My Introduction and current issues -

Crist Clark cjc+bind-users at pumpky.net
Sat May 10 03:47:15 UTC 2025 

If you’re hobbled by Windows (and ones five years past EOL), I prefer to
fire up PowerShell and use Resolve-DnsName. Also include the -DnsOnly flag.

Have you been looking at the BIND logs?

Also, a BIND installation isn’t going to mess with resolv.conf. That’s
typically managed by the distro’s network configuration management tool,
e.g. NetworkManager.

On Fri, May 9, 2025 at 8:30 PM <bind9 at clearviz.biz> wrote:

> >I also suspect it's not BIND, but how the OS is going about resolving
> names.
> >Test your running BIND by using dig (please, not nslookup) @127.0.0.1
> for domains you think you are having a problem with.
>
> *Should it be @127.0.0.1 <http://127.0.0.1> or should it be the machine's
> IP on which the DNS server is running?*
>
> >Also check /etc/resolv.conf and see what address(es) is/are listed as
> nameservers.
>
> *The resolv.conf file contains:*
>
> *      nameserver 127.0.0.53*
>
> *      search mydomain.net <http://mydomain.net>   (where mydomain is my
> actual domain name and not the FQDN of the machine (i.e.
> "machine01.mydomain.net <http://machine01.mydomain.net>")).   *
>
> *This was entered by default as BIND was installed.   I am wondering if
> the "namesever" should be the machine name on which the server is running
> and not 127.0.0.53 And I gather the 53 on the end has to do with the port
> on which it's listening. I'm not sure if it's correct that the 4th octet is
> substituted like that. *
>
> >Third, use tcpdump to capture port 53. Do this to a file, then look at it
> offline in Wireshark. (Michael just beat me to that tip). Check how queries
> are arriving into BIND and what it does >with them. Particularly look at
> the timings of packets and for errors, such as packet loss or ICMP.
>
> *I will look into this. I need to learn a little more about tcpdump.   I
> don't have Wireshark but I'll make do.*
>
> >A couple of comments about your BIND config:
> >1) You don't need "zone "." as root hints have been built into BIND for
> many years. If you are global forwarding (also "forward only") then
> recursion will never happen, so roots are >irrelevant.
>
> *OK.*
>
> >2) BIND will recurse just fine out of the box. You don't need to forward
> to Google and Cloudflare at all.
>
> *So, should I remove the "forwarders" entry?  At which resolver server,
> then, would it begin the forwarding process?*
>
>
>
> On 2025-05-09 18:35, Greg Choules wrote:
>
> Hi.
> I also suspect it's not BIND, but how the OS is going about resolving
> names.
> Test your running BIND by using dig (please, not nslookup) @127.0.0.1 for
> domains you think you are having a problem with.
>
> Also check /etc/resolv.conf and see what address(es) is/are listed as
> nameservers.
>
> Third, use tcpdump to capture port 53. Do this to a file, then look at it
> offline in Wireshark. (Michael just beat me to that tip). Check how queries
> are arriving into BIND and what it does with them. Particularly look at the
> timings of packets and for errors, such as packet loss or ICMP.
>
> A couple of comments about your BIND config:
> 1) You don't need "zone "." as root hints have been built into BIND for
> many years. If you are global forwarding (also "forward only") then
> recursion will never happen, so roots are irrelevant.
> 2) BIND will recurse just fine out of the box. You don't need to forward
> to Google and Cloudflare at all.
>
> Hope you find that useful.
> Cheers, Greg
>
> On Fri, 9 May 2025 at 23:58, <bind9 at clearviz.biz> wrote:
>
> Howdy all!.   My name is Arnold, and I'm new to both Bind9 and to the Bind
> user's list. I'm hoping to contribute my findings on the use of Bind9. in
> the future but, for now, I need some help in getting my 1st install of Bind
> 9.18 performing well. It does run already, but does not perform well at
> all. I'll explain.
>
>
> First, a quick bit of history. I run a home network (a full domain
> structure) and, for the past 23 years, I ran a server (Windows Server 2003)
> as a full Primary Domain Controller in my home network. I ran DHCP, DNS and
> AD on that server. It worked great and had extremely fast responses for DNS
> forwarding. Very rarely was there ever a failure (i.e. "Site not found" or
> "No Internet Access") etc. And it ran great for almost 23 years.... Until
> this past Easter Sunday, when it died a nasty hardware death. I deemed it
> unworthy of repairing. This because, 2 years ago, I began building two new
> mid-tower machines (Intel coreI7 and was going to install Ubuntu Server
> (22.04) on one and the 22.04 client on  the other. I completed the client
> machine and it is up and running perfectly. I held off on the server as my
> Win2003 server was still running. But not anymore.
>
> I resumed the build of the Ubuntu Server (22.04). I installed
> ISC-DHCP-Server for DHCP (I know Kea is available but I read where that
> needs Ubuntu 24.xx+). I also installed Bind9.18 as the DNS server. The DHCP
> server is working perfectly.  No issues at all. Very happy with it.  The
> Bind9.18, not so much.   BTW, I'll deal with an AD replacement later if at
> all (Samba, Kerberos or something similar).
>
> The following are the behavioral symptoms of the current Bind9.18 install.
>
>    1. Links/URLs -  Links/URLs submitted in a browser (especially a link
>    not used before or not after a long while) often take a very long time to
>    render and often fail with a "Can't access that site" or "No Internet
>    Access" error. if I keep refreshing the same link/URL multiple times,
>    eventually the webpage will render correctly. And the site will continue to
>    render correctly as long as I keep it active by clicking other links, etc.
>    on the page.  But once there has been a period of inactivity (usually 1/2
>    to 1 hr), it goes back to the original behavior, requiring another cycle of
>    "refreshes" and "site not found" errors, before it renders correctly again.
>    That said, I'm starting to see continuity on the URLs/Links I use on a
>    daily basis (i.e. only once a day).
>    2. When using "ping," if I ping the hard IP, it works correctly. If I
>    use the domain name with Ping, it fails on a "name resolution" error.
>    However, using "nslookup" with the same domain names does work correctly.
>    Cannot use traceroute as it is not presently installed and attempting to
>    install it gives "Temporary failure resolving the ubuntu archive DBs.
>    3. Devices that had connected to my Wireless access point (WAP) that
>    are "DNS dependent" also fail due to "No Internet access," including my
>    smartphone in Wifi Mode. My phone does not fail when in "5G" mode, but
>    that's expensive.   FTR, my router is "wired" but I have a WAP connected to
>    it via Ethernet. Devices that connect to it can get DHCP service, but fail
>    when DNS is attempted. My laptops do not connect via WiFi anymore. I can
>    get one of my laptops connected if I 'Tether" it to my smartphone while in
>    "5G" mode.
>
> All of the above leads me to believe that Bind 9 may not be configured
> correctly to allow for the best possible performance/response times by the
> forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my
> named.conf.options file and .local file. The named.conf file only has
> includes for .options and ,local conf files.  The .default-zones file is
> commented out.
>
> If you need other info about my configuration and setup, please feel free
> to ask and I'll do my best to provide it.
>
> Thank you all so much and I look forward to learning from you.
>
> Regards,
> Arnold
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250509/2b77aec3/attachment-0001.htm>

More information about the bind-users mailing list