I also suspect it's not BIND, but how the OS is going about resolving
names.
Test your running BIND by using dig (please, not nslookup) @127.0.0.1
[1] for domains you think you are having a problem with.
Should it be @127.0.0.1 or should it be the machine's IP on which the
DNS server is running?
Also check /etc/resolv.conf and see what address(es) is/are listed as
nameservers.
The resolv.conf file contains:
nameserver 127.0.0.53
search mydomain.net (where mydomain is my actual domain name and
not the FQDN of the machine (i.e. "machine01.mydomain.net")).
This was entered by default as BIND was installed. I am wondering if
the "namesever" should be the machine name on which the server is
running and not 127.0.0.53 And I gather the 53 on the end has to do with
the port on which it's listening. I'm not sure if it's correct that the
4th octet is substituted like that.
Third, use tcpdump to capture port 53. Do this to a file, then look at
it offline in Wireshark. (Michael just beat me to that tip). Check how
queries are arriving into BIND and what it does >with them.
Particularly look at the timings of packets and for errors, such as
packet loss or ICMP.
I will look into this. I need to learn a little more about tcpdump. I
don't have Wireshark but I'll make do.
A couple of comments about your BIND config:
1) You don't need "zone "." as root hints have been built into BIND for
many years. If you are global forwarding (also "forward only") then
recursion will never happen, so roots are >irrelevant.
OK.
2) BIND will recurse just fine out of the box. You don't need to
forward to Google and Cloudflare at all.
So, should I remove the "forwarders" entry? At which resolver server,
then, would it begin the forwarding process?
On 2025-05-09 18:35, Greg Choules wrote:
Hi.
I also suspect it's not BIND, but how the OS is going about resolving
names.
Test your running BIND by using dig (please, not nslookup) @127.0.0.1
[1] for domains you think you are having a problem with.
Also check /etc/resolv.conf and see what address(es) is/are listed as
nameservers.
Third, use tcpdump to capture port 53. Do this to a file, then look at
it offline in Wireshark. (Michael just beat me to that tip). Check how
queries are arriving into BIND and what it does with them. Particularly
look at the timings of packets and for errors, such as packet loss or
ICMP.
A couple of comments about your BIND config:
1) You don't need "zone "." as root hints have been built into BIND for
many years. If you are global forwarding (also "forward only") then
recursion will never happen, so roots are irrelevant.
2) BIND will recurse just fine out of the box. You don't need to
forward to Google and Cloudflare at all.
Hope you find that useful.
Cheers, Greg
On Fri, 9 May 2025 at 23:58, <bi...@clearviz.biz> wrote:
Howdy all!. My name is Arnold, and I'm new to both Bind9 and to the
Bind user's list. I'm hoping to contribute my findings on the use of
Bind9. in the future but, for now, I need some help in getting my 1st
install of Bind 9.18 performing well. It does run already, but does
not perform well at all. I'll explain.
First, a quick bit of history. I run a home network (a full domain
structure) and, for the past 23 years, I ran a server (Windows Server
2003) as a full Primary Domain Controller in my home network. I ran
DHCP, DNS and AD on that server. It worked great and had extremely
fast responses for DNS forwarding. Very rarely was there ever a
failure (i.e. "Site not found" or "No Internet Access") etc. And it
ran great for almost 23 years.... Until this past Easter Sunday, when
it died a nasty hardware death. I deemed it unworthy of repairing.
This because, 2 years ago, I began building two new mid-tower machines
(Intel coreI7 and was going to install Ubuntu Server (22.04) on one
and the 22.04 client on the other. I completed the client machine and
it is up and running perfectly. I held off on the server as my Win2003
server was still running. But not anymore.
I resumed the build of the Ubuntu Server (22.04). I installed
ISC-DHCP-Server for DHCP (I know Kea is available but I read where
that needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS
server. The DHCP server is working perfectly. No issues at all. Very
happy with it. The Bind9.18, not so much. BTW, I'll deal with an AD
replacement later if at all (Samba, Kerberos or something similar).
The following are the behavioral symptoms of the current Bind9.18
install.
* Links/URLs - Links/URLs submitted in a browser (especially a link
not used before or not after a long while) often take a very long time
to render and often fail with a "Can't access that site" or "No
Internet Access" error. if I keep refreshing the same link/URL
multiple times, eventually the webpage will render correctly. And the
site will continue to render correctly as long as I keep it active by
clicking other links, etc. on the page. But once there has been a
period of inactivity (usually 1/2 to 1 hr), it goes back to the
original behavior, requiring another cycle of "refreshes" and "site
not found" errors, before it renders correctly again. That said, I'm
starting to see continuity on the URLs/Links I use on a daily basis
(i.e. only once a day).
* When using "ping," if I ping the hard IP, it works correctly. If I
use the domain name with Ping, it fails on a "name resolution" error.
However, using "nslookup" with the same domain names does work
correctly. Cannot use traceroute as it is not presently installed and
attempting to install it gives "Temporary failure resolving the ubuntu
archive DBs.
* Devices that had connected to my Wireless access point (WAP) that
are "DNS dependent" also fail due to "No Internet access," including
my smartphone in Wifi Mode. My phone does not fail when in "5G" mode,
but that's expensive. FTR, my router is "wired" but I have a WAP
connected to it via Ethernet. Devices that connect to it can get DHCP
service, but fail when DNS is attempted. My laptops do not connect via
WiFi anymore. I can get one of my laptops connected if I 'Tether" it
to my smartphone while in "5G" mode.
All of the above leads me to believe that Bind 9 may not be configured
correctly to allow for the best possible performance/response times by
the forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my
named.conf.options file and .local file. The named.conf file only has
includes for .options and ,local conf files. The .default-zones file
is commented out.
If you need other info about my configuration and setup, please feel
free to ask and I'll do my best to provide it.
Thank you all so much and I look forward to learning from you.
Regards,
Arnold
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Links:
------
[1] http://127.0.0.1
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
