MikeL's FreeBSD howto - named

Some useful testing tools:
dnssy.com (seems to be broken today 20200428)
ultratools.com (only for speed test)
Note that all these tests have been bitching at me that TCP is not accepted. I finally looked at this closely. I have two twin servers, one at home on a DSL, the other co-lo'd at a high speed location. The latter was allowing DNS TCP, the former was not. This means it's my modem... Sure enough, added a rule to allow TCP port 53 to my DSL modem and all was well.


Was getting Unable to fetch DNSKEY set '.': timed out in /var/log/messages soon after bootup. Google search said to add "-4" to named_flags in rc.conf, assuming it was related to starting up ipv6 even though I have no ipv6 interface defined. Tried this, nope, no difference.

Messed with adding dnssec-enable no; to named.conf, nope just got an error about that being obsolete.

Tried adding managed-keys-directory "/etc/namedb/";. Also had to do a touch managed-keys.bind. It did get rid of the previous error, but now I'm getting "unable to synchronize managed keys" and "failed to initialize managed-keys". I guess that's progress, but I'm not going to pursue at this time. Removed directives and file.


When I did a pkg update recently, it ended with a comment that Bind9 was deprecated and needs to be upgraded soon. I did:
service named stop
pkg delete bin914
pkg install bin916
All appears to have gone well -- however...
service named start
is not found. Merde.
Tried calling out the service script directly:
/usr/local/etc/rc.d/named start
WARNING: failed to start named
tail /var/log/messages
  named[27147]: could not get query source dispatcher (
  named[27147]: loading configuration: address in use
  named[27147]: exiting (due to fatal error)
I checked for old named process running with ps ax | grep named -- nope. Tried netstat -Lan | grep 53 -- still nope. Rebooted just in case there was something still silently hanging in there, nope.
Went in to /etc/namedb/named.conf and commented out the line:
      query-source address port 53;
This fixed it. I don't have any explanation, this is the address it should be using. I've checked from outside the domain, and the server is answering -- no explanation...

I'm getting logspam like the following:
  named[537]: DNS format error from a.b.c.d#53 resolving some.bogus.domainname/A: too many questions
  named[537]: DNS format error from a.b.c.d#53 resolving some.bogus.domainname/AAAA: non-improving referral
  named[537]: DNS format error from a.b.c.d#53 resolving some.bogus.domainname/AAAA: Name bogus.domainname (SOA) not subdomain of zone some.bogus.domainname -- invalid response
These may be real issues, but they're not my issues -- they are not under my control, I cannot fix them (their sysadmins are idiots or oblivious).

Some Google searching and reading man pages tells me to add:
logging {
    category lame-servers { null; };
    category edns-disabled { null; };
    category resolver { null; };

to the /etc/named.conf.options file. If you don't already have this file (I didn't), you can scrounge a copy from the Ports tree - find the version you have installed, copy the sample file into place and make the above change.


I think I finally got rid of that dang blasted "working directory is not writable" error...

chown bind /var/named/etc/namedb

Copyright © 1995-2023 Mike Lempriere (running on host pedicel)