RFC 2136 entry wont enable

bmwt

I've been following the 2.0 nightlies, and have recently tried enabling rfc 2136 style ddns updates.   (i had been updating dns entries by hand when my cable modem changed addresses, but with the recent DNS rebind attack detection, i was no longer able to connect to the web interface by hostname).  I can update dns entries on the command line on another machine using nsupdate, so i know the server and keys are correctly set up.  Whenever i go to edit the entry at services_rfc2136_edit.php, the "enable" box unchecks itself.  i can find no log entries relating to this.  Is this a known bug, or am I doing something wrong?  Happy to send any configs/logs.  Im currently running this morning's build (Jul 22 7:54) nano, 1G, alix

tnx

eri--

Should be fixed on latest snapshots or you can try manually https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/d2ff48a06df5edbcd786994a77f28c7997974a0f

bmwt

fantastic, thanks- the entry now sticks.  I think i'm real close at this point.  I can see the correct key get created, and i see a nearly correct /var/etc/nsupdatecmds0 file being created.  It still doesn't seem to be firing off/updating tho.  Is the "send" command of nsupdate missing as the last entry in nsupdatecmds0/ services.inc ?  From the command line, i can use the generated key and cmds file if i add that one command.

thanks again.

cmb

"Nearly correct", implies you see something there that isn't right? What does it have vs. what should it have?

It looks like it should launch the update correctly, though I don't have any means of trying it. In /etc/inc/services.inc lines 890-892:

				$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";

				mwexec_bg($cmd);

Try adding this line above the mwexec:

log_error("command run is $cmd"); 

Then edit and save your entry there and see what it logs in the system log.

bmwt

@cmb:

"Nearly correct", implies you see something there that isn't right? What does it have vs. what should it have?

it seems to be missing the final "send" statement to update the nameserver.  (name/ip changed for example sake):

server 192.168.1.6
update delete caprica.servername.org A
update add caprica.servername.org 3600 A 192.168.1.17

When i update a host by hand using nsupdate -k interactively, it requires a final command of "send" to send the signed dns update.  Based on the fact it's crafting the nsupdatecmds0 file, i know that it's hitting the right part of /etc/inc/services.inc. It's a bit tricky to edit the file to add a debug statement, given i'm running the nanobsd version, but if that would help i can certainly try building a local version- i'll just need to build a 8.1 vm somewhere.

tnx,

-brendan

cmb

@bmwt:

It's a bit tricky to edit the file to add a debug statement, given i'm running the nanobsd version

Just run /etc/rc.conf_mount_rw and edit as any other system, then /etc/rc.conf_mount_ro when you're finished.

bmwt

@cmb:

Just run /etc/rc.conf_mount_rw and edit as any other system, then /etc/rc.conf_mount_ro when you're finished.

wow- dont i feel like a fool.  assumed it was an md device :)  Thanks- that did indeed point out the problem:

command run is /usr/sbin/nsupdate -k /var/etc/K0dhcpupdate.+157+00000.key /var/etc/nsupdatecmds0

looks like /usr/sbin/nsupdate needs to be changed to /usr/bin/nsupdate.

-brendan

cmb

Ah yeah, I didn't notice that looking at it. I just fixed it.

bmwt

fantastic.  my ddns host works out of the box with today's snapshot.  thanks!

-brendan

cmb

Great. Thank you for the help.