Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP updates stopped working after the upgrade to 2.2

    Scheduled Pinned Locked Moved DHCP and DNS
    11 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sirtow
      last edited by

      Hi, i had a working setup with dhcp and bind server on pfsense 2.1.5 . dhcp was correctly updating both forward and reverse zones.
      After the update to 2.2 , the updates stopped working. I can see the following message in DHCP log :

      dhcpd: Unable to add forward map from server.domain to 172.16.90.33: not found
      

      Checked again bind configuration page and noticed a message about disabling DNS forwarder and resolver. Did as was instructed but yet, no updates and same message.
      Did some searching on the net but all i was able to find is the mismatch between zone names in dhcp/bind, which i already checked.

      Would appreciate any advise ..
      Thanks!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Can you check if unbound is not enabled too? It's a new service/feature on 2.2 for dns.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          That updates function can be lost if unbound is activated AND there are not DNS servers listed in system > general AND Do not use the DNS Forwarder as a DNS server for the firewall isn't checked AND  Allow DNS server list to be overridden by DHCP/PPP on WAN isn't checked

          1 Reply Last reply Reply Quote 0
          • S
            sirtow
            last edited by

            Thank you all for prompt response. this is what i got for now:

            • Services: DNS forwarder: Enable DNS forwarder is un-checked

            • Services: DNS Resolver: Enable DNS Resolver is un-checked

            • System: General Setup: One entry for DNS servers pointing to 127.0.0.1

            • Services: DNS forwarder :  Do not forward private reverse lookup is un-checked

            • System: General Setup: Allow DNS server list to be overridden by DHCP/PPP on WAN is un-checked

            Seems everything is configured as it supposed to be  but yet i get this message and my zones are not updated.
            What am i missing?

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              "System: General Setup: One entry for DNS servers pointing to 127.0.0.1" - I'd remove that

              "Services: DNS Resolver: Enable DNS Resolver is un-checked" - Ummmmm - I think I'd put a check there (-:

              after that, in system > general, I'd also put a check in "Do not use the DNS Forwarder as a DNS server for the firewall"

              1 Reply Last reply Reply Quote 0
              • S
                sirtow
                last edited by

                Thanks . ill try this but i was confused by the following statement on Bind Service configuration screen:

                Enable BIND
                Enable BIND DNS server
                Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND.

                My goal is to use bind as a DNS server and have dhcp server to update forward/reverse mapping. I just not sure i understand how DNS Resolver(Unbound ) fits in to this picture working together with  named and dhcpd.

                Thanks

                1 Reply Last reply Reply Quote 0
                • K
                  kejianshi
                  last edited by

                  Haha - You seriously need to pick 1 DNS resolver/forwarder and stick with it and then deactivate / uninstall the rest.

                  If you want BIND from the packages, then deactivate both resolver and forwarder I'd guess.

                  If you want unbound, use the one BUILT INTO pfsense 2.2 and uninstall BIND and deactivate forwarder.

                  You don't get better DNS by running a bunch of forwarders and resolvers.

                  Personally, I'd run Unbound, which is being called "DNS Resolver" and I would uninstall BIND and turn off DNS forwarder.

                  But whatever you prefer and need.  Do you have a particular need for BIND?

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    BTW - When I answered, I had previously totally glossed over the fact that you had been using BIND - My bad.

                    Still - I do prefer unbound unless you have some great reason to persist with bind.

                    1 Reply Last reply Reply Quote 0
                    • S
                      sirtow
                      last edited by

                      I dont want to start another topic of bind vs unbound vs… dont have anything against any of those (for now) .Im trying to bring my net back after pfsense update and then to do an intelligent decision (maybe even with your help :) )
                      So i just verified that nsupdate  works from cli and correctly updates bind zones.
                      So the next step is to make sure that dhcpd actually send update requests to correct DNS server (mine at 127.0.0.1)
                      Any idea where to dig?

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        I'm clueless on that (Bind) and several other subjects (-:
                        I will follow the thread though.

                        Later if you decide on either unbound or dnsmasq, thats easy enough.
                        Primary reason I'd favor unbound is its the new default and built into the base BSD distro.  Thinking better vetted.

                        1 Reply Last reply Reply Quote 0
                        • S
                          sirtow
                          last edited by

                          After poking around i was able to solve the problem. I'm sharing my findings hopefully it will help others.
                          From what i was able to find, dhcpd supposed to use  SOA record to locate DNS server to send DNS updates to. This was working fine on pfsense 2.1.5 (not sure what version of dhcpd it has).The only configuration i had is the domain name under Dynamic DNS section of DHCP server.

                          Now, with 2.2 i added primary dns and key information (which i took from:```
                          /cf/named/etc/namedb/named.conf

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.