Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind 9.9 pkg 0.3RC para pfSense

    Portuguese
    9
    103
    31.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcosjostM
      marcosjost
      last edited by

      @marcelloc:

      Excelente!

      Fora o dnssec, tem alguma função do bind que não está no pacote?

      Inicialmente acho que nao…

      Uma coisa que notei agora....no named.conf do linux quando crio uma zona externa, coloco assim:

      
view "externa" IN {
        match-clients { !rede_interna; any; };
        allow-transfer { !rede_interna; any; };
        allow-query { !rede_interna; any; };
        notify yes;

      Negando requisicoes da rede interna, de forma que nao retorne as entradas externas quando requisitado internamente…o pfsense nao tem essa opcao....ele cria assim:

      
view "externa" {

        recursion no;
        match-clients { any;};
        allow-recursion { none;};

      Fiz os testes da rede interna e ele respondeu com os apontamentos da zona interna normalmente.
      Não sei se isso influiencia alguma coisa…é apenas uma observação

      Semana que vem vou colocar essa máquina de 32bits pra rodar com dois links, um dominio de teste que tenho e um servidor de e-mail zimba.

      1 Reply Last reply Reply Quote 0
      • N
        Nio
        last edited by

        Pessoal quanto ao reverso, chegaram a testar ?

        ..:: Free Solutions ::..

        1 Reply Last reply Reply Quote 0
        • marcosjostM
          marcosjost
          last edited by

          @Nio:

          Pessoal quanto ao reverso, chegaram a testar ?

          Eu apenas criei o arquivo da zona reversa…..aparentemente ta igual ao que uso no linux.
          Semana que vem vou testar certinho.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Aqui também tudo certo.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              Subi a versão 0.1.3 do pacote com alterações no texto dos campos e validação dos registros da zona.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • marcosjostM
                marcosjost
                last edited by

                @marcelloc:

                Subi a versão 0.1.3 do pacote com alterações no texto dos campos e validação dos registros da zona.

                Estou instalando aqui na maquina virtual 64bits pra ver…..ja que a de 32 desliguei antes de sair.....

                1 Reply Last reply Reply Quote 0
                • marcosjostM
                  marcosjost
                  last edited by

                  @marcosjost:

                  @marcelloc:

                  Subi a versão 0.1.3 do pacote com alterações no texto dos campos e validação dos registros da zona.

                  Estou instalando aqui na maquina virtual 64bits pra ver…..ja que a de 32 desliguei antes de sair.....

                  Bom estou testando desde ontem numa maquina 32bits e numa 64bits, ambas com pfsense2-1.
                  Tudo certo tanto com as zonas internas como externas.
                  Amanha vou configurar a zona reversa num deles pra ver se esta ok tbm

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Acabei de subir a versão 0.1.5 do pacote

                    Principais mudanças:

                    • A aba de zona agora mostra o aquivo de configuração resultante.

                    • Três opções de domínio(Master, Slave e Forward)

                    • Incluído as configurações e criação de chave do rndc

                    • Incluído widget para o dashboard

                    • Incluído os devices dev/random,null and zero ao chroot do named

                    • Verificação de permissões das pastas, principalmente para as zonas reversas

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • D
                      deivisonrpg
                      last edited by

                      Atualizei agora e esta dando algumas advertências sobre permissoes. E isso mesmo ou tem algo errado?

                      Oct 17 16:41:48   named[43881]: Please check file and directory permissions or reconfigure the filename.
Oct 17 16:41:48   named[43881]: generating session key for dynamic DNS
Oct 17 16:41:48   named[43881]: Required root permissions to open '/var/run/named/session.key'.
Oct 17 16:41:48   named[43881]: Please check file and directory permissions or reconfigure the filename.
Oct 17 16:41:48   named[43881]: sizing zone task pool based on 2 zones
Oct 17 16:41:48   named[43881]: zone 'cpn.vwg' allows updates by IP address, which is insecure
Oct 17 16:41:48   named[43881]: /etc/namedb/named.conf:9: using specific query-source port suppresses port randomization and can be insecure.
Oct 17 16:41:48   named[43881]: set up managed keys zone for view externo, file '731ece29362c5c265fa9e5a48c8ece9c55b386753450ec4c1b412fd96ffac74f.mkeys'
Oct 17 16:41:48   named[43881]: /etc/namedb/named.conf:9: using specific query-source port suppresses port randomization and can be insecure.
Oct 17 16:41:48   named[43881]: open: /usr/pbi/bind-amd64/etc/rndc.key: file not found
Oct 17 16:41:48   named[43881]: couldn't add command channel 127.0.0.1#953: file not found
Oct 17 16:41:48   named[43881]: open: /usr/pbi/bind-amd64/etc/rndc.key: file not found
Oct 17 16:41:48   named[43881]: couldn't add command channel ::1#953: file not found
Oct 17 16:41:48   named[43881]: could not open entropy source /dev/random: file not found
Oct 17 16:41:48   named[43881]: using pre-chroot entropy source /dev/random
Oct 17 16:41:48   named[43881]: the working directory is not writable
Oct 17 16:41:48   check_reload_status: Syncing firewall
Oct 17 16:41:48   check_reload_status: Reloading filter
Oct 17 16:42:47   check_reload_status: Syncing firewall
Oct 17 16:42:51   named[78717]: starting BIND 9.9.4 -c /etc/namedb/named.conf -u bind -t /cf/named/
Oct 17 16:42:51   named[78717]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--without-python' '--with-openssl=/usr' '--with-libxml2=/usr/pbi/bind-amd64' '--without-idn' '--enable-largefile' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-dlz-filesystem=yes' '--enable-threads' '--without-gssapi' '--prefix=/usr/pbi/bind-amd64' '--mandir=/usr/pbi/bind-amd64/man' '--infodir=/usr/pbi/bind-amd64/info/' '--build=x86_64-portbld-freebsd8.3' 'build_alias=x86_64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath=/usr/lib:/usr/pbi/bind-amd64/lib' 'CPPFLAGS=' 'CPP=cpp'
Oct 17 16:42:51   named[78717]: ----------------------------------------------------
Oct 17 16:42:51   named[78717]: BIND 9 is maintained by Internet Systems Consortium,
Oct 17 16:42:51   named[78717]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct 17 16:42:51   named[78717]: corporation. Support and training for BIND 9 are
Oct 17 16:42:51   named[78717]: available at https://www.isc.org/support
Oct 17 16:42:51   named[78717]: ----------------------------------------------------
Oct 17 16:42:51   named[78717]: found 4 CPUs, using 4 worker threads
Oct 17 16:42:51   named[78717]: using 4 UDP listeners per interface
Oct 17 16:42:51   named[78717]: using up to 4096 sockets
Oct 17 16:42:51   named[78717]: loading configuration from '/etc/namedb/named.conf'
Oct 17 16:42:51   named[78717]: using default UDP/IPv4 port range: [49152, 65535]
Oct 17 16:42:51   named[78717]: using default UDP/IPv6 port range: [49152, 65535]
Oct 17 16:42:51   named[78717]: listening on IPv4 interface bge1, 10.0.0.1#53
Oct 17 16:42:51   named[78717]: Required root permissions to open '/var/run/named/pid'.
Oct 17 16:42:51   named[78717]: Please check file and directory permissions or reconfigure the filename.
Oct 17 16:42:51   named[78717]: generating session key for dynamic DNS
Oct 17 16:42:51   named[78717]: Required root permissions to open '/var/run/named/session.key'.
Oct 17 16:42:51   named[78717]: Please check file and directory permissions or reconfigure the filename.
Oct 17 16:42:51   named[78717]: sizing zone task pool based on 2 zones
Oct 17 16:42:51   named[78717]: zone 'cpn.vwg' allows updates by IP address, which is insecure
Oct 17 16:42:51   named[78717]: /etc/namedb/named.conf:20: using specific query-source port suppresses port randomization and can be insecure.
Oct 17 16:42:51   named[78717]: set up managed keys zone for view externo, file '731ece29362c5c265fa9e5a48c8ece9c55b386753450ec4c1b412fd96ffac74f.mkeys'
Oct 17 16:42:51   named[78717]: /etc/namedb/named.conf:20: using specific query-source port suppresses port randomization and can be insecure.
Oct 17 16:42:51   named[78717]: command channel listening on 127.0.0.1#953
Oct 17 16:42:51   named[78717]: could not open entropy source /dev/random: file not found
Oct 17 16:42:51   named[78717]: using pre-chroot entropy source /dev/random
Oct 17 16:42:51   named[78717]: the working directory is not writable
                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        Reinstala em 15 minutos, acabei de atualizar um arquivo sem mudar a versão do pacote.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • N
                          Nio
                          last edited by

                          Marcelloc,  sinceros agradecimento e preparando uma doaçãozinha aqui =)

                          ..:: Free Solutions ::..

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            @Nio:

                            Marcelloc,  sinceros agradecimento e preparando uma doaçãozinha aqui =)

                            obrigado pelo interesse em doar :)

                            A versão 0.2 inclui finalmente o dnssec!

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • D
                              deivisonrpg
                              last edited by

                              Marcelloc.

                              A comunidade pfsense tem sorte de ter um membro tão comprometido.
                              Obrigado cara!

                              Oct 18 09:05:06	named[20236]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct 18 09:05:06	named[20236]: corporation. Support and training for BIND 9 are
Oct 18 09:05:06	named[20236]: available at https://www.isc.org/support
Oct 18 09:05:06	named[20236]: ----------------------------------------------------
Oct 18 09:05:06	named[20236]: found 4 CPUs, using 4 worker threads
Oct 18 09:05:06	named[20236]: using 4 UDP listeners per interface
Oct 18 09:05:06	named[20236]: using up to 4096 sockets
Oct 18 09:05:06	named[20236]: loading configuration from '/etc/namedb/named.conf'
Oct 18 09:05:06	named[20236]: using default UDP/IPv4 port range: [49152, 65535]
Oct 18 09:05:06	named[20236]: using default UDP/IPv6 port range: [49152, 65535]
Oct 18 09:05:06	named[20236]: listening on IPv4 interface bge1, 192.168.0.1#53
Oct 18 09:05:06	named[20236]: Required root permissions to open '/var/run/named/pid'.
Oct 18 09:05:06	named[20236]: Please check file and directory permissions or reconfigure the filename.
Oct 18 09:05:06	named[20236]: generating session key for dynamic DNS
Oct 18 09:05:06	named[20236]: Required root permissions to open '/var/run/named/session.key'.
Oct 18 09:05:06	named[20236]: Please check file and directory permissions or reconfigure the filename.
Oct 18 09:05:06	named[20236]: sizing zone task pool based on 2 zones
Oct 18 09:05:06	named[20236]: zone 'cpn.vwg' allows updates by IP address, which is insecure
Oct 18 09:05:06	named[20236]: /etc/namedb/named.conf:20: using specific query-source port suppresses port randomization and can be insecure.
Oct 18 09:05:06	named[20236]: set up managed keys zone for view externo, file '731ece29362c5c265fa9e5a48c8ece9c55b386753450ec4c1b412fd96ffac74f.mkeys'
Oct 18 09:05:06	named[20236]: /etc/namedb/named.conf:20: using specific query-source port suppresses port randomization and can be insecure.
Oct 18 09:05:06	named[20236]: command channel listening on 127.0.0.1#953
Oct 18 09:05:06	named[20236]: could not open entropy source /dev/random: file not found
Oct 18 09:05:06	named[20236]: using pre-chroot entropy source /dev/random
Oct 18 09:05:06	named[20236]: the working directory is not writable
Oct 18 09:05:06	check_reload_status: Reloading filter
Oct 18 09:08:50	check_reload_status: Syncing firewall
Oct 18 09:08:52	named[1564]: starting BIND 9.9.4 -c /etc/namedb/named.conf -u bind -t /cf/named/
Oct 18 09:08:52	named[1564]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--without-python' '--with-openssl=/usr' '--with-libxml2=/usr/pbi/bind-amd64' '--without-idn' '--enable-largefile' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-dlz-filesystem=yes' '--enable-threads' '--without-gssapi' '--prefix=/usr/pbi/bind-amd64' '--mandir=/usr/pbi/bind-amd64/man' '--infodir=/usr/pbi/bind-amd64/info/' '--build=x86_64-portbld-freebsd8.3' 'build_alias=x86_64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath=/usr/lib:/usr/pbi/bind-amd64/lib' 'CPPFLAGS=' 'CPP=cpp'
Oct 18 09:08:52	named[1564]: ----------------------------------------------------
Oct 18 09:08:52	named[1564]: BIND 9 is maintained by Internet Systems Consortium,
Oct 18 09:08:52	named[1564]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct 18 09:08:52	named[1564]: corporation. Support and training for BIND 9 are
Oct 18 09:08:52	named[1564]: available at https://www.isc.org/support
Oct 18 09:08:52	named[1564]: ----------------------------------------------------
Oct 18 09:08:52	named[1564]: found 4 CPUs, using 4 worker threads
Oct 18 09:08:52	named[1564]: using 4 UDP listeners per interface
Oct 18 09:08:52	named[1564]: using up to 4096 sockets
Oct 18 09:08:52	named[1564]: loading configuration from '/etc/namedb/named.conf'
Oct 18 09:08:52	named[1564]: using default UDP/IPv4 port range: [49152, 65535]
Oct 18 09:08:52	named[1564]: using default UDP/IPv6 port range: [49152, 65535]
Oct 18 09:08:52	named[1564]: listening on IPv4 interface bge1, 211.0.56.254#53
Oct 18 09:08:52	named[1564]: generating session key for dynamic DNS
Oct 18 09:08:52	named[1564]: sizing zone task pool based on 2 zones
Oct 18 09:08:52	named[1564]: zone 'cpn.vwg' allows updates by IP address, which is insecure
Oct 18 09:08:52	named[1564]: set up managed keys zone for view externo, file '731ece29362c5c265fa9e5a48c8ece9c55b386753450ec4c1b412fd96ffac74f.mkeys'
Oct 18 09:08:52	named[1564]: command channel listening on 127.0.0.1#953
Oct 18 09:08:52	named[1564]: could not open entropy source /dev/random: file not found
Oct 18 09:08:52	named[1564]: using pre-chroot entropy source /dev/random
Oct 18 09:08:52	named[1564]: the working directory is not writable
                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                Acabei de subir a versão 0.3 do pacote.

                                Principais novidades

                                • Corrigido o código de sincronia.

                                • Adicionado zonas do tipo redirect

                                • Opção de habilitar e desabilitar uma zona

                                • Adicionado opção para fazer o backup das chaves dnssec no XML do pfsense

                                • Os logs agoram ficam na aba Resolver do system logs(Talvez seja necessário dar boot ou reiniciar o syslogd)

                                • Um monte de opções de log

                                Como a implementação do DNSSEC agora já é trivial, recomendo esta configuração para domínios exernos.
                                Só precisa habilitar na zona e incluir no registro.br as chaves DS já listadas na interface gráfica.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                E 1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by

                                  Mais alguém já teve tempo de testar esta última versão?

                                  Estou pensando em mudar o status para release, uma vez que aqui está rodando 100%

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • marcosjostM
                                    marcosjost
                                    last edited by

                                    @marcelloc:

                                    Mais alguém já teve tempo de testar esta última versão?

                                    Estou pensando em mudar o status para release, uma vez que aqui está rodando 100%

                                    Acabei de copiar as zonas do outro server que ta rodando com a 0.2 e nao deu problemas….criou as zonas e configs tudo certo....segunda vou conectar os links nele.

                                    1 Reply Last reply Reply Quote 0
                                    • N
                                      Nio
                                      last edited by

                                      Estou agenciando para próxima quarta-feira a atualização, se puder esperar é melhor.

                                      Nielsen

                                      ..:: Free Solutions ::..

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        ok. Subi mais duas alterações no código sem mudar a versão.

                                        • campo custom zone records - para uma migração "intermediária/rápida"

                                        • Como os logs estão indo para o syslog do pfsense, removi as funções que criavam e removiam o arquivo de log.

                                        Testei hoje incluir o backup das chaves DNSSEC no XML e passar as zonas slaves do servidor de backup para master. Funcionou 100%  ;D.
                                        As chaves do DNSSEC foram gravadas, transmitidas na sincronização e salvas no servidor de backup.

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • G
                                          gilmarcabral
                                          last edited by

                                          Parabens Marcelloc por mais esta otima contribuição para o PF.
                                          Em breve irei fazer com este pacote para ver como ele se comporta no lugar de um debian com bind atuando como cache.

                                          1 Reply Last reply Reply Quote 0
                                          • N
                                            Nio
                                            last edited by

                                            Já tenho ele rodando como cache e está 100% a princípio, tenho cerca de 150 clientes dia !

                                            Nielsen

                                            ..:: Free Solutions ::..

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.