DHCP updates stopped working after the upgrade to 2.2

sirtow

Hi, i had a working setup with dhcp and bind server on pfsense 2.1.5 . dhcp was correctly updating both forward and reverse zones.
After the update to 2.2 , the updates stopped working. I can see the following message in DHCP log :

dhcpd: Unable to add forward map from server.domain to 172.16.90.33: not found

Checked again bind configuration page and noticed a message about disabling DNS forwarder and resolver. Did as was instructed but yet, no updates and same message.
Did some searching on the net but all i was able to find is the mismatch between zone names in dhcp/bind, which i already checked.

Would appreciate any advise ..
Thanks!

marcelloc

Can you check if unbound is not enabled too? It's a new service/feature on 2.2 for dns.

kejianshi

That updates function can be lost if unbound is activated AND there are not DNS servers listed in system > general AND Do not use the DNS Forwarder as a DNS server for the firewall isn't checked AND  Allow DNS server list to be overridden by DHCP/PPP on WAN isn't checked

sirtow

Thank you all for prompt response. this is what i got for now:

• Services: DNS forwarder: Enable DNS forwarder is un-checked

• Services: DNS Resolver: Enable DNS Resolver is un-checked

• System: General Setup: One entry for DNS servers pointing to 127.0.0.1

• Services: DNS forwarder :  Do not forward private reverse lookup is un-checked

• System: General Setup: Allow DNS server list to be overridden by DHCP/PPP on WAN is un-checked

Seems everything is configured as it supposed to be  but yet i get this message and my zones are not updated.
What am i missing?

kejianshi

"System: General Setup: One entry for DNS servers pointing to 127.0.0.1" - I'd remove that

"Services: DNS Resolver: Enable DNS Resolver is un-checked" - Ummmmm - I think I'd put a check there (-:

after that, in system > general, I'd also put a check in "Do not use the DNS Forwarder as a DNS server for the firewall"

sirtow

Thanks . ill try this but i was confused by the following statement on Bind Service configuration screen:

Enable BIND
Enable BIND DNS server
Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND.

My goal is to use bind as a DNS server and have dhcp server to update forward/reverse mapping. I just not sure i understand how DNS Resolver(Unbound ) fits in to this picture working together with  named and dhcpd.

Thanks

kejianshi

Haha - You seriously need to pick 1 DNS resolver/forwarder and stick with it and then deactivate / uninstall the rest.

If you want BIND from the packages, then deactivate both resolver and forwarder I'd guess.

If you want unbound, use the one BUILT INTO pfsense 2.2 and uninstall BIND and deactivate forwarder.

You don't get better DNS by running a bunch of forwarders and resolvers.

Personally, I'd run Unbound, which is being called "DNS Resolver" and I would uninstall BIND and turn off DNS forwarder.

But whatever you prefer and need.  Do you have a particular need for BIND?

kejianshi

BTW - When I answered, I had previously totally glossed over the fact that you had been using BIND - My bad.

Still - I do prefer unbound unless you have some great reason to persist with bind.

sirtow

I dont want to start another topic of bind vs unbound vs… dont have anything against any of those (for now) .Im trying to bring my net back after pfsense update and then to do an intelligent decision (maybe even with your help :) )
So i just verified that nsupdate  works from cli and correctly updates bind zones.
So the next step is to make sure that dhcpd actually send update requests to correct DNS server (mine at 127.0.0.1)
Any idea where to dig?

kejianshi

I'm clueless on that (Bind) and several other subjects (-:
I will follow the thread though.

Later if you decide on either unbound or dnsmasq, thats easy enough.
Primary reason I'd favor unbound is its the new default and built into the base BSD distro.  Thinking better vetted.

sirtow

After poking around i was able to solve the problem. I'm sharing my findings hopefully it will help others.
From what i was able to find, dhcpd supposed to use  SOA record to locate DNS server to send DNS updates to. This was working fine on pfsense 2.1.5 (not sure what version of dhcpd it has).The only configuration i had is the domain name under Dynamic DNS section of DHCP server.

Now, with 2.2 i added primary dns and key information (which i took from:```
/cf/named/etc/namedb/named.conf