Well, let's put it this way. I have been monitoring the logs
(/var/log/syslog in particular) as well as the separate logs I created
(named.log and query.log). I'm getting a lot of "Connection refused"
errors and a lot of "SERVFAIL" errors in named.log for various sites. I
don't know if the query.log has "all' the queries in it,but it's a very
large log file, second only to /var/log/syslog. When I try to do "apt
install" to install packages on the server itself, I'm getting a lot of
red "E" errors as it can't seem to find the appropriate ubuntu archive
sites in which to extract the packages. They won't install. I'll try
using "dig" on those sites to see if it's a specific issue with them.
On 2025-05-09 23:22, Eric wrote:
Based on that I'm pretty confident you can remove this as being a
general DNS server issue.
I would not attempt to even change the configuration in bind at this
point as to not introduce more potential changes into your env as doing
those tests will have mostly validated the DNS server is working as
expected.
If you can query out from the bind server, and your clients can query
it without an issue I would be looking into other network connectivity
issues that could be going on.
Could be a variety of issues like if you are using a local proxy, IP
conflicts, browser settings using https for dns, isp issues?
The errors, and behavior you are describing doesn't stick out to me and
a "dns issue".
May 9, 2025 11:06:08 PM bi...@clearviz.biz:
From the instance with bind running, can you query both your defined
forwarders? Does it work consistently for a variety of domains?
dig @1.1.1.1 isc.org
dig @8.8.8.8 isc.org
Yes, it does. The above two commands work as well as several other
domains I tried, and the response has been immediate.
From the clients can you use nslookup or dig to query the bind
instance directly by specifying the ip and get consistent resolution
from it for different names?
Yes. From my Windows 7 desktop client I use the "Command Prompt" with
"nslookup" and get perfect and immediate results by specifying my DNS
server's hard IP. Furthermore, I ran the same command with no server
specified and it defaulted to my server's BIND instance and gave the
same immediate results. Unfortunately, I do not have "dig" on my
Windows7 clients.
Have you validated the DNS server IPs that are assigned to the clients
have the correct IP(s) set for the bind server?
Yes, they all do. They are set to the machine's IP on which the DNS
instance is running.
Are you sure there is only 1 dhcp service active on the network? Is
the WAP doing dhcp as well and giving conflicting options maybe?
Yes, there is only one (1). The WAP is not capable of performing DHCP
service. It only passes through requests to the DHCP server on my
machine. I can verify this by examining the list of active leases on my
DHCP server.
On 2025-05-09 18:33, Eric wrote:
I get a feeling this is going to be less of a bind issue, and more so
some other configuration issue(s).
From the instance with bind running, can you query both your defined
forwarders? Does it work consistently for a variety of domains?
dig @1.1.1.1 isc.org
dig @8.8.8.8 isc.org
From the clients can you use nslookup or dig to query the bind instance
directly by specifying the ip and get consistent resolution from it for
different names?
Have you validated the DNS server IPs that are assigned to the clients
have the correct IP(s) set for the bind server?
Is the browser using the OS settings for dns, or are they trying to do
DNS over https directly out to the Internet to other dns servers?
Are you sure there is only 1 dhcp service active on the network? Is the
WAP doing dhcp as well and giving conflicting options maybe?
May 9, 2025 6:58:47 PM bi...@clearviz.biz:
Howdy all!. My name is Arnold, and I'm new to both Bind9 and to the
Bind user's list. I'm hoping to contribute my findings on the use of
Bind9. in the future but, for now, I need some help in getting my 1st
install of Bind 9.18 performing well. It does run already, but does not
perform well at all. I'll explain.
First, a quick bit of history. I run a home network (a full domain
structure) and, for the past 23 years, I ran a server (Windows Server
2003) as a full Primary Domain Controller in my home network. I ran
DHCP, DNS and AD on that server. It worked great and had extremely fast
responses for DNS forwarding. Very rarely was there ever a failure
(i.e. "Site not found" or "No Internet Access") etc. And it ran great
for almost 23 years.... Until this past Easter Sunday, when it died a
nasty hardware death. I deemed it unworthy of repairing. This because,
2 years ago, I began building two new mid-tower machines (Intel coreI7
and was going to install Ubuntu Server (22.04) on one and the 22.04
client on the other. I completed the client machine and it is up and
running perfectly. I held off on the server as my Win2003 server was
still running. But not anymore.
I resumed the build of the Ubuntu Server (22.04). I installed
ISC-DHCP-Server for DHCP (I know Kea is available but I read where that
needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS server. The
DHCP server is working perfectly. No issues at all. Very happy with
it. The Bind9.18, not so much. BTW, I'll deal with an AD replacement
later if at all (Samba, Kerberos or something similar).
The following are the behavioral symptoms of the current Bind9.18
install.
* Links/URLs - Links/URLs submitted in a browser (especially a link
not used before or not after a long while) often take a very long time
to render and often fail with a "Can't access that site" or "No
Internet Access" error. if I keep refreshing the same link/URL multiple
times, eventually the webpage will render correctly. And the site will
continue to render correctly as long as I keep it active by clicking
other links, etc. on the page. But once there has been a period of
inactivity (usually 1/2 to 1 hr), it goes back to the original
behavior, requiring another cycle of "refreshes" and "site not found"
errors, before it renders correctly again. That said, I'm starting to
see continuity on the URLs/Links I use on a daily basis (i.e. only once
a day).
* When using "ping," if I ping the hard IP, it works correctly. If I
use the domain name with Ping, it fails on a "name resolution" error.
However, using "nslookup" with the same domain names does work
correctly. Cannot use traceroute as it is not presently installed and
attempting to install it gives "Temporary failure resolving the ubuntu
archive DBs.
* Devices that had connected to my Wireless access point (WAP) that are
"DNS dependent" also fail due to "No Internet access," including my
smartphone in Wifi Mode. My phone does not fail when in "5G" mode, but
that's expensive. FTR, my router is "wired" but I have a WAP
connected to it via Ethernet. Devices that connect to it can get DHCP
service, but fail when DNS is attempted. My laptops do not connect via
WiFi anymore. I can get one of my laptops connected if I 'Tether" it to
my smartphone while in "5G" mode.
All of the above leads me to believe that Bind 9 may not be configured
correctly to allow for the best possible performance/response times by
the forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my
named.conf.options file and .local file. The named.conf file only has
includes for .options and ,local conf files. The .default-zones file
is commented out.
If you need other info about my configuration and setup, please feel
free to ask and I'll do my best to provide it.
Thank you all so much and I look forward to learning from you.
Regards,
Arnold
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
