Bind: resolve for internal zone doesn´t work
i installed the newest version of pfsense and bind. The aim is, that clients should be able to resolve ""test.test.intra". This is, what i did:
disable the internal DNS Forwarder and Resolver
create Zone "test.intra", Zone Type: Master, Name of the Zone-Server 127.0.0.1, allow-query:any
add A-entry "test" with the IP: "192.168.1.2"
The DNS works fine with external Domains, but when i start "nslookup test.test.intra from the client, i get an Error: "Non-Existent domain".
Can you help, please?
This may sound a little simplistic, but is your client using your Bind server as it's primary name server? For instance, if you run 'nslookup test.test.intra <ip-of-bind-server>', do you get a correct response?</ip-of-bind-server>
Thank you for your responese, but it doesn´t work with your proposal.
Have you enabled Bind to listen on the internal NIC? It might be worth your while checking that you've set up Bind correctly - see the following article: http://blog.muhammadattique.com/configuring-bind-dns-server-on-pfsense-firewall/
I already read the article before i posted here ;)
Yes, i enabled Bind on the Lan-interface
Might be an idea if you could post a screenshot of your Bind config. For completeness, you could also post a screen-grab of your DHCP config screen.
It would be a great help if you could compare your settings with my screenshots.
Maybe it would work better if you checked Listen on loopback since you are pointing there in your zones?
Thank you, but it doesn´t work with "loopback". Even external resolutions don´t work with this setting.
Post the text configs. Not using this package and not really keen on reading the code to guess what's the GUI stuff transformed to.
where can i find the text configs?
I ran into this problem too and I believe that the GUI is not generating a zone file for BIND. I can't find anything about my zone in /cf/named.
I opened a bug about this already: https://redmine.pfsense.org/issues/4554
Is there a way I can get debug logging from the GUI?
/cf/named is NOT the place to look to.
Looks like my problem was that I did not have a view configured. I added a view for my zone and now the zone files are being generated, and guess where they are, in /cf/named! Amazing!
Finally got my configuration working.
Tips & gotchas…
1. You must first create a View and select that in your Zone, otherwise the GUI will not generate a zone config file.
2. You must set your zone to allow-query or everyone will be denied access to it by default.
3. If you specify a forwarding server, you must end it with a semicolon (even if there's only one) or the GUI will generate an invalid config and BIND will not start.
Everything else was pretty straightforward. I'll update if I think of any more tips.
Thanks for all your help!
SixXxShooTeR last edited by
Have you got it working yet Warrender? Is there a guide to setting up BIND on pfSense, I could only find this resource…
With your help it works now!
The trick is that you have to create a view and select that view in your Zone as Peircean wrote. I also have to set "view"-"match clients" -"any".
I also found only this guide.
narko last edited by
Hi, I am trying to do the same but still didn't achieve it by following your steps. Do you use any firewall rule for the DNS? Are you running the DHCP server also on pfsense? Please any help is gratefully appreciated :)