[pfSense] s related to tinydns

Fri, 27 Apr 2012 05:29:08 -0700 

Hi there,
when I fire up svscan on one of my pfsense 2.0.1 boxes, it starts "supervise tinydns" processes. These supervise processes spawn plenty of processes that end up as zombies, each of which dies some seconds. I.e., I have a block of 5-6 <defeunct>s traversing my process list. Constantly. The TinyDNS log in the Web UI looks fine. 


I actually did a ls -ltr /var/log to see whether anything about the 
zombies is written to any of the log files. However, there is nothing.


Is there a way to find out what is going wrong?

TinyDNS appears to be running and respondign ok:


[2.0.1-RELEASE][r...@secgw.pfaf.intra.rsd.ch]/root(173): dig @127.0.0.1 
mach.pfaf.intra.rsd.ch


; <<>> DiG 9.6.2-P2 <<>> @127.0.0.1 mach.pfaf.intra.rsd.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3323
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;mach.pfaf.intra.rsd.ch.        IN      A

;; ANSWER SECTION:
mach.pfaf.intra.rsd.ch. 86400 IN        A       192.168.10.196

;; AUTHORITY SECTION:
pfaf.intra.rsd.ch. 259200 IN    NS      ns.pfaf.intra.rsd.ch.

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 27 14:08:14 2012
;; MSG SIZE  rcvd: 80




I am coming from BIND9, so I've been spoilt with working CNAMEs. 
Somehow TinyDNS appears to have serious trouble with those:



[2.0.1-RELEASE][r...@secgw.pfaf.intra.rsd.ch]/root(175): dig @127.0.0.1 
ns.pfaf.intra.rsd.ch


; <<>> DiG 9.6.2-P2 <<>> @127.0.0.1 ns.pfaf.intra.rsd.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32225
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns.pfaf.intra.rsd.ch.  IN      A

;; ANSWER SECTION:
ns.pfaf.intra.rsd.ch. 86400 IN  CNAME   secgw.pfaf.intra.rsd.ch.

;; AUTHORITY SECTION:
pfaf.intra.rsd.ch. 259200 IN    NS      ns.pfaf.intra.rsd.ch.

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 27 14:11:39 2012
;; MSG SIZE  rcvd: 79



There's an answer to go and check out secgw.pfaf.intra.rsd.ch., but 
it's simply not working:



[2.0.1-RELEASE][r...@secgw.pfaf.intra.rsd.ch]/root(176): ping 
ns.pfaf.intra.rsd.ch

ping: cannot resolve ns.pfaf.intra.rsd.ch: Unknown server error


Here's my zone file as it is shown in the Web UI. Is there some obvious 
mistake that I'm not awar of?:


Record Name                     Record Type     rDNS    Record Data
pfaf.intra.rsd.ch               SOA                     ns.pfaf.intra.rsd.ch.
jupiter.pfaf.intra.rsd.ch       A               on      192.168.10.199
phatmac.pfaf.intra.rsd.ch       A               on      192.168.10.198
pfaf.intra.rsd.ch               MX                      mail.rsd.ch.
smack.pfaf.intra.rsd.ch         A               on      192.168.10.197
mach.pfaf.intra.rsd.ch          A               on      192.168.10.196
micro.pfaf.intra.rsd.ch         A               on      192.168.10.195
nano.pfaf.intra.rsd.ch          A               on      192.168.10.194
dlink-ap1.pfaf.intra.rsd.ch     A               on      192.168.10.249
dlink-ap2.pfaf.intra.rsd.ch     A               on      192.168.10.248
lp1.pfaf.intra.rsd.ch           A               on      192.168.10.229
kvm1.pfaf.intra.rsd.ch          A               on      192.168.10.10
hpsw1.pfaf.intra.rsd.ch         A               on      192.168.10.9
ats1.pfaf.intra.rsd.ch          A               on      192.168.10.3
pdu1.pfaf.intra.rsd.ch          A               on      192.168.10.1
pdu2.pfaf.intra.rsd.ch          A               on      192.168.10.2
secgw.pfaf.intra.rsd.ch         A               on      192.168.10.254
ns.pfaf.intra.rsd.ch            CNAME                   secgw.pfaf.intra.rsd.ch.


I've checked the TinyDNS documentation. There, one can read :"Don't use 
Cfqdn if there are any other records for fqdn. Don't use Cfqdn for 
common aliases; use +fqdn instead. Remember the wise words of Inigo 
Montoya: ``You keep using CNAME records. I do not think they mean what 
you think they mean.'' ".   Honestly, I don't get it. What's so special 
about CANMEs on TinyDNS. I just see them as the equivalent of a Symbolic 
Link in Linux. Am I too naive about this?






On another matter: I've sent a question concerning DNS and pfSense two 
days ago (Title: "DNS internal, caching external & forwarding requests 
to upstream servers. What's the best practice on pfsense 2.0.1?") to 
which I got not a single response. I keep wondering why? Was the 
question stupid? Or should I have sent it elsewhere?: (TinyDNS Forum for 
instance). Or is no one here using a DNS server on pfSense? Too much 
jargon or not enough of it? Break of some netiquette rule that I'm not 
awar of? Please, give me a pointer here and I'll try to improve!



Cheers,
Ray


_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list














    











					Reply via email to