Show Posts
1
Documentation and Translation / os-bind plugin setup - help?
« on: February 28, 2019, 02:05:56 am »
I've had a search about the forum for anything which resembles decent initial installation instructions for the os-bind plugin.
After having installed the plugin you're presented with:
**********************************************************************
* _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
* / _ \ | | | | | _| | \| | | | | | | | | \| | *
* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
* *
* BIND requires configuration of rndc, including a "secret" key. *
* The easiest, and most secure way to configure rndc is to run *
* 'rndc-confgen -a' to generate the proper conf file, with a new *
* random key, and appropriate file permissions. *
* *
* The /usr/local/etc/rc.d/named script will do that for you. *
* *
* If using syslog to log the BIND9 activity, and using a *
* chroot'ed installation, you will need to tell syslog to *
* install a log socket in the BIND9 chroot by running: *
* *
* # sysrc altlog_proglist+=named *
* *
* And then restarting syslogd with: service syslogd restart *
* *
**********************************************************************
Firstly I can't figure out how "The /usr/local/etc/rc.d/named script will do that for you[/size][size=78%]"[/size]
There's no details on how you're supposed to call that script to generate the key.
Thinking that starting the service may generate the necessary files I tried to run that script, but it tells me: Cannot 'start' named. Set named_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
So I add that line to /etc/rc.conf and re-run the script:
./named: ERROR: get_pidfile_from_conf: /usr/local/etc/namedb/named.conf does not exist (named)
Looking in that named.conf file it's completely empty. Thinking that the plugin must have a specific named.conf file I find this one:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf
But this file doesn't seem to be formatted correctly and if I specify it in rc.conf using the named_conf=<blah> than I get the following errors:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf:1: syntax error near '{'
./named: ERROR: named-checkconf for /usr/local/opnsense/service/templates/OPNsense/Bind/named.conf failed
There's also no information on whether the plugin is "using syslog to log the BIND9 activity, and using a chroot'ed installation"
So I can't figure out if this step is needed.
The documentation page at https://wiki.opnsense.org/manual/how-tos/bind.html gives me no information about these initial setup steps.
Has anyone managed to get this plugin working as advertised? Can you give me some hints?
thanks,
Mike
After having installed the plugin you're presented with:
**********************************************************************
* _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
* / _ \ | | | | | _| | \| | | | | | | | | \| | *
* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
* *
* BIND requires configuration of rndc, including a "secret" key. *
* The easiest, and most secure way to configure rndc is to run *
* 'rndc-confgen -a' to generate the proper conf file, with a new *
* random key, and appropriate file permissions. *
* *
* The /usr/local/etc/rc.d/named script will do that for you. *
* *
* If using syslog to log the BIND9 activity, and using a *
* chroot'ed installation, you will need to tell syslog to *
* install a log socket in the BIND9 chroot by running: *
* *
* # sysrc altlog_proglist+=named *
* *
* And then restarting syslogd with: service syslogd restart *
* *
**********************************************************************
Firstly I can't figure out how "The /usr/local/etc/rc.d/named script will do that for you[/size][size=78%]"[/size]
There's no details on how you're supposed to call that script to generate the key.
Thinking that starting the service may generate the necessary files I tried to run that script, but it tells me: Cannot 'start' named. Set named_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
So I add that line to /etc/rc.conf and re-run the script:
./named: ERROR: get_pidfile_from_conf: /usr/local/etc/namedb/named.conf does not exist (named)
Looking in that named.conf file it's completely empty. Thinking that the plugin must have a specific named.conf file I find this one:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf
But this file doesn't seem to be formatted correctly and if I specify it in rc.conf using the named_conf=<blah> than I get the following errors:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf:1: syntax error near '{'
./named: ERROR: named-checkconf for /usr/local/opnsense/service/templates/OPNsense/Bind/named.conf failed
There's also no information on whether the plugin is "using syslog to log the BIND9 activity, and using a chroot'ed installation"
So I can't figure out if this step is needed.
The documentation page at https://wiki.opnsense.org/manual/how-tos/bind.html gives me no information about these initial setup steps.
Has anyone managed to get this plugin working as advertised? Can you give me some hints?
thanks,
Mike