Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind VIEWS -> access denied?

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi all!

      I installed the bind package in my pfSense 2.x (up-to-date).

      I can use the pfSense now as resolver as shown:

      root@srv:/# dig @pfsense www.google.de
      
      ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @pfsense www.google.de
      ; (1 server found)
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65496
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
      
      ;; QUESTION SECTION:
      ;www.google.de.                 IN      A
      
      ;; ANSWER SECTION:
      www.google.de.          195     IN      A       216.58.209.131
      
      ;; AUTHORITY SECTION:
      google.de.              84734   IN      NS      ns1.google.com.
      google.de.              84734   IN      NS      ns4.google.com.
      google.de.              84734   IN      NS      ns2.google.com.
      google.de.              84734   IN      NS      ns3.google.com.
      
      ;; ADDITIONAL SECTION:
      ns1.google.com.         171073  IN      A       216.239.32.10
      ns2.google.com.         171073  IN      A       216.239.34.10
      ns3.google.com.         171073  IN      A       216.239.36.10
      ns4.google.com.         171073  IN      A       216.239.38.10
      
      ;; Query time: 2 msec
      ;; SERVER: 192.168.10.2#53(192.168.10.2)
      ;; WHEN: Sun Oct 18 20:56:44 2015
      ;; MSG SIZE  rcvd: 193
      

      All seems to be fine. Now I added a zone as a slave zone. Let's call it "local.de". The master server is configured and allows zone transfers.
      See (reverse) log file, so far it is great:

      Oct 18 20:27:32 	named[61931]: running
      Oct 18 20:27:32 	named[61931]: all zones loaded
      Oct 18 20:27:32 	named[61931]: zone local.de/IN/LOCAL: loaded serial 176
      

      I let the ACL settings on the default values so I have any, none, localhost and localnet.
      Then I added a VIEW called "LOCAL" and used for "match-clients" the default ACL "any".

      Now I created a new ZONE (as slave zone), configured the master server properly and assigned the VIEW "LOCAL" to it.

      I still can query the named with any hostnames- but it gives me no result for my "local.de". The log file states "access denied":

      Oct 18 21:02:28 	named[41114]: client 192.168.10.10#48569 (www.local.de): view LOCAL: query 'www.local.de/A/IN' denied
      

      Anyone having a clue what I did wrong here?

      Thanks!

      /KNEBB

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        Hi!

        Solved it on my own!

        I had to set the "allow-query" to localhost and localnets. Even though this setting seems to be irrelevant as it is under the "Master Zone Configuration" part….

        Now it is working fine!

        /KNEBB

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.