BIND forwarding is not working
-
Good luck with repeating "RECURSION IS NOT WORKING" hundred more times… ::)
step by step video
http://sendvid.com/9eidvwdm
https://www.youtube.com/watch?v=cdSBgQWZIkM -
So you want me to watch a 12 min video.. of you testing the dns resolver?? What does that have to do with BIND??
If you want help.. post up some screenshots of your config and your query results… See what I posted - took all of like a minute to put together an post up..
-
So you want me to watch a 12 min video.. of you testing the dns resolver?? What does that have to do with BIND??
If you want help.. post up some screenshots of your config and your query results… See what I posted - took all of like a minute to put together an post up..
it's hard for you to watch the video where I illustrated that bug with BIND step by step and with every my config's showing up?
-
So you want me to watch a 12 min video.. of you testing the dns resolver?? What does that have to do with BIND??
If you want help.. post up some screenshots of your config and your query results… See what I posted - took all of like a minute to put together an post up..
it's hard for you to watch the video where I illustrated that bug with BIND step by step and with every my config's showing up?
Dude, the first second of your video clearly shows that you are using a 192.168 address on your WAN side. That tells me there is other equipment between pfSense and the "real" Internet.
Obviously, if recursion really didn't work, the thousands of users that use pfSense every day would all be complaining. Since there is only one person complaining, logically the problem lies in your setup. -
Dude, the first second of your video clearly shows that you are using a 192.168 address on your WAN side. That tells me there is other equipment between pfSense and the "real" Internet.
Obviously, if recursion really didn't work, the thousands of users that use pfSense every day would all be complaining. Since there is only one person complaining, logically the problem lies in your setup.- yes, I'm using private ips on my test setup, but the original hardware has real ip and problem still occurs, so it's definitely not the addressing issue
- I didn't said that pfSenses recursion isn't working, I was just saying that BIND RECURSION ISN'T WORKING AS IT SHOULD!
Again:
I did a clean&fresh setup of latest pfSense and BIND package. NOTHING ELSE!
Disabled pfSenses build-in dns resolver & forwarder.
General setup -> dns servers -> 127.0.0.1
BIND -> enable forwarding - checked
forwarder IPs -> 192.168.64.1;192.168.64.2;
WORKING FLAWLESSLYBut when I created a test zone (straight & reverse) then BIND immediately STOPS to forward dns requests to upstream servers with aforementioned error in logs.
And even if (as you suggested above) my zones were set up incorrectly, then why the heck BIND still refuses to forward requests when I completely deleted all of my zones?!P.S. I'm not at work right now, so can't post any configs so if you want something specific - request it and I'll post it later
-
Dude your video wasn't even using BIND!!! Sorry but I don't have time to sit through a 12 minute blurry video of someone tooling around different setting in pfsense and having to pause the video to try and look over the config and then its so shitty quality that hard to make out specific details like exact IP for example you were setting dns other than they where .2 and .3 something and started with 192.168..
As I showed you it took me all of like 30 seconds to get bind up and running.. This really is point and click if its not working for you your doing something wrong.. Are you not creating your views, are you not setting who can query your local zone? I posted up my configs - lets see your configs.. And then maybe we can spot what you missed… But NO I am not going to attempt to gather that info from some 12 min video sorry!
-
I certainly do NOT have time to watch videos. All I can say it's critical to set up views properly when configuring this (you can also use the fine search box here to get the same experience from others).
Other than that, it just works.
-
I certainly do NOT have time to watch videos. All I can say it's critical to set up views properly when configuring this (you can also use the fine search box here to get the same experience from others).
Other than that, it just works.
well, you asked for pictures, so here they are
 -
So you tick forwarding and wonder why recursion is not working?!?! Did you read the description under that option?!!?!? That ain't Bind on pfSense refusing to do the recursion. Debug the 192.168.x.x you entered there (or untick the checkbox!).
-
So you tick forwarding and wonder why recursion is not working?!?! Did you read the description under that option?!!?!? That ain't Bind on pfSense refusing to do the recursion. Debug the 192.168.x.x you entered there (or untick the checkbox!).
64.1 & 64.2 are our main dns servers. BIND should serve lan1 zone and forward all other requests recursively to these servers
-
64.1 & 64.2 are our main dns servers. BIND should serve lan1 zone and forward all other requests recursively to these servers
Dude. May I suggest to read the fine description of the forwarding checkbox once again? Bind will NOT perform any recursion when set up as forwarder. Period.
-
64.1 & 64.2 are our main dns servers. BIND should serve lan1 zone and forward all other requests recursively to these servers
Dude. May I suggest to read the fine description of the forwarding checkbox once again? Bind will NOT perform any recursion when set up as forwarder. Period.
You are absolutely right. It seems that we have a misunderstanding. I really meant forwarding when I was speaking about recursion… my bad
Now, concerning my setup:
BIND should serve lan1 zone and FORWARD all other requests to our upper dns servers (192.168.64.1;192.168.64.2;)
But it doesn't work >:( -
And as noted earlier, you should investigate why are those servers not answering the DNS queries… "It doesn't work" ain't a useful description. Do the queries reach your DNS servers? Are those DNS servers set up to allow recursion?
-
And as noted earlier, you should investigate why are those servers not answering the DNS queries… "It doesn't work" ain't a useful description. Do the queries reach your DNS servers? Are those DNS servers set up to allow recursion?
All these dns servers are working. As I said before, BIND works well, until I add any zone, check pictures I posted
and even if I delete all zones, it still doesn't work ;(
BUT if I disable BIND and turn on built-in dns forwarder - everything begins to work instantlyI did a clean&fresh setup of latest pfSense and BIND package. NOTHING ELSE!
Disabled pfSenses build-in dns resolver & forwarder.
General setup -> dns servers -> 127.0.0.1
BIND -> enable forwarding - checked
forwarder IPs -> 192.168.64.1;192.168.64.2;
WORKING FLAWLESSLYBut when I created a test zone (straight & reverse) then BIND immediately STOPS to forward dns requests to upstream servers with aforementioned error in logs.
-
Good luck. You need to answer the questions asked and perform some logical troubleshooting, instead of repeating over and over and over and over and over again how bind does not work. Waste of time. You have already told us zillion times that it doesn't work, that's absolutely USELESS "information". ::)
-
Good luck. You need to answer the questions asked and perform some logical troubleshooting, instead of repeating over and over and over and over and over again how bind does not work. Waste of time. You have already told us zillion times that it doesn't work, that's absolutely USELESS "information". ::)
I gave you all information I have, what else you want?!
I even made you a video but you declined to view it!!! -
Do the queries reach your DNS servers? Are those DNS servers set up to allow recursion?
^^^ Perhaps you could start reading… and perform some common sense troubleshooting, we don't give a damn about repeating how much it doesn't work.
-
^^^ Perhaps you could start reading… and perform some common sense troubleshooting, we don't give a damn about repeating how much it doesn't work.
Perhaps YOU should START READING MY POSTS before posting such pearls lol
And as noted earlier, you should investigate why are those servers not answering the DNS queries… "It doesn't work" ain't a useful description. Do the queries reach your DNS servers? Are those DNS servers set up to allow recursion?
WHERE DID YOU GET THAT MY DNS SERVERS ARE NOT ACCEPTING DNS QUERIES!?
did you ever looked at the pictures I posted earlier?! or you @doktornotor:I certainly do NOT have time to watch
them but have so much time to post useless answers instead?
I said you many times before -
All these dns servers are working. As I said before, BIND works well, until I add any zone, check pictures I posted
and even if I delete all zones, it still doesn't work ;(
BUT if I disable BIND and turn on built-in dns forwarder - everything begins to work instantlyI did a clean&fresh setup of latest pfSense and BIND package. NOTHING ELSE!
Disabled pfSenses build-in dns resolver & forwarder.
General setup -> dns servers -> 127.0.0.1
BIND -> enable forwarding - checked
forwarder IPs -> 192.168.64.1;192.168.64.2;
WORKING FLAWLESSLYit's BIND WHO DOESN'T ACCEPT QUERIES after configuring views & zones!
check the pictures I posted ffs!P.S. it's definitely VIEWS issue. it just doesn't matter what I'm entering there. Using built-in ACLs, no zones defined:
recursion -> yes
match-clients -> any
allow-recursion -> any
named[50020]: query-errors: debug 1: client 192.168.83.20#1585 (google.com): view test: query failed (SERVFAIL) for google.com/IN/A at query.c:6217recursion -> no
match-clients -> any
allow-recursion -> any
named[78330]: query-errors: debug 1: client 192.168.83.20#2431 (google.com): view test: query failed (SERVFAIL) for google.com/IN/A at query.c:6221pfSense can't resolve addresses itself too:
named[5197]: query-errors: debug 1: client 127.0.0.1#35576 (0.pfsense.pool.ntp.org): view test: query failed (SERVFAIL) for 0.pfsense.pool.ntp.org/IN/AAAA at query.c:6217
named[41921]: query-errors: debug 1: client 127.0.0.1#42011 (0.pfsense.pool.ntp.org): view test: query failed (SERVFAIL) for 0.pfsense.pool.ntp.org/IN/A at query.c:6221Deleting all views and rebooting the pfSense restores BIND forwarding
-
$ignore_list++
WTF really… ::) >:(
-
query.c:6217
query.c:6221well you can look at the source code to what those failures are exactly
not sure if this is same version the package is running, but
https://github.com/fanf2/bind-9/blob/master/bin/named/query.cit doesn't seem like since the line numbers don't actually match up.. .those errors in query.c point to the line number where it failed. If I recall query.c is when there is an authoritative query.. so way I read those errors is bind is not authoritative for what you asking for..
For one I really don't like your single labels – its really bad practice to use single label names...
I would get your authoritative working first... then try and change to your forwarder mode.. have your local domains working, in bind - then add the forwarders for stuff your not authoritative for.
this is really simple stuff.. Clickity Clickity.. But I would never in a million years use a single label.. So maybe it doesn't like that? I believe I was leaving bind in resolver mode... When I get a chance I will fire up that vm I setup again and change it to forward on vs doing actual recursive. You don't seem to have any A records at all set... So again before you try and forward, why don't you make sure your views and everything else is working for you resolving your stuff your wanting to be authoritative for.. Looks like you want it to add hots from dhcp reservations, etc.. Those should resolve, then set up forwarding.
