os-bind plugin setup - help?

[mikestalen]

I've had a search about the forum for anything which resembles decent initial installation instructions for the os-bind plugin.

After having installed the plugin you're presented with:
**********************************************************************
*            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
*           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
*          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
*         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
*        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
*                                                                    *
*   BIND requires configuration of rndc, including a "secret" key.   *
*    The easiest, and most secure way to configure rndc is to run    *
*   'rndc-confgen -a' to generate the proper conf file, with a new   *
*            random key, and appropriate file permissions.           *
*                                                                    *
*     The /usr/local/etc/rc.d/named script will do that for you.     *
*                                                                    *
*      If using syslog to log the BIND9 activity, and using a        *
*     chroot'ed installation, you will need to tell syslog to        *
*       install a log socket in the BIND9 chroot by running:         *
*                                                                    *
*            # sysrc altlog_proglist+=named                          *
*                                                                    *
*    And then restarting syslogd with: service syslogd restart       *
*                                                                    *
**********************************************************************


Firstly I can't figure out how "The /usr/local/etc/rc.d/named script will do that for you[/size][size=78%]"[/size]
There's no details on how you're supposed to call that script to generate the key.


Thinking that starting the service may generate the necessary files I tried to run that script, but it tells me: Cannot 'start' named. Set named_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.


So I add that line to /etc/rc.conf and re-run the script:
./named: ERROR: get_pidfile_from_conf: /usr/local/etc/namedb/named.conf does not exist (named)


Looking in that named.conf file it's completely empty. Thinking that the plugin must have a specific named.conf file I find this one:
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf


But this file doesn't seem to be formatted correctly and if I specify it in rc.conf using the named_conf=<blah> than I get the following errors:

/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf:1: syntax error near '{'
./named: ERROR: named-checkconf for /usr/local/opnsense/service/templates/OPNsense/Bind/named.conf failed




There's also no information on whether the plugin is "using syslog to log the BIND9 activity, and using a chroot'ed installation"
So I can't figure out if this step is needed.


The documentation page at https://wiki.opnsense.org/manual/how-tos/bind.html gives me no information about these initial setup steps.


Has anyone managed to get this plugin working as advertised? Can you give me some hints?


thanks,
Mike

[mimugmail]

This hopefully still fits:

https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

I probably extend the official doc when I find time ..