Re: [pfSense] bind rules
I would prefer you use BIND9 ACL instead of iptables. see this video for more details: https://www.youtube.com/watch?v=s3VXLIXGazM On Thu, Sep 22, 2016 at 6:43 PM, Pol Hallen wrote: > Hi all :-) > > I need to create some rules to allow BIND internal server network makes > recursive queries: I've iptables rules but I've some problem with PF :-( > > Can someone "transalte" these rules to pfsense? > > for processing DNS queries: > > iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state > NEW,ESTABLISHED -j ACCEPT > iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state > NEW,ESTABLISHED -j ACCEPT > > and for sendind responses back to client > > iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state > --state NEW,ESTABLISHED -j ACCEPT > iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state > --state NEW,ESTABLISHED -j ACCEPT > > thanks for help! > > Pol > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind rules
Action = PASS Interface = LAN Address Family = IPv4 + IPv6 Protocol = TCP/UDP Destination Port Range = DNS On Thu, Sep 22, 2016 at 7:43 PM, Pol Hallen wrote: > Hi all :-) > > I need to create some rules to allow BIND internal server network makes > recursive queries: I've iptables rules but I've some problem with PF :-( > > Can someone "transalte" these rules to pfsense? > > for processing DNS queries: > > iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state > NEW,ESTABLISHED -j ACCEPT > iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state > NEW,ESTABLISHED -j ACCEPT > > and for sendind responses back to client > > iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state > --state NEW,ESTABLISHED -j ACCEPT > iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state > --state NEW,ESTABLISHED -j ACCEPT > > thanks for help! > > Pol > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- Ivo R. Tonev +55 61 98409-2642 i...@tonev.com.br ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] bind rules
Hi all :-) I need to create some rules to allow BIND internal server network makes recursive queries: I've iptables rules but I've some problem with PF :-( Can someone "transalte" these rules to pfsense? for processing DNS queries: iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT and for sendind responses back to client iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT thanks for help! Pol ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind domain specific forwarder
Found Solution: (it works) Pfsense > Services > BIND DNS Server > View (Custom Options) zone "site2.example.com" IN { type forward; forwarders { 10.0.10.1; }; }; zone "foo.example.com" IN { type forward; forwarders { 10.0.10.1; }; }; On Thu, Sep 22, 2016 at 5:30 PM, Melvin wrote: > What you're trying to accomplish is something we commonly do with conditional > forwarders, but they would forward all requests to a specific domain so > site1... and site2... would have to be separate domains. I don't use bind to > do that personally but I would assume it has that capability. Perhaps that > will at least give you the proper search terms to find more info. > > > > On Sep 22, 2016, 15:58, at 15:58, Steve Yates wrote: >>I don't know if you need forwarding for this. Can you just add an NS >>record to the example.com zone for site2.example.com pointing to >>10.0.10.1 (well, a hostname that points to that IP)? >> >>-- >> >>Steve Yates >>ITS, Inc. >> >>-Original Message- >>From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish >>Patel >>Sent: Thursday, September 22, 2016 2:54 PM >>To: pfSense Support and Discussion Mailing List >> >>Subject: [pfSense] bind domain specific forwarder >> >>I have two office connected over VPN, and both sites has own bind >>running in Pfsense. now i site1 client can resolve their DNS entries >>but i want site1/2 both can resolve each other entires. in short i want >>to tell DNS if you see site2.example.com then forward that query to >>site2 DNS server. I have tired couple of stuff but didn't work. I have >>disabled DNS resolver/ DNS forwarder services. I am only using bind >>server, it has enable DNS Forwarding but if do that it didn't start my >>bind service. >> >> >>site1 ---VPN-site2 >> >> >>I want something like this in bind but don't know how do i add this? >> >>zone "site2.example.com" IN { >>type forward; >>forwarders { >>10.0.10.1; >>}; >>}; >>___ >>pfSense mailing list >>https://lists.pfsense.org/mailman/listinfo/list >>Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind domain specific forwarder
What you're trying to accomplish is something we commonly do with conditional forwarders, but they would forward all requests to a specific domain so site1... and site2... would have to be separate domains. I don't use bind to do that personally but I would assume it has that capability. Perhaps that will at least give you the proper search terms to find more info. On Sep 22, 2016, 15:58, at 15:58, Steve Yates wrote: >I don't know if you need forwarding for this. Can you just add an NS >record to the example.com zone for site2.example.com pointing to >10.0.10.1 (well, a hostname that points to that IP)? > >-- > >Steve Yates >ITS, Inc. > >-Original Message- >From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish >Patel >Sent: Thursday, September 22, 2016 2:54 PM >To: pfSense Support and Discussion Mailing List > >Subject: [pfSense] bind domain specific forwarder > >I have two office connected over VPN, and both sites has own bind >running in Pfsense. now i site1 client can resolve their DNS entries >but i want site1/2 both can resolve each other entires. in short i want >to tell DNS if you see site2.example.com then forward that query to >site2 DNS server. I have tired couple of stuff but didn't work. I have >disabled DNS resolver/ DNS forwarder services. I am only using bind >server, it has enable DNS Forwarding but if do that it didn't start my >bind service. > > >site1 ---VPN-site2 > > >I want something like this in bind but don't know how do i add this? > >zone "site2.example.com" IN { >type forward; >forwarders { >10.0.10.1; >}; >}; >___ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind domain specific forwarder
what is i have multiple domain like example.com, foo.com & bar.com which is not available on site1 but they are on site2 On Thu, Sep 22, 2016 at 4:01 PM, Steve Yates wrote: > I don't know if you need forwarding for this. Can you just add an NS record > to the example.com zone for site2.example.com pointing to 10.0.10.1 (well, a > hostname that points to that IP)? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel > Sent: Thursday, September 22, 2016 2:54 PM > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] bind domain specific forwarder > > I have two office connected over VPN, and both sites has own bind running in > Pfsense. now i site1 client can resolve their DNS entries but i want site1/2 > both can resolve each other entires. in short i want to tell DNS if you see > site2.example.com then forward that query to site2 DNS server. I have tired > couple of stuff but didn't work. I have disabled DNS resolver/ DNS forwarder > services. I am only using bind server, it has enable DNS Forwarding but if do > that it didn't start my bind service. > > > site1 ---VPN-site2 > > > I want something like this in bind but don't know how do i add this? > > zone "site2.example.com" IN { > type forward; > forwarders { > 10.0.10.1; > }; > }; > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Mailing List Posts from Non-Members
Yay! You mean when I send from the wrong address it will just reject? WOOHOO! :) > On Sep 22, 2016, at 11:50 AM, Jim Pingle wrote: > > Hello, > > Lately the mailing list moderation queues have been overrun with a large > volume of spam on a daily basis. To make it easier on the list admins, > we have changed the default list policy to discard messages from > non-members on all of our lists rather than holding them for manual > moderation. > > The change should not impact many people because only on rare occasions, > usually once a month or less, would someone post a message without being > a list member. We had to manually look for and approve such requests > among the thousands of spam messages in the queues. > > If you want to post from multiple addresses, you can subscribe from the > additional addresses and set the alternate addresses to "nomail" that > way you won't receive multiple copies of the list mail but it can still > post. The same procedure can be used for an address where the sender > does not want to receive the list by e-mail, but follows the list using > the list's web archive and occasionally wants to post. > > You can change your mailing list subscription options or sign up your > other addresses from the list management pages, such as > https://lists.pfsense.org/mailman/listinfo/list > > Thanks! > > Jim P. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind domain specific forwarder
I don't know if you need forwarding for this. Can you just add an NS record to the example.com zone for site2.example.com pointing to 10.0.10.1 (well, a hostname that points to that IP)? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel Sent: Thursday, September 22, 2016 2:54 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] bind domain specific forwarder I have two office connected over VPN, and both sites has own bind running in Pfsense. now i site1 client can resolve their DNS entries but i want site1/2 both can resolve each other entires. in short i want to tell DNS if you see site2.example.com then forward that query to site2 DNS server. I have tired couple of stuff but didn't work. I have disabled DNS resolver/ DNS forwarder services. I am only using bind server, it has enable DNS Forwarding but if do that it didn't start my bind service. site1 ---VPN-site2 I want something like this in bind but don't know how do i add this? zone "site2.example.com" IN { type forward; forwarders { 10.0.10.1; }; }; ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] bind domain specific forwarder
I have two office connected over VPN, and both sites has own bind running in Pfsense. now i site1 client can resolve their DNS entries but i want site1/2 both can resolve each other entires. in short i want to tell DNS if you see site2.example.com then forward that query to site2 DNS server. I have tired couple of stuff but didn't work. I have disabled DNS resolver/ DNS forwarder services. I am only using bind server, it has enable DNS Forwarding but if do that it didn't start my bind service. site1 ---VPN-site2 I want something like this in bind but don't know how do i add this? zone "site2.example.com" IN { type forward; forwarders { 10.0.10.1; }; }; ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind DNS question
It will eventually be stored in the .db but not immediately. http://serverfault.com/questions/560326/ddns-bind-and-leftover-jnl-files Before you get worried about the question, read comment "...even if the change is only in the jnl file, it should always resolve correctly." Also, " Restarting named will flush updated data from .jnl files back to the zone file." -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel Sent: Thursday, September 22, 2016 1:55 PM To: m...@fuckaround.org; pfSense Support and Discussion Mailing List Subject: Re: [pfSense] bind DNS question Does that means dynamic update will stored in Journal file right? it won't be visible in Zone.DB file On Thu, Sep 22, 2016 at 2:35 PM, Pol Hallen wrote: >> Does dynamic DNS stored in .jnl file? > > > It's a journal file: The journal file is used not only for replaying > updates not yet committed in the zone file, but also to provide the > data for incremental zone transfers (IXFR). > > Pol ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind DNS question
Does that means dynamic update will stored in Journal file right? it won't be visible in Zone.DB file On Thu, Sep 22, 2016 at 2:35 PM, Pol Hallen wrote: >> Does dynamic DNS stored in .jnl file? > > > It's a journal file: The journal file is used not only for replaying updates > not yet committed in the zone file, but also to provide the data for > incremental zone transfers (IXFR). > > Pol > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bind DNS question
Does dynamic DNS stored in .jnl file? It's a journal file: The journal file is used not only for replaying updates not yet committed in the zone file, but also to provide the data for incremental zone transfers (IXFR). Pol ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] bind DNS question
I have setting up DHCP/DDNS on pfsense and its working fine but i am seeing two file in DNS directory at /cf/named/ example.com.DB example.com.jnl Whenever DHCP gives new IP to client it send hostname to DDNS for register but i am not seeing that entry in example.com.DB zone file. Does dynamic DNS stored in .jnl file? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Fuera de Oficina / Out of Office
Muchas gracias por su correo. Por periodo vacacional, permaneceré fuera de la oficina hasta el próximo 26 de Septiembre del 2016, será un placer poder atenderles de nuevo a partir de esta fecha. Por favor, para temas relacionados con soporte enviar un correo a la siguiente dirección: sopo...@adderglobal.com y le darán contestación a la mayor brevedad posible. Saludos cordiales, Thank you very much for your e-mail. I will be out of the office until 26Th of June. After that, I will be glad to assist you again. For matter related with support please contact with Department in the following e-mail: sopo...@adderglobal.com and they will get in contact with you as soon as possible. Best Regards, ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Mailing List Posts from Non-Members
Hello, Lately the mailing list moderation queues have been overrun with a large volume of spam on a daily basis. To make it easier on the list admins, we have changed the default list policy to discard messages from non-members on all of our lists rather than holding them for manual moderation. The change should not impact many people because only on rare occasions, usually once a month or less, would someone post a message without being a list member. We had to manually look for and approve such requests among the thousands of spam messages in the queues. If you want to post from multiple addresses, you can subscribe from the additional addresses and set the alternate addresses to "nomail" that way you won't receive multiple copies of the list mail but it can still post. The same procedure can be used for an address where the sender does not want to receive the list by e-mail, but follows the list using the list's web archive and occasionally wants to post. You can change your mailing list subscription options or sign up your other addresses from the list management pages, such as https://lists.pfsense.org/mailman/listinfo/list Thanks! Jim P. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold