I have load-balancers equipments that handles DNS queries for
certain host to load-balance between multiple servers for redundancy.
These load-balancers are in the intranet behind a firewall.

Because i don't want all DNS servers on the internet to query my
load-balancers, i put a rule in my firewall to accept only DNS query from my
ISP's DNS (DNS1). DNS1 is authoritative for
Unfortunatly, i don't have any access on DNS1 configuration.

I told them to add a forward zone like in following example. and are the load-balancers' addresses.

zone "" in
           type forward;
           forwarders {;; };
           forward only;

  The problem is, i see no query coming from DNS1 on the firewall.
  I used the same configuration in my lab with Bind 8.2.4 as DNS1
  and it worked.

  What is wrong ?

