OS-BiND create wrong master zone files

[Carsten99]

Hello,

I am new with opnsense since a few days.  I am using OPNsense 22.1.1_1-amd64.

I try to configure my network with this great software.

I tried to configure the os-bind plugin without unbound dns.

I create a slave zone from Windows DC which works well.

But my master zones does not work. The Zone can not be loaded:

I created a zone called work.local
17-Feb-2022 18:35:58.413 zoneload: error: zone work.local/IN: not loaded due to errors.
17-Feb-2022 18:35:58.413 zoneload: error: zone work.local/IN: has no NS records

Reason being:
The file work.local.db from system:

$TTL 86400
@       IN      SOA    localhost. root.fw2. ( 2202171810 21600 3600 3542400 3600 )
fw1                A 192.168.17.11
sep                A 192.168.17.33

And this created file is not correct.

The correct file would look like:
$TTL 86400
@       IN      SOA    localhost. root.fw2. ( 2202171810 21600 3600 3542400 3600 )

                IN NS localhost.

fw1              IN  A 192.168.17.11
sep              IN  A 192.168.17.33


Can this be modified in Filesystem as workaround?

Can this be solved? Or did I something wrong?

Thanks for your feedback
best regards
Carsten

[mimugmail]

You need to create a NS record pointing to bind IP

[Carsten99]

Hi,

thanks but this does not change anything.

$TTL 86400
@       IN      SOA    localhost. root.fw2. ( 2202171924 21600 3600 3542400 3600
 )
fw1                A 192.168.17.11
fw1                NS 192.168.17.11
sep                A 192.168.17.33

FW1 is the Nameserver itself.

any further hints, or did i something wrong?

regards
carsten

[mimugmail]

Leave fw1 field in NS record empty

[Carsten99]

Hi,

got i running.

Set the Type for NS to localhost.

Now my config look like:

$TTL 86400
@       IN      SOA    localhost. root.fw2. ( 2202181037 21600 3600 3542400 3600 )
                NS localhost.
fw1                A 192.168.17.11
sep                A 192.168.17.33


thanks
regards
carsten

[Carsten99]

Hello,

I got the Master Zone running. Perfekt. Thanks

Now i faced the problem, that I does not find any possibility to define and maintain reverse zone.
I have different IP Zones and I want to have IP to Name resolution.

How the dns reverse zones can be defined?

thanks
regards
carsten

[mimugmail]

like any other zone with the correct labeling I'd guess.
Just have a look at bind docs how a reverse zone looks like

[Carsten99]

Hi,

thanks.

But I have to manual create and maintain the file itself?

By the GUI it will not be created and maintained (filled with new Hosts)?

If I create a new host via GUI and I have to go to the ssh shell and do it manual for the reverse zone?

Thanks
regards
carsten

[5SpeedFun]

If this is all for internal hosts, you might want to use unbound.  It has options for registering dhcpv4 registrations in DNS, and IIRC it does reverse as well!

Say you have a server with a static ip that is in your vlan that has dhcp.  You can leave it static, and give it a reservation and unbound should take care of forward/reverse as long as you check the box in unbound to grab info from DHCP.

Bind is a lot more complicated.  I use bind for publicly facing servers/zones, and all my internal stuff is unbound.  It works fairly well.

[Carsten99]

Hi,

thanks.

I will try unbound out.
Otherwise I will deinstall the plugin and install bind itself.
I saw it is possible

thanks
regards
carsten

[mimugmail]

You can remove the plugin and do the rest via CLI-only:

pkg install bind9

But, honestly, setting up an RLZ is the same as a normal zone, you only need to know how to use it in bind.
Name of the zone:
zone "64.24.81.in-addr.arpa"

content:
the NS record and PTR records for reverse.

[Carsten99]

Hi,

and the "GUI" will fill the NS and PTR in the RLZ File?

regards
carsten

[Patrick M. Hausen]

No. You fill the NS and PTR records in the UI.

[Carsten99]

Sorry to be silly. I was lost somewhere.

I understand.

I create new Zone as reverse zone, it is only a Name which has to follow the rule.

And inside I put a ns and PTR.


Thanks, i will check it out tomorrow.

regards
carsten

[Carsten99]

Hi,

thanks.

It works.

Regards
Carsten