BIND Package (or similar functioning authoritative DNS server)
-
Great job on the 2.3 release ! Any plans to re-include BIND as a DNS server package ? What other alternatives exist in 2.3 to run an authoritative DNS server as a slave to a remote BIND (or possible other DNS server) master ?
-
I am excited to try out the new interface. It looks great, but I need to wait until I can find a way to host my secondary DNS on my router. It is a great way to get some redundancy and my primary is BIND, so that would be the easiest answer.
May try to play with building it myself, but not sure I'll have the time any time soon. -
How can we get someone to take up the BIND package and convert it? I won't be able to upgrade without support for an authoritative DNS server that supports DNSSEC and IPv6.
-
It looks like the problem is that there was no one to rewrite BIND's admin pages into new Bootstrap Framework. I believe doktornotor had been responsible for the BIND package in the past. At least I saw his name on the GIT repository.
I suspect if we want BIND back, one of us will have to become responsible for those admin pages. It'd also be nice to have some docs attached to the "?" button. It took me a bit of thrashing around, and finding 2-year-old posts here on the forums, to get it going. Real docs for BIND through pfSense's GUI would have rocked.
User jwt hinted that someday they will eliminate PHP. So the interface will need a major rewrite again. Whoever volunteers to support BIND can't do it once and throw it over the fence.
-
If I were any good at coding I would volunteer. The BIND package has been really great to have and it would be a shame if it were abandoned.
-
I'm considering it.
I haven't actually seen any of the GUI source code (I believe that's the bulk of the development effort), but I know PHP quite well, and other web tech like CSS and the lot. Haven't used GIT, at least not effectively. And I'm an absolute newbe with BIND. But what the heck. I'll need to figure out the old GUI framework and the new. I get the feeling it's more than just a template change.
The biggest problem is getting an effective test bed. I've got this ancient 1U system I should have tossed years ago, and I dug it out of my closet. Single-core P3 at 1.whatever GHz, a tiny bit of ram, and six 100 Mbps Ethernet ports. Might work, but I remember it runs hot. I should fire it up and see what's what.
-
You would be my hero! Even if the UI was nothing more than a big textarea where I could paste in the zone definition files that would cover the bulk of the functionality. I'm not sure what coding would be involved with getting DNSSEC to work, but it's already there in the old format so surely that would help as a guide.
-
Converting the old to the new was my thought too.
In other news I fired up my ancient box and it booted into CentOS. 1.0 GHz P-III, 1/2 GB RAM, and PS2 interface. Fortunately it can see the keyboard through USB, but not the CD drive. I vaguely remember it uses parallel ATA for storage. I don't even know if I have a working CD drive with parallel ATA.
Perhaps I can run pfSense through VirtualBox on my Mac. Kind of inconvenient for shoving and filtering packets, but I can diddle the GUI at least.
-
Converting the old to the new was my thought too.
I might be able to help you with this, if you need any.
I don't have the time to take on ownership of this long term, but happy to give some time to get it working again on 2.3Cheers - Callan
-
I need this one for upgrade, too.
What is the progress on BIND package conversion to 2.3 and what can I do to help?
-
We are working on it.
Stay tuned.
Best
SvenVoleatech
pfSense Select Partner -
Looking forward to test !
-
As I also depend on running bind on the pfsense box, l'm happy to help in anyway that I can, with testing, further donations, etc.
-
me too!
Is there a bounty we can donate to?
-
Hi,
no need for a donation or bounty.
We might require testing, I will write an update by the end of the week about it.
Best
SvenVoleatech
pfSense Select Partner -
I will be one of your tester.
-
Hi everyone,
so the pull request is out (https://github.com/pfsense/FreeBSD-ports/pull/134).
If you want to test the bind package, feedback is welcome:
https://owncloud.voleatech.de/index.php/s/DUo0JQDp7Rs87kf
You need to download both packages, copy them over to the pfSense.
Login via SSH and then add them with:pkg add pfsense-bind910-9.10.3P4.txz
pkg add pfSense-pkg-bind-9.10_7.txzthe order is important here.
Also make sure to disable unbound or any other DNS server before starting bind.
Otherwise the port is blocked.Best
SvenVoleatech
pfSense Select Partner -
I would like to test bind package, however:
pkg add pfsense-bind910-9.10.3P4.txz Installing pfsense-bind910-9.10.3P4... pkg: wrong architecture: FreeBSD:10:amd64 instead of FreeBSD:10:i386 Failed to install the following 1 package(s): pfsense-bind910-9.10.3P4.txzI have tried downloading bind99-9.9.8P4.txz from http://pkg.pfsense.org/orig-pfSense_v2_3_1_i386-pfSense_v2_3_1/All/, but I get the following error:
pkg add bind99-9.9.8P4.txz Installing bind99-9.9.8P4... pkg: bind99-9.9.8P4 conflicts with bind-tools-9.10.3P4 (installs files into the same place). Problematic file: /usr/local/bin/dig Failed to install the following 1 package(s): bind99-9.9.8P4.txzIf i try to remove problematic package, pfSense reports it will remove bind-tools-9.10.3P4 and pfSense-2.3.1, which I am not sure I want to do…
Is it possible to get bind9.10 i386 packages?
Thanks!
-
Hi,
the bind package from us is a different one than the bind package you are using.
Thats why it is labeled pfsense-bind, to avoid the problem you encountered.Unfortunately we do not have a i386 development environment for this.
I can send you the code if you like?
Otherwise the package should be merged soon.Best
SvenVoleatech
pfSense Select Partner -
First, I wanted to say thank you for providing this. Since BIND is what I'm most familiar with, I was disappointed when pfSense discontinued the package in the 2.3.0 branch. However, so far this has worked as a great drop-in replacement for the previous BIND package.
I can confirm the following with regards to my setup:
-
All my data from the previous package was maintained. For me, that includes settings (some custom), zones, ACLs, and views.
-
Dynamic updates from DHCP are working.
-
I'm able to add and remove records to zones through the GUI.
-
All queries are working, including zone transfers.
-
RNDC commands from the CLI are working.
I did have two issues, but nothing major.
-
My main forward zone complained that it was unable to load initially. It complained of the error: named[69987]: general: error: zone "$MYDOMAIN"/IN/default: journal rollforward failed: not exact However, deleting the .jnl file for the zone resolved the issue. I'm not sure if that was an issue with this package or the actual zone.
-
I don't seem to be able to uncheck "Enable BIND DNS server", it will complain with the error: The following input errors were detected:
The field Enable BIND is required.
However, for me, those are relatively minor. Thank you again for providing this!
-
