My Introduction and current issues -

bind9 at clearviz.biz bind9 at clearviz.biz
Sat May 10 03:29:52 UTC 2025 

> I also suspect it's not BIND, but how the OS is going about resolving 
> names.
> Test your running BIND by using dig (please, not nslookup) @127.0.0.1 
> [1] for domains you think you are having a problem with.

Should it be @127.0.0.1 or should it be the machine's IP on which the 
DNS server is running?

> Also check /etc/resolv.conf and see what address(es) is/are listed as 
> nameservers.

The resolv.conf file contains:

       nameserver 127.0.0.53

       search mydomain.net   (where mydomain is my actual domain name and 
not the FQDN of the machine (i.e. "machine01.mydomain.net")).

This was entered by default as BIND was installed.   I am wondering if 
the "namesever" should be the machine name on which the server is 
running and not 127.0.0.53 And I gather the 53 on the end has to do with 
the port on which it's listening. I'm not sure if it's correct that the 
4th octet is substituted like that.

> Third, use tcpdump to capture port 53. Do this to a file, then look at 
> it offline in Wireshark. (Michael just beat me to that tip). Check how 
> queries are arriving into BIND and what it does >with them. 
> Particularly look at the timings of packets and for errors, such as 
> packet loss or ICMP.

I will look into this. I need to learn a little more about tcpdump.   I 
don't have Wireshark but I'll make do.

> A couple of comments about your BIND config:
> 1) You don't need "zone "." as root hints have been built into BIND for 
> many years. If you are global forwarding (also "forward only") then 
> recursion will never happen, so roots are >irrelevant.

OK.

> 2) BIND will recurse just fine out of the box. You don't need to 
> forward to Google and Cloudflare at all.

So, should I remove the "forwarders" entry?  At which resolver server, 
then, would it begin the forwarding process?

On 2025-05-09 18:35, Greg Choules wrote:

> Hi.
> I also suspect it's not BIND, but how the OS is going about resolving 
> names.
> Test your running BIND by using dig (please, not nslookup) @127.0.0.1 
> [1] for domains you think you are having a problem with.
> 
> Also check /etc/resolv.conf and see what address(es) is/are listed as 
> nameservers.
> 
> Third, use tcpdump to capture port 53. Do this to a file, then look at 
> it offline in Wireshark. (Michael just beat me to that tip). Check how 
> queries are arriving into BIND and what it does with them. Particularly 
> look at the timings of packets and for errors, such as packet loss or 
> ICMP.
> 
> A couple of comments about your BIND config:
> 1) You don't need "zone "." as root hints have been built into BIND for 
> many years. If you are global forwarding (also "forward only") then 
> recursion will never happen, so roots are irrelevant.
> 2) BIND will recurse just fine out of the box. You don't need to 
> forward to Google and Cloudflare at all.
> 
> Hope you find that useful.
> Cheers, Greg
> 
> On Fri, 9 May 2025 at 23:58, <bind9 at clearviz.biz> wrote:
> 
>> Howdy all!.   My name is Arnold, and I'm new to both Bind9 and to the 
>> Bind user's list. I'm hoping to contribute my findings on the use of 
>> Bind9. in the future but, for now, I need some help in getting my 1st 
>> install of Bind 9.18 performing well. It does run already, but does 
>> not perform well at all. I'll explain.
>> 
>> First, a quick bit of history. I run a home network (a full domain 
>> structure) and, for the past 23 years, I ran a server (Windows Server 
>> 2003) as a full Primary Domain Controller in my home network. I ran 
>> DHCP, DNS and AD on that server. It worked great and had extremely 
>> fast responses for DNS forwarding. Very rarely was there ever a 
>> failure (i.e. "Site not found" or "No Internet Access") etc. And it 
>> ran great for almost 23 years.... Until this past Easter Sunday, when 
>> it died a nasty hardware death. I deemed it unworthy of repairing. 
>> This because, 2 years ago, I began building two new mid-tower machines 
>> (Intel coreI7 and was going to install Ubuntu Server (22.04) on one 
>> and the 22.04 client on  the other. I completed the client machine and 
>> it is up and running perfectly. I held off on the server as my Win2003 
>> server was still running. But not anymore.
>> 
>> I resumed the build of the Ubuntu Server (22.04). I installed 
>> ISC-DHCP-Server for DHCP (I know Kea is available but I read where 
>> that needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS 
>> server. The DHCP server is working perfectly.  No issues at all. Very 
>> happy with it.  The Bind9.18, not so much.   BTW, I'll deal with an AD 
>> replacement later if at all (Samba, Kerberos or something similar).
>> 
>> The following are the behavioral symptoms of the current Bind9.18 
>> install.
>> 
>> * Links/URLs -  Links/URLs submitted in a browser (especially a link 
>> not used before or not after a long while) often take a very long time 
>> to render and often fail with a "Can't access that site" or "No 
>> Internet Access" error. if I keep refreshing the same link/URL 
>> multiple times, eventually the webpage will render correctly. And the 
>> site will continue to render correctly as long as I keep it active by 
>> clicking other links, etc. on the page.  But once there has been a 
>> period of inactivity (usually 1/2 to 1 hr), it goes back to the 
>> original behavior, requiring another cycle of "refreshes" and "site 
>> not found" errors, before it renders correctly again. That said, I'm 
>> starting to see continuity on the URLs/Links I use on a daily basis 
>> (i.e. only once a day).
>> * When using "ping," if I ping the hard IP, it works correctly. If I 
>> use the domain name with Ping, it fails on a "name resolution" error. 
>> However, using "nslookup" with the same domain names does work 
>> correctly. Cannot use traceroute as it is not presently installed and 
>> attempting to install it gives "Temporary failure resolving the ubuntu 
>> archive DBs.
>> * Devices that had connected to my Wireless access point (WAP) that 
>> are "DNS dependent" also fail due to "No Internet access," including 
>> my smartphone in Wifi Mode. My phone does not fail when in "5G" mode, 
>> but that's expensive.   FTR, my router is "wired" but I have a WAP 
>> connected to it via Ethernet. Devices that connect to it can get DHCP 
>> service, but fail when DNS is attempted. My laptops do not connect via 
>> WiFi anymore. I can get one of my laptops connected if I 'Tether" it 
>> to my smartphone while in "5G" mode.
>> 
>> All of the above leads me to believe that Bind 9 may not be configured 
>> correctly to allow for the best possible performance/response times by 
>> the forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my 
>> named.conf.options file and .local file. The named.conf file only has 
>> includes for .options and ,local conf files.  The .default-zones file 
>> is commented out.
>> 
>> If you need other info about my configuration and setup, please feel 
>> free to ask and I'll do my best to provide it.
>> 
>> Thank you all so much and I look forward to learning from you.
>> 
>> Regards,
>> Arnold
>> 
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
>> from this list
>> 
>> ISC funds the development of this software with paid support 
>> subscriptions. Contact us at https://www.isc.org/contact/ for more 
>> information.
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users



Links:
------
[1] http://127.0.0.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250509/712d3ded/attachment.htm>

More information about the bind-users mailing list