RFC2136 not working on pfsense 2.1.4 - cant figure out why

  • Hi guys,

    I previously had this working fine but at some point it stopped working. What strikes me as odd is that I have no notices in my DNS server that queries are even being attempted. I've changed a lot to try to get this to work.. so I'd rather start from scratch.

    Here's the PFsense rfc2136 settings I have:
    Enable: Checked
    Interface to monitor: WAN (contains public IP)
    Hostname: hostname to update on DNS records
    Fully qualified hostname of the host to be updated
    TTL: 60 seconds
    Key name key.name (same as on server)
    This must match the setting on the DNS server.
    Key type Zone  Host  User X
    Key HMAC-MD5 Key - same as on server
    Paste an HMAC-MD5 key here.
    Server: DNS server FQDN
    Protocol: X Use TCP instead of UDP
    Use Public IP If the interface IP is private, attempt to fetch and use the public IP instead.

    On my DNS server (Debian) I have:
    key key.name {
            algorithm hmac-md5;
            secret "HMAC-MD5 Key";

    include "/etc/bind/dns.keys.conf";
    include "/etc/bind/named.conf.local";

    zone "d.progenynet.net" {
            type master;
            file "/etc/bind/db.d.progenynet.net";
            notify yes;
            allow-transfer { slaves; };
            allow-update { key key.name; };

    now when I force the update on PFSense I get this in its logs:
    Jul 8 10:34:05 php: /services_rfc2136_edit.php: phpDynDNS: updating cache file /conf/dyndns_wan_rfc2136_'hostname.to.update'_server.to.update.cache: wan.ip

    Unfortunately I see no such log on my bind server to show refused or otherwise.
    grep -i "named.*hostname.to.update" syslog
    no results
    grep -i "named.*wan.ip" syslog
    no results

    Please let me know if I omitted anything or if you have suggestions to check. Thanks in advance!


  • I know this is heavily sanitized. If you want we can coordinate a way to discuss this off the board and I'll give you the unsanitized info.. but your guys' help is appreciated in advance.


  • Well, I decided to do a packet capture to log any traffic to the server on port 53 in any protocol. Then I did an edit and "save and force update"

    I've got an empty packet capture… I'm pretty confident this is a bug now. I've verified through the built in resolver that pfsense is able to resolve the hostname but it's not even trying to update.

  • I had a friend try out my settings on this version and it worked:
    2.1-RELEASE (i386)
    built on Wed Sep 11 18:16:44 EDT 2013
    FreeBSD 8.3-RELEASE-p11

    How can I file a bug or does a dev need more info?

  • Rebel Alliance Developer Netgate

    It works for me on 2.1.4


    Interface: WAN
    Hostname: myhostname
    TTL: 30
    Key Name: myhostname
    Key Type: host
    Key: blahblahmykeyblah
    Server: x.x.x.x
    (unchecked, so UDP)


    Maybe try with the last two unchecked, see if that at least gets it to make a query. Or try the server by IP rather than hostname (though hostname should work provided your firewall's DNS isn't b0rked.)

  • That worked! I'll take it and not ask why ;) I unchecked use tcp and put in the IP.


Log in to reply