Project

General

Profile

Actions
Copy link

Bug #12869

closed

Bind DNS Package AAAA filtering Broken on new ZFS Installs

Added by Dean Weimer about 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
BIND
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

Reference this older bug for some background (#10413)

This breaks again in newer installs with zfs file systems due to the pfSense/cf exec property being set to off. It can be worked around by using

zfs set exec=on pfSense/cf

however a more specific fix should probably be done to not undue the security reason that the pfSense/cf exec property was set to off.

This effects version 2.5.2 and 2.6.0 that I know of, may effect older versions installed on ZFS as well.

Related issues

Related to Bug #10413: BIND plugins are not copied into chrootResolvedRenato Botelho04/02/2020

Actions
Related to Regression #13002: BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory changeResolvedViktor Gurov

Actions
Actions
Copy link
 #2

Updated by Viktor Gurov about 2 years ago

  • Related to Bug #10413: BIND plugins are not copied into chroot added
Actions
Copy link
 #3

Updated by Viktor Gurov about 2 years ago

  • Assignee set to Viktor Gurov
  • Affected Version deleted (2.5.2)
Actions
Copy link
 #4

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #5

Updated by Viktor Gurov about 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions
Copy link
 #6

Updated by Viktor Gurov about 2 years ago

cherry-picked to 22.01/2.6

Actions
Copy link
 #8

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #9

Updated by Viktor Gurov about 2 years ago

  • Status changed from Pull Request Review to Feedback

Merged to devel and 22.01/2.6

Actions
Copy link
 #10

Updated by Viktor Gurov about 2 years ago

  • Related to Regression #13002: BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change added
Actions
Copy link
 #11

Updated by Danilo Zrenjanin over 1 year ago

  • Status changed from Feedback to Resolved

Tested:

22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE

bind

9.16_17

It looks good:

Jul 29 08:53:38     named     40891     generating session key for dynamic DNS
Jul 29 08:53:38     named     40891     sizing zone task pool based on 1 zones
Jul 29 08:53:38     named     40891     using built-in root key for view aaa
Jul 29 08:53:38     named     40891     set up managed keys zone for view aaa, file 'aaa.mkeys'
Jul 29 08:53:38     named     40891     loading plugin '/usr/local/lib/named/filter-aaaa.so'
Jul 29 08:53:38     named     40891     registering plugin '/usr/local/lib/named/filter-aaaa.so'
Jul 29 08:53:38     named     40891     registering 'filter-aaaa' module from /etc/namedb/named.conf:34, with parameters
Jul 29 08:53:38     named     40891     command channel listening on 127.0.0.1#8953

Ticket resolved.

Actions
Copy link

Also available in: Atom PDF