Reply Last reply Reply Quote 0
                                        • viktor_gV
                                          viktor_g Netgate
                                          last edited by

                                          still don't understand how to reproduce this issue,
                                          clean install on 2.5 CE with minimal configuration:

                                          Feb 21 19:56:08 pf42 named[54874]: starting BIND 9.16.11 (Stable Release) <id:9ff601b>
Feb 21 19:56:08 pf42 named[54874]: running on FreeBSD amd64 12.2-STABLE FreeBSD 12.2-STABLE d48fb226319(devel-12) pfSense
Feb 21 19:56:08 pf42 named[54874]: built with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--without-libidn2' '--with-json-c' '--disable-largefile' '--without-lmdb' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
Feb 21 19:56:08 pf42 named[54874]: running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
Feb 21 19:56:08 pf42 named[54874]: compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
Feb 21 19:56:08 pf42 named[54874]: compiled with OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
Feb 21 19:56:08 pf42 named[54874]: linked to OpenSSL version: OpenSSL 1.1.1i-freebsd  8 Dec 2020
Feb 21 19:56:08 pf42 named[54874]: compiled with libxml2 version: 2.9.10
Feb 21 19:56:08 pf42 named[54874]: linked to libxml2 version: 20910
Feb 21 19:56:08 pf42 named[54874]: compiled with json-c version: 0.15
Feb 21 19:56:08 pf42 named[54874]: linked to json-c version: 0.15
Feb 21 19:56:08 pf42 named[54874]: compiled with zlib version: 1.2.11
Feb 21 19:56:08 pf42 named[54874]: linked to zlib version: 1.2.11
Feb 21 19:56:08 pf42 named[54874]: ----------------------------------------------------
Feb 21 19:56:08 pf42 named[54874]: BIND 9 is maintained by Internet Systems Consortium,
Feb 21 19:56:08 pf42 named[54874]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Feb 21 19:56:08 pf42 named[54874]: corporation.  Support and training for BIND 9 are 
Feb 21 19:56:08 pf42 named[54874]: available at https://www.isc.org/support
Feb 21 19:56:08 pf42 named[54874]: ----------------------------------------------------
Feb 21 19:56:08 pf42 named[54874]: found 1 CPU, using 1 worker thread
Feb 21 19:56:08 pf42 named[54874]: using 1 UDP listener per interface
Feb 21 19:56:08 pf42 named[54874]: using up to 21000 sockets
Feb 21 19:56:08 pf42 named[54874]: loading configuration from '/etc/namedb/named.conf'
Feb 21 19:56:08 pf42 named[54874]: unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv4 port range: [49152, 65535]
Feb 21 19:56:08 pf42 named[54874]: using default UDP/IPv6 port range: [49152, 65535]
Feb 21 19:56:08 pf42 named[54874]: listening on IPv4 interface vtnet2, 172.16.16.42#53
Feb 21 19:56:08 pf42 named[54874]: listening on IPv6 interface vtnet2, fc00:172::42#53
Feb 21 19:56:08 pf42 named[54874]: generating session key for dynamic DNS
Feb 21 19:56:08 pf42 named[54874]: sizing zone task pool based on 0 zones
Feb 21 19:56:08 pf42 named[54874]: using built-in root key for view _default
Feb 21 19:56:08 pf42 named[54874]: set up managed keys zone for view _default, file 'managed-keys.bind'
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 10.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 16.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 17.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 18.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 19.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 20.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 21.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 22.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 23.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 24.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 25.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 26.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 27.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 28.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 29.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 30.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 31.172.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 168.192.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 64.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 65.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 66.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 67.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 68.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 69.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 70.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 71.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 72.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 73.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 74.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 75.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 76.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 77.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 78.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 79.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 80.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 81.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 82.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 83.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 84.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 85.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 86.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 87.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 88.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 89.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 90.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 91.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 92.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 93.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 94.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 95.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 96.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 97.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 98.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 99.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 101.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 102.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 103.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 104.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 105.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 106.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 107.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 108.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 109.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 110.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 111.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 112.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 114.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 115.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 116.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 117.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 118.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 119.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 120.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 121.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 122.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 123.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 124.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 125.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 126.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.100.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: D.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: A.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: B.E.F.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: EMPTY.AS112.ARPA
Feb 21 19:56:08 pf42 named[54874]: automatic empty zone: HOME.ARPA
Feb 21 19:56:08 pf42 named[54874]: command channel listening on 127.0.0.1#8953
Feb 21 19:56:08 pf42 named[54874]: dns_rdata_fromtext: managed-keys.bind:10: near eol: unexpected end of input
Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loading from master file managed-keys.bind failed: unexpected end of input
Feb 21 19:56:08 pf42 named[54874]: managed-keys-zone: loaded serial 11
Feb 21 19:56:08 pf42 named[54874]: all zones loaded
Feb 21 19:56:08 pf42 named[54874]: running
Feb 21 19:56:08 pf42 named[54874]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 8.8.8.8#53
Feb 21 19:56:18 pf42 named[54874]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Feb 21 19:56:18 pf42 named[54874]: resolver priming query complete

                                          /cf/named/etc/namedb/named.conf:

                                          #Bind pfsense configuration
#Do not edit this file!!!

 key "rndc-key" {
 	algorithm hmac-sha256;
 	secret "UeBwwrg21QirnwHQnl/H36PjGXa0q3hBIewPKXH6/20=";
 };

 controls {
 	inet 127.0.0.1 port 8953
 		allow { 127.0.0.1; } keys { "rndc-key"; };
 };



options {
	directory "/etc/namedb";
	pid-file "/var/run/named/pid";
	statistics-file "/var/log/named.stats";
	max-cache-size 256M;
	dnssec-validation auto;

	listen-on-v6 port 53 { fc00:172::42;  };
	listen-on port 53 { 172.16.16.42;  };
	forwarders { 8.8.8.8; };
	
};
                                          1 Reply Last reply Reply Quote 0
                                          • M
                                            matthijs
                                            last edited by

                                            In my case its saying after listening on IP interfaces in the log

                                            creating TCP socket: address in use

                                            like port 953 is already in use or so

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.