Bind upgrade producing errors on pfsense 2.5 upgrade

wrgraves · Feb 21, 2021, 5:11 PM

Might be a problem in our configs. Hope to have an extra box tomorrow night so I can build a fresh install and load my config sometime after that. I can't take down my failed box. Have uninstalled Bind and turned on unbound and switched to Bind on another box until this is resolved.

matthijs · Feb 21, 2021, 5:12 PM

FYI I already did a fresh install and restored my configuration, same problem

wrgraves · Feb 21, 2021, 5:14 PM

@matthijs did bind work before you installed your config ?

matthijs · Feb 21, 2021, 5:15 PM

I have a working 2.4.5 VM running (with no bind problems), If I upgrade to 2.5 I have bind issues.
I also did a fresh 2.5.0 install and restored my 2.4.5 configuration, in both situations I have bind issues

matthijs · Feb 21, 2021, 5:19 PM

I also have ACME implemented with Bind/DNS, so I have ACME keys in Global Settings (main configuration menu - > Advanced Options button) Maybe this is something in common with other people also having issues with bind and 2.5.0 ?

wrgraves · Feb 21, 2021, 5:20 PM

@matthijs I was asking if you tried to install and test Bind on a fresh install of 2.5 before your loaded your config into it ?

matthijs · Feb 21, 2021, 5:23 PM

@wrgraves No I did not do a fresh bind install on a fresh 2.5.0 install (I guess that works fine, like in your situation?)

nordeep · Feb 21, 2021, 5:28 PM

After upgrade to 2.5. Simple run: /usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/ result is Segmentation fault.

I'm using common bind setup - 1 view, 2 zones, 4 ACLs, No Sync.

wrgraves · Feb 21, 2021, 5:28 PM

@matthijs I have not done that yet. It would take too much downtime. I have a spare system on order that is do tomorrow. Once that's available I should be able to build a stand alone system and try that.

matthijs · Feb 21, 2021, 5:32 PM

@wrgraves
I guess that would work, but I am hoping a full manual reconfiguration of my bind/acme setup with all the dns zones wont be necessary ;-)

anthonypants · Feb 21, 2021, 6:27 PM

@wrgraves I mentioned it earlier, but if you run named from the console and don't give it the configuration file, it seems to work fine.

viktor_g · Feb 21, 2021, 6:29 PM

@nordeep said in Bind upgrade producing errors on pfsense 2.5 upgrade:

After upgrade to 2.5. Simple run: /usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/ result is Segmentation fault.

I'm using common bind setup - 1 view, 2 zones, 4 ACLs, No Sync.

/usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/ works fine for me

Could you provide your views/zones/acls configuration?
You can hide your private data by changing domain/IP.

nordeep · Feb 21, 2021, 6:39 PM

@viktor_g said in Bind upgrade producing errors on pfsense 2.5 upgrade:

Could you provide your views/zones/acls configuration?

cat /cf/named//etc/namedb/named.conf

#Bind pfsense configuration
#Do not edit this file!!!

 key "rndc-key" {
        algorithm hmac-sha256;
        secret "====";
 };

 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };



options {
        directory "/etc/namedb";
        pid-file "/var/run/named/pid";
        statistics-file "/var/log/named.stats";
        max-cache-size 256M;
        dnssec-validation auto;

        listen-on-v6 port 53 { any; };
        listen-on port 53 { any; };
        notify yes;
        version none;

};



acl "ff" {
        8.8.8.8;
        8.8.4.4;
        4.4.8.8;
};

acl "dd" {
        8.8.8.8;
};

acl "gw" {
        9.9.9.9;
};

view "default" {
        recursion yes;
        match-clients { any; };
        allow-recursion { localhost; localnets; };

        zone "13" {
                type master;
                file "/etc/namedb/master/default/13.DB";
                allow-query { any; localhost; localnets; ff; dd; gw; };
                allow-transfer { ff; };
                allow-update { localhost; gw; };
                also-notify { 9.9.9.9;};
        };

        zone "tt.spb.ru" {
                type master;
                file "/etc/namedb/master/default/tt.spb.ru.DB";
                allow-query { any; };
                allow-transfer { ff; };
                allow-update { localhost; };
        };

        zone "." {
                type hint;
                file "/etc/namedb/named.root";
        };

};

madforic · Feb 23, 2021, 5:28 PM

Same issue after upgrade to 2.5.0
unable to start bind

wrgraves · Feb 23, 2021, 6:40 PM

@viktor_g Ok, brought up a test machine and installed a fresh pfsense 2.5 and of course the caching bind config works so I restored my config and of course it gets the segment fault in named and dies so I decided to find an example install for bind, I used this one -> https://www.youtube.com/watch?v=Sgn4oNy85_o
And as I went thru it I corrected several mistakes in my zones. Then used Status/Services to restart named and it works now. It looks like a bad zone will segment fault and crash your bind. I've been using these zones for years and that never happened in the past. A new feature?
I put the changes in my production machine.
and now I am up!!!

matthijs · Feb 24, 2021, 7:35 AM

@viktor_g What mistakes were in your zones ? and how to correct if all this configuration gets generated by the webinterface ?

horrza · Feb 24, 2021, 9:24 AM

@wrgraves Thank you!

horrza · Feb 24, 2021, 9:27 AM

@matthijs "Name Server" and "Base Domain IP" was the problem in my case.

matthijs · Feb 24, 2021, 9:59 AM

@horrza

I cannot understand that is causing the issue in my case these fields will result in the following records in de zone file (fictional IP and FQDN)

@ IN NS nameserver.fqdn.com.
@ IN A 1.1.1.1

horrza · Feb 24, 2021, 10:17 AM

@matthijs

I did as shown in the video on YouTube https://www.youtube.com/watch?v=Sgn4oNy85_o&t=337s