Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bind VIEWS -> access denied?

    pfSense Packages
    1
    2
    874
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      knebb last edited by

      Hi all!

      I installed the bind package in my pfSense 2.x (up-to-date).

      I can use the pfSense now as resolver as shown:

      root@srv:/# dig @pfsense www.google.de

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @pfsense www.google.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65496
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;www.google.de.                 IN      A

;; ANSWER SECTION:
www.google.de.          195     IN      A       216.58.209.131

;; AUTHORITY SECTION:
google.de.              84734   IN      NS      ns1.google.com.
google.de.              84734   IN      NS      ns4.google.com.
google.de.              84734   IN      NS      ns2.google.com.
google.de.              84734   IN      NS      ns3.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         171073  IN      A       216.239.32.10
ns2.google.com.         171073  IN      A       216.239.34.10
ns3.google.com.         171073  IN      A       216.239.36.10
ns4.google.com.         171073  IN      A       216.239.38.10

;; Query time: 2 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sun Oct 18 20:56:44 2015
;; MSG SIZE  rcvd: 193

      All seems to be fine. Now I added a zone as a slave zone. Let's call it "local.de". The master server is configured and allows zone transfers.
      See (reverse) log file, so far it is great:

      Oct 18 20:27:32 	named[61931]: running
Oct 18 20:27:32 	named[61931]: all zones loaded
Oct 18 20:27:32 	named[61931]: zone local.de/IN/LOCAL: loaded serial 176

      I let the ACL settings on the default values so I have any, none, localhost and localnet.
      Then I added a VIEW called "LOCAL" and used for "match-clients" the default ACL "any".

      Now I created a new ZONE (as slave zone), configured the master server properly and assigned the VIEW "LOCAL" to it.

      I still can query the named with any hostnames- but it gives me no result for my "local.de". The log file states "access denied":

      Oct 18 21:02:28 	named[41114]: client 192.168.10.10#48569 (www.local.de): view LOCAL: query 'www.local.de/A/IN' denied

      Anyone having a clue what I did wrong here?

      Thanks!

      /KNEBB

      1 Reply Last reply Reply Quote 0
      • K
        knebb last edited by

        Hi!

        Solved it on my own!

        I had to set the "allow-query" to localhost and localnets. Even though this setting seems to be irrelevant as it is under the "Master Zone Configuration" part….

        Now it is working fine!

        /KNEBB

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy