I noted that it appears your internal network is 123.123.123.0/24. This
ip range is assigned globally to a Chinese ISP. This may not be a good
idea.
I agree that using forwarding is not necessary and may introduce some
issues.
And yes, you need to stop using nslookup and use dig instead.
In DHCP, what do you have configured for your client's DNS servers?
Lyle Giese
On 5/9/25 17:58, bi...@clearviz.biz wrote:
Howdy all!. My name is Arnold, and I'm new to both Bind9 and to the
Bind user's list. I'm hoping to contribute my findings on the use of
Bind9. in the future but, for now, I need some help in getting my 1st
install of Bind 9.18 performing well. It does run already, but does
not perform well at all. I'll explain.
First, a quick bit of history. I run a home network (a full domain
structure) and, for the past 23 years, I ran a server (Windows Server
2003) as a full Primary Domain Controller in my home network. I ran
DHCP, DNS and AD on that server. It worked great and had extremely
fast responses for DNS forwarding. Very rarely was there ever a
failure (i.e. "Site not found" or "No Internet Access") etc. And it
ran great for almost 23 years.... Until this past Easter Sunday, when
it died a nasty hardware death. I deemed it unworthy of repairing.
This because, 2 years ago, I began building two new mid-tower machines
(Intel coreI7 and was going to install Ubuntu Server (22.04) on one
and the 22.04 client on the other. I completed the client machine and
it is up and running perfectly. I held off on the server as my Win2003
server was still running. But not anymore.
I resumed the build of the Ubuntu Server (22.04). I installed
ISC-DHCP-Server for DHCP (I know Kea is available but I read where
that needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS
server. The DHCP server is working perfectly. No issues at all. Very
happy with it. The Bind9.18, not so much. BTW, I'll deal with an AD
replacement later if at all (Samba, Kerberos or something similar).
The following are the behavioral symptoms of the current Bind9.18 install.
1. Links/URLs - Links/URLs submitted in a browser (especially a link
not used before or not after a long while) often take a very long
time to render and often fail with a "Can't access that site" or
"No Internet Access" error. if I keep refreshing the same link/URL
multiple times, eventually the webpage will render correctly. And
the site will continue to render correctly as long as I keep it
active by clicking other links, etc. on the page. But once there
has been a period of inactivity (usually 1/2 to 1 hr), it goes
back to the original behavior, requiring another cycle of
"refreshes" and "site not found" errors, before it renders
correctly again. That said, I'm starting to see continuity on the
URLs/Links I use on a daily basis (i.e. only once a day).
2. When using "ping," if I ping the hard IP, it works correctly. If I
use the domain name with Ping, it fails on a "name resolution"
error. However, using "nslookup" with the same domain names does
work correctly. Cannot use traceroute as it is not presently
installed and attempting to install it gives "Temporary failure
resolving the ubuntu archive DBs.
3. Devices that had connected to my Wireless access point (WAP) that
are "DNS dependent" also fail due to "No Internet access,"
including my smartphone in Wifi Mode. My phone does not fail when
in "5G" mode, but that's expensive. FTR, my router is "wired"
but I have a WAP connected to it via Ethernet. Devices that
connect to it can get DHCP service, but fail when DNS is
attempted. My laptops do not connect via WiFi anymore. I can get
one of my laptops connected if I 'Tether" it to my smartphone
while in "5G" mode.
All of the above leads me to believe that Bind 9 may not be configured
correctly to allow for the best possible performance/response times by
the forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my
named.conf.options file and .local file. The named.conf file only has
includes for .options and ,local conf files. The .default-zones file
is commented out.
If you need other info about my configuration and setup, please feel
free to ask and I'll do my best to provide it.
Thank you all so much and I look forward to learning from you.
Regards,
Arnold
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
