DNS-cache with custom gTLDs

[Drunkard Zhang]

2011/9/20 Drunkard Zhang <gongfan193 at gmail.com>:
> I got 4 DNSs doing recursive resolution, which splited into 2 groups,
> and a couple of dns caches. Each group of recursion DNS using their
> own net link, which is different.
>
> Here's problem: I want a dns-cache to use one group of recursion DNS
> as their forwarders, and use another group as backup. ( I have to,
> because 2 groups of recursion DNS get different results, and sometimes
> one of them can't resolves, while another can. ) All solution I can
> find out is "forward first" to one group, and use all 2 groups as
> gTLDs, is this __safe__?
>
This is not working... I did some test, and if dns-cache got a
NXDomain response, it won't go any far. Is it intended? or I missed
something? I'm using 9.7.3-P3. Here's my configuration on dns-cache.

options {
    directory "/var/";
    pid-file "file-named.pid";
    dump-file "file-dumpfile";
    statistics-file "file-stat";
    max-cache-size 3000M;   # 3 GB
    allow-query { any; };
    max-ncache-ttl 600;
    max-cache-ttl 86400;
    recursive-clients 1000000;
    tcp-clients 500000;
    interface-interval 0;
    cleaning-interval 3600;
    recursion yes;
};
zone "." IN {
    type hint;
    file "named.cache";
};
zone "." {
    type forward;
    forward first;
    forwarders {
	211.161.192.1;
	211.161.192.13;
    };
};

Put forward section to option clause not working too.

> Is there any other solution I can hack?
>
>
> Another problem: there's a lot of resolution on dns-cache querying
> a.root-servers.net, is it safe that i hijack a.root-servers.net to my
> own DNS? If it's safe, I can cut down queries to a.root-servers.net by
> millions of times per hour.
>
> Look forwarding to your kind responses :-)
>

When I query a name, the dns-cache queries forwarders for gTLDs
instead of using local hint file, why? And the dns-cache does not
trust forwarder returned result when set "forward first", is it
possible to fake it?