How could one disable bind9's recursion and do forwarding only for DNS queries?
Sebastian Wright 
I am learning how to configure DNS server. My first task is to set up local forwarding server - server that does NOT do recursive queries but forwards them to other public open DNS.
OK, here is my /etc/bind/named.conf.options
options { directory "/var/cache/bind"; recursion no; allow-query { localhost; }; forwarders { 8.8.8.8; 8.8.4.4; }; forward only; dnssec-enable yes; dnssec-validation yes; auth-nxdomain no; # conform to RFC1035 listen-on port 53 { 127.0.0.1; 192.168.1.33; }; listen-on-v6 { any; };
};But when I issue
dig askubuntu.comit returns:
...
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 57563
...
;; WARNING: recursion requested but not available
...
;; SERVER: 127.0.0.1#53(127.0.0.1)
...As I understand, dig should should make DNS query to local bind instance and it should forward that request to 8.8.8.8 and return answer.
However it complains, that recursion is not available. But I did not requsted it.
How could one solve this problem? Thanks.
11 Answer
There's an excellent discussion of this at .
What you're doing is basically correct, except that you need set "recursion yes" even if your DNS setup requires your server to be a forwarding-only server. This may seem counter-intuitive, but it's the way the prescription goes. Here's a sample config:
acl goodclients { 192.0.2.0/24; localhost; localnets;
};
options { directory "/var/cache/bind"; recursion yes; allow-query { goodclients; }; forwarders { 8.8.8.8; 8.8.4.4; }; forward only; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; };
};
