If you’re hobbled by Windows (and ones five years past EOL), I prefer to fire up PowerShell and use Resolve-DnsName. Also include the -DnsOnly flag.
Have you been looking at the BIND logs? Also, a BIND installation isn’t going to mess with resolv.conf. That’s typically managed by the distro’s network configuration management tool, e.g. NetworkManager. On Fri, May 9, 2025 at 8:30 PM <bi...@clearviz.biz> wrote: > >I also suspect it's not BIND, but how the OS is going about resolving > names. > >Test your running BIND by using dig (please, not nslookup) @127.0.0.1 > for domains you think you are having a problem with. > > *Should it be @127.0.0.1 <http://127.0.0.1> or should it be the machine's > IP on which the DNS server is running?* > > >Also check /etc/resolv.conf and see what address(es) is/are listed as > nameservers. > > *The resolv.conf file contains:* > > * nameserver 127.0.0.53* > > * search mydomain.net <http://mydomain.net> (where mydomain is my > actual domain name and not the FQDN of the machine (i.e. > "machine01.mydomain.net <http://machine01.mydomain.net>")). * > > *This was entered by default as BIND was installed. I am wondering if > the "namesever" should be the machine name on which the server is running > and not 127.0.0.53 And I gather the 53 on the end has to do with the port > on which it's listening. I'm not sure if it's correct that the 4th octet is > substituted like that. * > > >Third, use tcpdump to capture port 53. Do this to a file, then look at it > offline in Wireshark. (Michael just beat me to that tip). Check how queries > are arriving into BIND and what it does >with them. Particularly look at > the timings of packets and for errors, such as packet loss or ICMP. > > *I will look into this. I need to learn a little more about tcpdump. I > don't have Wireshark but I'll make do.* > > >A couple of comments about your BIND config: > >1) You don't need "zone "." as root hints have been built into BIND for > many years. If you are global forwarding (also "forward only") then > recursion will never happen, so roots are >irrelevant. > > *OK.* > > >2) BIND will recurse just fine out of the box. You don't need to forward > to Google and Cloudflare at all. > > *So, should I remove the "forwarders" entry? At which resolver server, > then, would it begin the forwarding process?* > > > > On 2025-05-09 18:35, Greg Choules wrote: > > Hi. > I also suspect it's not BIND, but how the OS is going about resolving > names. > Test your running BIND by using dig (please, not nslookup) @127.0.0.1 for > domains you think you are having a problem with. > > Also check /etc/resolv.conf and see what address(es) is/are listed as > nameservers. > > Third, use tcpdump to capture port 53. Do this to a file, then look at it > offline in Wireshark. (Michael just beat me to that tip). Check how queries > are arriving into BIND and what it does with them. Particularly look at the > timings of packets and for errors, such as packet loss or ICMP. > > A couple of comments about your BIND config: > 1) You don't need "zone "." as root hints have been built into BIND for > many years. If you are global forwarding (also "forward only") then > recursion will never happen, so roots are irrelevant. > 2) BIND will recurse just fine out of the box. You don't need to forward > to Google and Cloudflare at all. > > Hope you find that useful. > Cheers, Greg > > On Fri, 9 May 2025 at 23:58, <bi...@clearviz.biz> wrote: > > Howdy all!. My name is Arnold, and I'm new to both Bind9 and to the Bind > user's list. I'm hoping to contribute my findings on the use of Bind9. in > the future but, for now, I need some help in getting my 1st install of Bind > 9.18 performing well. It does run already, but does not perform well at > all. I'll explain. > > > First, a quick bit of history. I run a home network (a full domain > structure) and, for the past 23 years, I ran a server (Windows Server 2003) > as a full Primary Domain Controller in my home network. I ran DHCP, DNS and > AD on that server. It worked great and had extremely fast responses for DNS > forwarding. Very rarely was there ever a failure (i.e. "Site not found" or > "No Internet Access") etc. And it ran great for almost 23 years.... Until > this past Easter Sunday, when it died a nasty hardware death. I deemed it > unworthy of repairing. This because, 2 years ago, I began building two new > mid-tower machines (Intel coreI7 and was going to install Ubuntu Server > (22.04) on one and the 22.04 client on the other. I completed the client > machine and it is up and running perfectly. I held off on the server as my > Win2003 server was still running. But not anymore. > > I resumed the build of the Ubuntu Server (22.04). I installed > ISC-DHCP-Server for DHCP (I know Kea is available but I read where that > needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS server. The DHCP > server is working perfectly. No issues at all. Very happy with it. The > Bind9.18, not so much. BTW, I'll deal with an AD replacement later if at > all (Samba, Kerberos or something similar). > > The following are the behavioral symptoms of the current Bind9.18 install. > > 1. Links/URLs - Links/URLs submitted in a browser (especially a link > not used before or not after a long while) often take a very long time to > render and often fail with a "Can't access that site" or "No Internet > Access" error. if I keep refreshing the same link/URL multiple times, > eventually the webpage will render correctly. And the site will continue to > render correctly as long as I keep it active by clicking other links, etc. > on the page. But once there has been a period of inactivity (usually 1/2 > to 1 hr), it goes back to the original behavior, requiring another cycle of > "refreshes" and "site not found" errors, before it renders correctly again. > That said, I'm starting to see continuity on the URLs/Links I use on a > daily basis (i.e. only once a day). > 2. When using "ping," if I ping the hard IP, it works correctly. If I > use the domain name with Ping, it fails on a "name resolution" error. > However, using "nslookup" with the same domain names does work correctly. > Cannot use traceroute as it is not presently installed and attempting to > install it gives "Temporary failure resolving the ubuntu archive DBs. > 3. Devices that had connected to my Wireless access point (WAP) that > are "DNS dependent" also fail due to "No Internet access," including my > smartphone in Wifi Mode. My phone does not fail when in "5G" mode, but > that's expensive. FTR, my router is "wired" but I have a WAP connected to > it via Ethernet. Devices that connect to it can get DHCP service, but fail > when DNS is attempted. My laptops do not connect via WiFi anymore. I can > get one of my laptops connected if I 'Tether" it to my smartphone while in > "5G" mode. > > All of the above leads me to believe that Bind 9 may not be configured > correctly to allow for the best possible performance/response times by the > forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my > named.conf.options file and .local file. The named.conf file only has > includes for .options and ,local conf files. The .default-zones file is > commented out. > > If you need other info about my configuration and setup, please feel free > to ask and I'll do my best to provide it. > > Thank you all so much and I look forward to learning from you. > > Regards, > Arnold > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
