Bind 9.10.3: forwarded zone on a recursive server

Ivan Kurnosov zerkms at
Mon Nov 20 01:36:36 UTC 2017

I'm having a really simple recursive DNS for a small office, that has a
forwarded zone (being resolved by another local server).

The config looks like

options {
    directory "/var/cache/bind";

    dnssec-validation auto;

    auth-nxdomain no;
    listen-on-v6 { none; };

    recursion yes;
    allow-query { any; };

    allow-transfer { none; };

zone "" {
    type forward;
    forward only;
    forwarders {

The problem I am observing is that even if I resolve a name within `` the bind still tries to contact the root
servers, .nz. and servers as well.

And if at that point the internet is not available for the machine - the
response fails, even though it's the forwarded to another local server zone.

On this screenshot there are the packets I captured that are being sent to
the internet

I also asked this question at

So the question is: what do I else need to do to make this server not
recurse for the forwarded-only zone?

With best regards, Ivan Kurnosov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list