Overriding global forwarding with BIND

If a name server is authoritative for a zone, it will not follow subdomain delegations when using a global forwarder (unless it is also authoritative for the subdomain).

Example: a name server is authoritative for local.zone, and is using one or more global forwarders. local.zone contains an NS record for subdomain.local.zone. This name server receives a DNS A record query for host.subdomain.local.zone. This name server will send the query to the global forwarder(s); this name server will answer requests for local.zone data, but it will not follow the subdomain delegation and return the DNS A record for host.subdomain.local.zone.

If the forwarder(s) are unable to gather information about subdomain.local.zone, the name server will exceed MAXQUERIES and will return a SERVFAIL message:

MAXQUERIES exceeded, possible data loop in resolving (host.subdomain.local.zone)

In order to override global forwarding on a per zone basis, add an empty forwarders statement in the zone.

Example:

zone "local.zone" in {
        type            master;
        file            "db.local.zone";
        forwarders      { };
};

From the BIND 8 named.conf man page:

If either no forwarders clause is present in the zone or an empty list for forwarders is given, then no forwarding will be done for the zone, cancelling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change only the behavior of the global forward option, and not the servers used, then you also need to respecify the global forwarders.

Also, see "11.3.3.1. The Trouble with forwarding" from DNS and BIND, 4th Edition:
http://www.unix.com.ua/orelly/networking_2ndEd/dns/ch11_03.htm
Back to brandonhutchinson.com.

Overriding global forwarding with BIND

Last modified: 2008/06/13