Howdy all!. My name is Arnold, and I'm new to both Bind9 and to the
Bind user's list. I'm hoping to contribute my findings on the use of
Bind9. in the future but, for now, I need some help in getting my 1st
install of Bind 9.18 performing well. It does run already, but does not
perform well at all. I'll explain.
First, a quick bit of history. I run a home network (a full domain
structure) and, for the past 23 years, I ran a server (Windows Server
2003) as a full Primary Domain Controller in my home network. I ran
DHCP, DNS and AD on that server. It worked great and had extremely fast
responses for DNS forwarding. Very rarely was there ever a failure (i.e.
"Site not found" or "No Internet Access") etc. And it ran great for
almost 23 years.... Until this past Easter Sunday, when it died a nasty
hardware death. I deemed it unworthy of repairing. This because, 2 years
ago, I began building two new mid-tower machines (Intel coreI7 and was
going to install Ubuntu Server (22.04) on one and the 22.04 client on
the other. I completed the client machine and it is up and running
perfectly. I held off on the server as my Win2003 server was still
running. But not anymore.
I resumed the build of the Ubuntu Server (22.04). I installed
ISC-DHCP-Server for DHCP (I know Kea is available but I read where that
needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS server. The
DHCP server is working perfectly. No issues at all. Very happy with it.
The Bind9.18, not so much. BTW, I'll deal with an AD replacement
later if at all (Samba, Kerberos or something similar).
The following are the behavioral symptoms of the current Bind9.18
install.
* Links/URLs - Links/URLs submitted in a browser (especially a link
not used before or not after a long while) often take a very long time
to render and often fail with a "Can't access that site" or "No Internet
Access" error. if I keep refreshing the same link/URL multiple times,
eventually the webpage will render correctly. And the site will continue
to render correctly as long as I keep it active by clicking other links,
etc. on the page. But once there has been a period of inactivity
(usually 1/2 to 1 hr), it goes back to the original behavior, requiring
another cycle of "refreshes" and "site not found" errors, before it
renders correctly again. That said, I'm starting to see continuity on
the URLs/Links I use on a daily basis (i.e. only once a day).
* When using "ping," if I ping the hard IP, it works correctly. If I
use the domain name with Ping, it fails on a "name resolution" error.
However, using "nslookup" with the same domain names does work
correctly. Cannot use traceroute as it is not presently installed and
attempting to install it gives "Temporary failure resolving the ubuntu
archive DBs.
* Devices that had connected to my Wireless access point (WAP) that
are "DNS dependent" also fail due to "No Internet access," including my
smartphone in Wifi Mode. My phone does not fail when in "5G" mode, but
that's expensive. FTR, my router is "wired" but I have a WAP connected
to it via Ethernet. Devices that connect to it can get DHCP service, but
fail when DNS is attempted. My laptops do not connect via WiFi anymore.
I can get one of my laptops connected if I 'Tether" it to my smartphone
while in "5G" mode.
All of the above leads me to believe that Bind 9 may not be configured
correctly to allow for the best possible performance/response times by
the forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my
named.conf.options file and .local file. The named.conf file only has
includes for .options and ,local conf files. The .default-zones file is
commented out.
If you need other info about my configuration and setup, please feel
free to ask and I'll do my best to provide it.
Thank you all so much and I look forward to learning from you.
Regards,
Arnold
//
//
// Named Config Options
//
//
acl allow_list {
123.123.123.0/24;
localhost;
localnets;
};
options {
listen-on port 53 { 123.123.123.10; 127.0.0.1; };
listen-on-v6 { ::1; };
directory "/var/cache/bind";
dump-file "/var/cache/bind/data/cache_dump.db";
Statistics-file "/var/cache/bind/data/named_stats.txt";
memstatistics-file "/var/cache/bind/data/named_mem_stats.txt";
secroots-file "/var/cache/bind/data/named.secroots";
recursing-file "/var/cache/bind/data/named.recursing";
allow-query { allow_list; };
allow-query-cache { allow_list; };
recursion yes;
allow-recursion { allow_list; };
# dnssec-enable yes; <---- commented out
# dnssec-validation yes; <---- commented out
# managed-keys-directory "/var/named/dynamic"; <---- commented out
pid-file "/run/named/named.pid
# session-keyfile "run/named/session-key"; <--- commented out
# include "/etc/crypto/-policies/back-ends/bind.config"; <--- commented out
forwwarders {
8.8.8.8;
1.1.1.1;
};
forward only;
dnssec-validation no;
};
// End of Options
logging {
channel named {file "named.log" versions 10 side 40m; severity info; };
channel security {file "security.log" versions 10 side 40m; severity info; };
channel ratelimit {file "ratelimit.log" versions 10 side 40m; severity info; };
channel query_log {file "query.log" versions 10 side 40m; severity info; };
channel xfer {file "transfer.log" versions 10 side 40m; severity info; };
channel update {file "update.log" versions 10 side 40m; severity info; };
channel resolver {file "resolver.log" versions 10 side 40m; severity info; };
category default { default_syslog; named; };
category general { default_syslog; named; };
category security { security; };
category queries { query_log; };
category config { default_syslog; named; };
category network { default_syslog; named; };
category rate-limit { ratelimit; };
category zoneload { default_syslog; named; };
category xfer-in { default_syslog; xfer; };
category xfer-out { default_syslog; xfer; };
category notify { default_syslog; xfer; };
category update-security { default_syslog; update; };
category update { default_syslog; update; };
};
// End of Logging
zone "." {
type hint;
file "named.ca";
};
// end of zone "."
#include "etc/named.rfc1912.zones"; <----- commented out
#include "etc/named.root.key"; <----- Commented out
// End of File
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
