Authoritative and caching

Wed Feb 19 09:58:14 UTC 2025

Hi.

I have a primary and a secondary set up on debian 12.

They both seem to work.
They are authoratative for my own domain that is used to redirect local 
traffic to local servers.
There are no (inbound) contact from the outside to bind.

I then have a postfix server, where I need to run a local caching 
bind-instance.
I have added my 2 main bind-boxes as forwarders on my postfix box.

If I have the 2 main bind-boxes as resolvers, everything works.

But if I change /etc/resolv.conf to 127.0.0.1 something happens
If I do a dig or ping from my postfixbox to something that the 2 main 
bind-boxes are authoratative for, it doesn't work.
External domains like postfix.org work perfectly.

Postfix box setup:
******
acl "trusted" {
         127.0.0.1/32;
         localhost;
};

and options section:

         recursion yes;
         allow-query { trusted; };
         listen-on { 127.0.0.1; };
         allow-transfer { none; };

         forwarders {
                 192.168.20.10;
                 192.168.20.11;
         };
         forward only;

         dnssec-validation auto;

*******

Any clues?

Or any hints of where to look for answers?

Best regards
Danjel

PS: Please forgive me for (possibly) asking stupid questions, bind is 
rather new to me.