Re: [pfSense] bind rules

2016-09-22 Thread Satish Patel
I would prefer you use BIND9 ACL instead of iptables. see this video
for more details: https://www.youtube.com/watch?v=s3VXLIXGazM

On Thu, Sep 22, 2016 at 6:43 PM, Pol Hallen  wrote:
> Hi all :-)
>
> I need to create some rules to allow BIND internal server network makes
> recursive queries: I've iptables rules but I've some problem with PF :-(
>
> Can someone "transalte" these rules to pfsense?
>
> for processing DNS queries:
>
> iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> and for sendind responses back to client
>
> iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state
> --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state
> --state NEW,ESTABLISHED -j ACCEPT
>
> thanks for help!
>
> Pol
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind rules

2016-09-22 Thread Ivo Tonev
Action = PASS
Interface = LAN
Address Family = IPv4 + IPv6
Protocol = TCP/UDP
Destination Port Range = DNS

On Thu, Sep 22, 2016 at 7:43 PM, Pol Hallen 
wrote:

> Hi all :-)
>
> I need to create some rules to allow BIND internal server network makes
> recursive queries: I've iptables rules but I've some problem with PF :-(
>
> Can someone "transalte" these rules to pfsense?
>
> for processing DNS queries:
>
> iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> and for sendind responses back to client
>
> iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state
> --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state
> --state NEW,ESTABLISHED -j ACCEPT
>
> thanks for help!
>
> Pol
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] bind rules

2016-09-22 Thread Pol Hallen

Hi all :-)

I need to create some rules to allow BIND internal server network makes 
recursive queries: I've iptables rules but I've some problem with PF :-(


Can someone "transalte" these rules to pfsense?

for processing DNS queries:

iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state 
NEW,ESTABLISHED -j ACCEPT


and for sendind responses back to client

iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state 
--state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state 
--state NEW,ESTABLISHED -j ACCEPT


thanks for help!

Pol
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind domain specific forwarder

2016-09-22 Thread Melvin
What you're trying to accomplish is something we commonly do with conditional 
forwarders, but they would forward all requests to a specific domain so 
site1... and site2... would have to be separate domains.  I don't use bind to 
do that personally but I would assume it has that capability. Perhaps that will 
at least give you the proper search terms to find more info.



On Sep 22, 2016, 15:58, at 15:58, Steve Yates  wrote:
>I don't know if you need forwarding for this.  Can you just add an NS
>record to the example.com zone for site2.example.com pointing to
>10.0.10.1 (well, a hostname that points to that IP)?
>
>--
>
>Steve Yates
>ITS, Inc.
>
>-Original Message-
>From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish
>Patel
>Sent: Thursday, September 22, 2016 2:54 PM
>To: pfSense Support and Discussion Mailing List
>
>Subject: [pfSense] bind domain specific forwarder
>
>I have two office connected over VPN, and both sites has own bind
>running in Pfsense. now i site1 client can resolve their DNS entries
>but i want site1/2 both can resolve each other entires. in short i want
>to tell DNS if you see site2.example.com then forward that query to
>site2 DNS server.  I have tired couple of stuff but didn't work. I have
>disabled DNS resolver/ DNS forwarder services. I am only using bind
>server, it has enable DNS Forwarding but if do that it didn't start my
>bind service.
>
>
>site1 ---VPN-site2
>
>
>I want something like this in bind but don't know how do i add this?
>
>zone "site2.example.com" IN {
>type forward;
>forwarders {
>10.0.10.1;
>};
>};
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] bind domain specific forwarder

2016-09-22 Thread Satish Patel
what is i have multiple domain like  example.com, foo.com & bar.com
which is not available on site1 but they are on site2

On Thu, Sep 22, 2016 at 4:01 PM, Steve Yates  wrote:
> I don't know if you need forwarding for this.  Can you just add an NS record 
> to the example.com zone for site2.example.com pointing to 10.0.10.1 (well, a 
> hostname that points to that IP)?
>
> --
>
> Steve Yates
> ITS, Inc.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel
> Sent: Thursday, September 22, 2016 2:54 PM
> To: pfSense Support and Discussion Mailing List 
> Subject: [pfSense] bind domain specific forwarder
>
> I have two office connected over VPN, and both sites has own bind running in 
> Pfsense. now i site1 client can resolve their DNS entries but i want site1/2 
> both can resolve each other entires. in short i want to tell DNS if you see 
> site2.example.com then forward that query to site2 DNS server.  I have tired 
> couple of stuff but didn't work. I have disabled DNS resolver/ DNS forwarder 
> services. I am only using bind server, it has enable DNS Forwarding but if do 
> that it didn't start my bind service.
>
>
> site1 ---VPN-site2
>
>
> I want something like this in bind but don't know how do i add this?
>
> zone "site2.example.com" IN {
> type forward;
> forwarders {
> 10.0.10.1;
> };
> };
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Mailing List Posts from Non-Members

2016-09-22 Thread Ryan Coleman
Yay! You mean when I send from the wrong address it will just reject? WOOHOO!


:)


> On Sep 22, 2016, at 11:50 AM, Jim Pingle  wrote:
> 
> Hello,
> 
> Lately the mailing list moderation queues have been overrun with a large
> volume of spam on a daily basis. To make it easier on the list admins,
> we have changed the default list policy to discard messages from
> non-members on all of our lists rather than holding them for manual
> moderation.
> 
> The change should not impact many people because only on rare occasions,
> usually once a month or less, would someone post a message without being
> a list member. We had to manually look for and approve such requests
> among the thousands of spam messages in the queues.
> 
> If you want to post from multiple addresses, you can subscribe from the
> additional addresses and set the alternate addresses to "nomail" that
> way you won't receive multiple copies of the list mail but it can still
> post. The same procedure can be used for an address where the sender
> does not want to receive the list by e-mail, but follows the list using
> the list's web archive and occasionally wants to post.
> 
> You can change your mailing list subscription options or sign up your
> other addresses from the list management pages, such as
> https://lists.pfsense.org/mailman/listinfo/list
> 
> Thanks!
> 
> Jim P.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind domain specific forwarder

2016-09-22 Thread Steve Yates
I don't know if you need forwarding for this.  Can you just add an NS record to 
the example.com zone for site2.example.com pointing to 10.0.10.1 (well, a 
hostname that points to that IP)?

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel
Sent: Thursday, September 22, 2016 2:54 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] bind domain specific forwarder

I have two office connected over VPN, and both sites has own bind running in 
Pfsense. now i site1 client can resolve their DNS entries but i want site1/2 
both can resolve each other entires. in short i want to tell DNS if you see 
site2.example.com then forward that query to site2 DNS server.  I have tired 
couple of stuff but didn't work. I have disabled DNS resolver/ DNS forwarder 
services. I am only using bind server, it has enable DNS Forwarding but if do 
that it didn't start my bind service.


site1 ---VPN-site2


I want something like this in bind but don't know how do i add this?

zone "site2.example.com" IN {
type forward;
forwarders {
10.0.10.1;
};
};
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] bind domain specific forwarder

2016-09-22 Thread Satish Patel
I have two office connected over VPN, and both sites has own bind
running in Pfsense. now i site1 client can resolve their DNS entries
but i want site1/2 both can resolve each other entires. in short i
want to tell DNS if you see site2.example.com then forward that query
to site2 DNS server.  I have tired couple of stuff but didn't work. I
have disabled DNS resolver/ DNS forwarder services. I am only using
bind server, it has enable DNS Forwarding but if do that it didn't
start my bind service.


site1 ---VPN-site2


I want something like this in bind but don't know how do i add this?

zone "site2.example.com" IN {
type forward;
forwarders {
10.0.10.1;
};
};
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind DNS question

2016-09-22 Thread Steve Yates
It will eventually be stored in the .db but not immediately.

http://serverfault.com/questions/560326/ddns-bind-and-leftover-jnl-files

Before you get worried about the question, read comment "...even if the change 
is only in the jnl file, it should always resolve correctly."

Also, " Restarting named will flush updated data from .jnl files back to the 
zone file."

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel
Sent: Thursday, September 22, 2016 1:55 PM
To: m...@fuckaround.org; pfSense Support and Discussion Mailing List 

Subject: Re: [pfSense] bind DNS question

Does that means dynamic update will stored in Journal file right? it won't be 
visible in Zone.DB file

On Thu, Sep 22, 2016 at 2:35 PM, Pol Hallen  wrote:
>> Does dynamic DNS stored in .jnl file?
>
>
> It's a journal file: The journal file is used not only for replaying 
> updates not yet committed in the zone file, but also to provide the 
> data for incremental zone transfers (IXFR).
>
> Pol
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind DNS question

2016-09-22 Thread Satish Patel
Does that means dynamic update will stored in Journal file right? it
won't be visible in Zone.DB file

On Thu, Sep 22, 2016 at 2:35 PM, Pol Hallen  wrote:
>> Does dynamic DNS stored in .jnl file?
>
>
> It's a journal file: The journal file is used not only for replaying updates
> not yet committed in the zone file, but also to provide the data for
> incremental zone transfers (IXFR).
>
> Pol
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind DNS question

2016-09-22 Thread Pol Hallen

Does dynamic DNS stored in .jnl file?


It's a journal file: The journal file is used not only for replaying 
updates not yet committed in the zone file, but also to provide the data 
for incremental zone transfers (IXFR).


Pol
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] bind DNS question

2016-09-22 Thread Satish Patel
I have setting up DHCP/DDNS on pfsense and its working fine but i am
seeing two file in DNS directory at /cf/named/

example.com.DB
example.com.jnl

Whenever DHCP gives new IP to client it send hostname to DDNS for
register but i am not seeing that entry in example.com.DB zone file.
Does dynamic DNS stored in .jnl file?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] Fuera de Oficina / Out of Office

2016-09-22 Thread Javier Lagarejo

Muchas gracias por su correo.

Por periodo vacacional, permaneceré fuera de la oficina hasta el próximo 26 de 
Septiembre del 2016, será un placer poder atenderles de nuevo a partir de esta 
fecha. Por favor, para temas relacionados con soporte enviar un correo a la 
siguiente dirección: sopo...@adderglobal.com y le darán contestación a la mayor 
brevedad posible.

Saludos cordiales,

Thank you very much for your e-mail.

I will be out of the office until 26Th of June. After that, I will be glad to 
assist you again. For matter related with support please contact with 
Department in the following e-mail: sopo...@adderglobal.com and they will get 
in contact with you as soon as possible.

Best Regards,

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Mailing List Posts from Non-Members

2016-09-22 Thread Jim Pingle
Hello,

Lately the mailing list moderation queues have been overrun with a large
volume of spam on a daily basis. To make it easier on the list admins,
we have changed the default list policy to discard messages from
non-members on all of our lists rather than holding them for manual
moderation.

The change should not impact many people because only on rare occasions,
usually once a month or less, would someone post a message without being
a list member. We had to manually look for and approve such requests
among the thousands of spam messages in the queues.

If you want to post from multiple addresses, you can subscribe from the
additional addresses and set the alternate addresses to "nomail" that
way you won't receive multiple copies of the list mail but it can still
post. The same procedure can be used for an address where the sender
does not want to receive the list by e-mail, but follows the list using
the list's web archive and occasionally wants to post.

You can change your mailing list subscription options or sign up your
other addresses from the list management pages, such as
https://lists.pfsense.org/mailman/listinfo/list

Thanks!

Jim P.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold