OPNsense Forum
English Forums => Documentation and Translation => Topic started by: mikestalen on February 28, 2019, 02:05:56 am
-
I've had a search about the forum for anything which resembles decent initial installation instructions for the os-bind plugin.
After having installed the plugin you're presented with:
**********************************************************************
* _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
* / _ \ | | | | | _| | \| | | | | | | | | \| | *
* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
* *
* BIND requires configuration of rndc, including a "secret" key. *
* The easiest, and most secure way to configure rndc is to run *
* 'rndc-confgen -a' to generate the proper conf file, with a new *
* random key, and appropriate file permissions. *
* *
* The /usr/local/etc/rc.d/named script will do that for you. *
* *
* If using syslog to log the BIND9 activity, and using a *
* chroot'ed installation, you will need to tell syslog to *
* install a log socket in the BIND9 chroot by running: *
* *
* # sysrc altlog_proglist+=named *
* *
* And then restarting syslogd with: service syslogd restart *
* *
**********************************************************************
Firstly I can't figure out how "The /usr/local/etc/rc.d/named script will do that for you[/size][size=78%]"[/size]
There's no details on how you're supposed to call that script to generate the key.
Thinking that starting the service may generate the necessary files I tried to run that script, but it tells me: Cannot 'start' named. Set named_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
So I add that line to /etc/rc.conf and re-run the script:
./named: ERROR: get_pidfile_from_conf: /usr/local/etc/namedb/named.conf does not exist (named)
Looking in that named.conf file it's completely empty. Thinking that the plugin must have a specific named.conf file I find this one:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf
But this file doesn't seem to be formatted correctly and if I specify it in rc.conf using the named_conf=<blah> than I get the following errors:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf:1: syntax error near '{'
./named: ERROR: named-checkconf for /usr/local/opnsense/service/templates/OPNsense/Bind/named.conf failed
There's also no information on whether the plugin is "using syslog to log the BIND9 activity, and using a chroot'ed installation"
So I can't figure out if this step is needed.
The documentation page at https://wiki.opnsense.org/manual/how-tos/bind.html gives me no information about these initial setup steps.
Has anyone managed to get this plugin working as advertised? Can you give me some hints?
thanks,
Mike
-
This hopefully still fits:
https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/
I probably extend the official doc when I find time ..