RFC2136 not working on pfsense 2.1.4 - cant figure out why

PertFlavus

Hi guys,

I previously had this working fine but at some point it stopped working. What strikes me as odd is that I have no notices in my DNS server that queries are even being attempted. I've changed a lot to try to get this to work.. so I'd rather start from scratch.

Here's the PFsense rfc2136 settings I have:
Enable: Checked
Interface to monitor: WAN (contains public IP)
Hostname: hostname to update on DNS records
Fully qualified hostname of the host to be updated
TTL: 60 seconds
Key name key.name (same as on server)
This must match the setting on the DNS server.
Key type Zone  Host  User X
Key HMAC-MD5 Key - same as on server
Paste an HMAC-MD5 key here.
Server: DNS server FQDN
Protocol: X Use TCP instead of UDP
Use Public IP If the interface IP is private, attempt to fetch and use the public IP instead.
Description

On my DNS server (Debian) I have:
keys.dns.conf:
key key.name {
        algorithm hmac-md5;
        secret "HMAC-MD5 Key";
};

named.conf:
include "/etc/bind/dns.keys.conf";
include "/etc/bind/named.conf.local";

named.conf.local:
zone "d.progenynet.net" {
        type master;
        file "/etc/bind/db.d.progenynet.net";
        notify yes;
        allow-transfer { slaves; };
        allow-update { key key.name; };
};

now when I force the update on PFSense I get this in its logs:
Jul 8 10:34:05 php: /services_rfc2136_edit.php: phpDynDNS: updating cache file /conf/dyndns_wan_rfc2136_'hostname.to.update'_server.to.update.cache: wan.ip

Unfortunately I see no such log on my bind server to show refused or otherwise.
grep -i "named.*hostname.to.update" syslog
no results
grep -i "named.*wan.ip" syslog
no results

Please let me know if I omitted anything or if you have suggestions to check. Thanks in advance!

Matt

PertFlavus

I know this is heavily sanitized. If you want we can coordinate a way to discuss this off the board and I'll give you the unsanitized info.. but your guys' help is appreciated in advance.

Matt

PertFlavus

Well, I decided to do a packet capture to log any traffic to the server on port 53 in any protocol. Then I did an edit and "save and force update"

I've got an empty packet capture… I'm pretty confident this is a bug now. I've verified through the built in resolver that pfsense is able to resolve the hostname but it's not even trying to update.

PertFlavus

I had a friend try out my settings on this version and it worked:
2.1-RELEASE (i386)
built on Wed Sep 11 18:16:44 EDT 2013
FreeBSD 8.3-RELEASE-p11

How can I file a bug or does a dev need more info?

jimp

It works for me on 2.1.4

Enable

Interface: WAN
Hostname: myhostname
TTL: 30
Key Name: myhostname
Key Type: host
Key: blahblahmykeyblah
Server: x.x.x.x

(unchecked, so UDP)

(unchecked)

Maybe try with the last two unchecked, see if that at least gets it to make a query. Or try the server by IP rather than hostname (though hostname should work provided your firewall's DNS isn't b0rked.)

PertFlavus

That worked! I'll take it and not ask why ;) I unchecked use tcp and put in the IP.

Thanks!