pfSense Gold Subscription

Author Topic: RFC2136 Server Setup How-to  (Read 17531 times)

0 Members and 1 Guest are viewing this topic.

Offline luciano_frc

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +0/-1
    • View Profile
Re: RFC2136 Server Setup How-to
« Reply #15 on: February 25, 2017, 05:13:04 pm »
Hello, I'm trying to enable RFC2136
But I followed the tutorial and am having the following error

Code: [Select]
Feb 25 19:56:29 ns php-fpm[72872]: /services_rfc2136_edit.php: The command '/usr/local/bin/nsupdate -k /var/etc/K0domain.net.+157+00000.key -v /var/etc/nsupdatecmds0' returned exit code '134', the output was '; Communication with 177.177.177.70#53 failed: operation canceled name.c:1014: REQUIRE((__builtin_expect(!!((source) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(source))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n')))), 1))) failed, back trace #0 0xa8567f33 in ??'
Feb 25 19:56:29 ns kernel: pid 94766 (nsupdate), uid 0: exited on signal 6 (core dumped)
Feb 25 19:56:29 ns php-fpm[72872]: /services_rfc2136_edit.php: phpDynDNS: ERROR while updating IP Address (A) for domain.net (177.177.177.70)

I also tried it in another way by using a script to just update my Zone A with my external iP
Using nsupdate however I get the declined error

Code: [Select]
Sending update to 172.16.0.1#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  34415
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
;; ZONE SECTION:
;domain.net. IN SOA

;; UPDATE SECTION:
domain.net. 0 ANY A
domain.net. 30 IN A 172.16.0.48

;; TSIG PSEUDOSECTION:
172.16.0.1. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1488057940 300 16 lUuMfR2HVuCcC7A== 34415 NOERROR 0


Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  34415
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;domain.net. IN SOA

;; TSIG PSEUDOSECTION:
172.16.0.1. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1488057940 300 17g+7Cw== 34415 NOERROR 0


Offline jahonix

  • Hero Member
  • *****
  • Posts: 2433
  • Karma: +145/-14
  • volunteer since 2006
    • View Profile
Re: RFC2136 Server Setup How-to
« Reply #16 on: February 26, 2017, 12:49:26 pm »
domain.net is probably not your URL and 172.16.0.1 is a private IP (RFC1918).
If, for whatever reason, you don't want your public URL known here then use  example.com  as placeholder. This way we know you're not putting rubbish in those fields.

Since your public IP changes (you wouldn't use a DynDNS service otherwise) just use your current IP; alternatively use an IP from TEST-NET-2 198.51.100.0/24  (RFC5737)
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline drakonstein

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: RFC2136 Server Setup How-to
« Reply #17 on: June 03, 2017, 03:06:53 pm »
I'm using a different DNS server that I love, but that hasn't been updated in 7 years, mydns-ng.  It has support for RFC2136, but I'm having some problems connecting pfsense to it.  A DNS request is coming into the DNS server, but it isn't what I would expect it to be.  It's just checking the SOA for the zone, but then not trying to update the A record.  I very much think it's something I'm just doing wrong by misunderstanding one of the fields.  In particular the 'key' field in pfsense.  There is no matching field in mydns that I can find, so I'm not certain what to put there.

When I try to use nsupdate from the CLI, I get errors from the dns server that I'm not authenticated, but pfsense never goes far enough to receive that failure.  Does anyone have any insights or suggestions for me? 

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: RFC2136 Server Setup How-to
« Reply #18 on: June 03, 2017, 05:49:17 pm »
You have some logs as showed above ?