Bind 0.4.2 on pfSense 2.2.5 , unable to serve zones
-
I have recently setup bind on pfSense. I have a basic/working knowledge of the bind/named process (having set it up several times before on Linux including configuring zones, etc…). After setting up a zone on pfSense I found that it wasn't resolving on my local network.
Here's a brief description of the current settings:BIND: DNS Settings
Settings (tab)
Daemon Setings
Enable Bind
IP Version = IPv4
Listen On = LAN,Loopback are selected
Logging Options
Enable Logging
Logging Severity = Critical
Logging Options = 'Default'Zones (tab)
shows this line:
status = Enabled , Name = localdomain (I've also tested this with 'myexample.com' and it didn't work), type = master, views= (empty)
Master Zone Configuration (section)
TTL = 60 (for testing)
Name Server = (LAN-IP of my pfSense setup)
Base Domain IP = (LAN-IP of my pfSense setup)
Mail Admin Zone = (tried this blank, and also as root.localdomain, or root.myexample.com)
Serial = (assigned by pfSense)
Refresh = (assigned by pfSense)
Retry = (assigned by pfSense)
Expire = (assigned by pfSense)
Minimum = (assigned by pfSense)
Allow update = none
Allow query = any
Allow transfer = noneZone Domain Records (still on Zones tab)
Record = findme , Type = A , Priority = (blank) , IP address = a random IP on my test network, same network as the LAN–----------
After saving all of that then coming back into the record I also observe that the 'Resulting zone config file' is empty.It appears behind the scenes, that the configuration file for this process is actually stored under
/cf/named/etc/namedb/named.confIf I look in this file I do not see declarations for any zone that I create, which to my understanding is why is one reason I would not have any resolution on the zones. I'm not sure where the zonefiles themselves would be stored I would have checked there as well. The location /usr/pbi/bind-amd64/ and it's subdirectories seem to have the program only.
Offhand it looks like the scripts that build the named.conf file are not entering in information for the zones that are defined. Since I'm not sure where the zone files would be stored I couldn't check there but doing a 'find /*|grep -i myexample' does not give me any files with that name as part of the filename.
If I've failed to setup something in the GUI please advise.
Otherwise - it appears that the BIND 0.4.2 (and 0.4.1 which I had setup first) on pfSense 2.2.5 is not working correctly.
Please advise if you see my error or (for the maintainer) please repair. Thanks!
To the maintainer: Thank you for porting this to pfSense and creating a front-end for it's management!
-
I have recently setup bind on pfSense. I have a basic/working knowledge of the bind/named process (having set it up several times before on Linux including configuring zones, etc…). After setting up a zone on pfSense I found that it wasn't resolving on my local network.
Here's a brief description of the current settings:BIND: DNS Settings
Settings (tab)
Daemon Setings
Enable Bind
IP Version = IPv4
Listen On = LAN,Loopback are selected
Logging Options
Enable Logging
Logging Severity = Critical
Logging Options = 'Default'Zones (tab)
shows this line:
status = Enabled , Name = localdomain (I've also tested this with 'myexample.com' and it didn't work), type = master, views= (empty)
Master Zone Configuration (section)
TTL = 60 (for testing)
Name Server = (LAN-IP of my pfSense setup)
Base Domain IP = (LAN-IP of my pfSense setup)
Mail Admin Zone = (tried this blank, and also as root.localdomain, or root.myexample.com)
Serial = (assigned by pfSense)
Refresh = (assigned by pfSense)
Retry = (assigned by pfSense)
Expire = (assigned by pfSense)
Minimum = (assigned by pfSense)
Allow update = none
Allow query = any
Allow transfer = noneZone Domain Records (still on Zones tab)
Record = findme , Type = A , Priority = (blank) , IP address = a random IP on my test network, same network as the LAN–----------
After saving all of that then coming back into the record I also observe that the 'Resulting zone config file' is empty.It appears behind the scenes, that the configuration file for this process is actually stored under
/cf/named/etc/namedb/named.confIf I look in this file I do not see declarations for any zone that I create, which to my understanding is why is one reason I would not have any resolution on the zones. I'm not sure where the zonefiles themselves would be stored I would have checked there as well. The location /usr/pbi/bind-amd64/ and it's subdirectories seem to have the program only.
Offhand it looks like the scripts that build the named.conf file are not entering in information for the zones that are defined. Since I'm not sure where the zone files would be stored I couldn't check there but doing a 'find /*|grep -i myexample' does not give me any files with that name as part of the filename.
If I've failed to setup something in the GUI please advise.
Otherwise - it appears that the BIND 0.4.2 (and 0.4.1 which I had setup first) on pfSense 2.2.5 is not working correctly.
Please advise if you see my error or (for the maintainer) please repair. Thanks!
To the maintainer: Thank you for porting this to pfSense and creating a front-end for it's management!
your zone setup is incorrect
Name Server = NS.YOURDOMAIN
Base Domain IP = YOUR LAN ADDRESS
Mail Admin Zone = HOSTMASTER.YOURDOMAIN
Allow update = create ACL with definitions of who can update your zone (check ACLs tab)
Allow query = any
Allow transfer = none
Zone Domain Records:
record type priority alias or ip address
ns A YOUR LAN IPalso create a view for your zone:
match-clients = ACL for your zone (or select any)
allow-recursion = ACL for your zone (or select any)and don't forget to create reverse zone
-
Scissorfish: Thank you very much - I tried the settings as you suggested and they worked - thanks a lot!
So, just out of curiosity I re-tried these with just the views (which I had not previously needed to define myself in the simple-configuration I had under Linux - so this part was foreign to me). Changing just the Views entry seems to have been the critical piece. I then proceeded to make the other changes you recommended as well, but it seems the key part here was to define the view and associate it to the zones. I did already have a reverse zone defined but didn't list that as I didn't want to give extraneous info.
Again - Thank you very much for your help!