Bind 0.4.2 on pfSense 2.2.5 , unable to serve zones



  • I have recently setup bind on pfSense.  I have a basic/working knowledge of the bind/named process (having set it up several times before on Linux including configuring zones, etc…).  After setting up a zone on pfSense I found that it wasn't resolving on my local network. 
    Here's a brief description of the current settings:

    BIND: DNS Settings
    Settings (tab)
    Daemon Setings


      IP Version = IPv4
      Listen On = LAN,Loopback  are selected
    Logging Options

      Logging Severity = Critical
      Logging Options = 'Default'

    Zones (tab)
    shows this line:
      status = Enabled  , Name = localdomain (I've also tested this with 'myexample.com' and it didn't work), type = master, views= (empty)
    Master Zone Configuration (section)
      TTL = 60 (for testing)
      Name Server = (LAN-IP of my pfSense setup)
      Base Domain IP = (LAN-IP of my pfSense setup)
      Mail Admin Zone =  (tried this blank, and also as root.localdomain, or root.myexample.com)
      Serial = (assigned by pfSense)
      Refresh = (assigned by pfSense)
      Retry = (assigned by pfSense)
      Expire = (assigned by pfSense)
      Minimum = (assigned by pfSense)
      Allow update = none
      Allow query = any
      Allow transfer = none

    Zone Domain Records (still on Zones tab)
      Record = findme , Type = A , Priority = (blank) , IP address = a random IP on my test network, same network as the LAN

    –----------
    After saving all of that then coming back into the record I also observe that the 'Resulting zone config file' is empty.

    It appears behind the scenes, that the configuration file for this process is actually stored under
    /cf/named/etc/namedb/named.conf

    If I look in this file I do not see declarations for any zone that I create, which to my understanding is why is one reason I would not have any resolution on the zones.  I'm not sure where the zonefiles themselves would be stored I would have checked there as well.  The location /usr/pbi/bind-amd64/  and it's subdirectories seem to have the program only.

    Offhand it looks like the scripts that build the named.conf file are not entering in information for the zones that are defined.  Since I'm not sure where the zone files would be stored I couldn't check there but doing a 'find /*|grep -i myexample'  does not give me any files with that name as part of the filename.

    If I've failed to setup something in the GUI please advise.

    Otherwise - it appears that the BIND 0.4.2 (and 0.4.1 which I had setup first) on pfSense 2.2.5  is not working correctly.

    Please advise if you see my error or (for the maintainer) please repair.  Thanks!

    To the maintainer:  Thank you for porting this to pfSense and creating a front-end for it's management!



  • @Eagle72:

    I have recently setup bind on pfSense.  I have a basic/working knowledge of the bind/named process (having set it up several times before on Linux including configuring zones, etc…).  After setting up a zone on pfSense I found that it wasn't resolving on my local network. 
    Here's a brief description of the current settings:

    BIND: DNS Settings
    Settings (tab)
    Daemon Setings


      IP Version = IPv4
      Listen On = LAN,Loopback  are selected
    Logging Options

      Logging Severity = Critical
      Logging Options = 'Default'

    Zones (tab)
    shows this line:
      status = Enabled  , Name = localdomain (I've also tested this with 'myexample.com' and it didn't work), type = master, views= (empty)
    Master Zone Configuration (section)
      TTL = 60 (for testing)
      Name Server = (LAN-IP of my pfSense setup)
      Base Domain IP = (LAN-IP of my pfSense setup)
      Mail Admin Zone =  (tried this blank, and also as root.localdomain, or root.myexample.com)
      Serial = (assigned by pfSense)
      Refresh = (assigned by pfSense)
      Retry = (assigned by pfSense)
      Expire = (assigned by pfSense)
      Minimum = (assigned by pfSense)
      Allow update = none
      Allow query = any
      Allow transfer = none

    Zone Domain Records (still on Zones tab)
      Record = findme , Type = A , Priority = (blank) , IP address = a random IP on my test network, same network as the LAN

    –----------
    After saving all of that then coming back into the record I also observe that the 'Resulting zone config file' is empty.

    It appears behind the scenes, that the configuration file for this process is actually stored under
    /cf/named/etc/namedb/named.conf

    If I look in this file I do not see declarations for any zone that I create, which to my understanding is why is one reason I would not have any resolution on the zones.  I'm not sure where the zonefiles themselves would be stored I would have checked there as well.  The location /usr/pbi/bind-amd64/  and it's subdirectories seem to have the program only.

    Offhand it looks like the scripts that build the named.conf file are not entering in information for the zones that are defined.  Since I'm not sure where the zone files would be stored I couldn't check there but doing a 'find /*|grep -i myexample'  does not give me any files with that name as part of the filename.

    If I've failed to setup something in the GUI please advise.

    Otherwise - it appears that the BIND 0.4.2 (and 0.4.1 which I had setup first) on pfSense 2.2.5  is not working correctly.

    Please advise if you see my error or (for the maintainer) please repair.  Thanks!

    To the maintainer:  Thank you for porting this to pfSense and creating a front-end for it's management!

    your zone setup is incorrect

    Name Server = NS.YOURDOMAIN
    Base Domain IP = YOUR LAN ADDRESS
    Mail Admin Zone =  HOSTMASTER.YOURDOMAIN
    Allow update = create ACL with definitions of who can update your zone (check ACLs tab)
    Allow query = any
    Allow transfer = none
    Zone Domain Records:
        record  type priority alias or ip address
          ns        A                  YOUR LAN IP

    also create a view for your zone:
    match-clients = ACL for your zone (or select any)
    allow-recursion = ACL for your zone (or select any)

    and don't forget to create reverse zone



  • Scissorfish:  Thank you very much - I tried the settings as you suggested and they worked - thanks a lot!

    So, just out of curiosity I re-tried these with just the views (which I had not previously needed to define myself in the simple-configuration I had under Linux - so this part was foreign to me).  Changing just the Views entry seems to have been the critical piece.  I then proceeded to make the other changes you recommended as well, but it seems the key part here was to define the view and associate it to the zones.  I did already have a reverse zone defined but didn't list that as I didn't want to give extraneous info.

    Again - Thank you very much for your help!


Log in to reply