Skip to main content

Recursion without recursion to enable forward zones

 

Problem

I need to add a forward zone to an authoritative bind9 server, but forward zones don't appear to work with recursion disabled, and I don't want to turn this server into an open resolver.

Solution

Turn the server into an open resolver, but delete all of the root hints so it doesn't have anywhere to lookup from, and make sure you don't have forwarders specified under options {}

options {
    ...
    allow-recursion { ::/0; 0.0.0.0/0; };
};

zone "some.forward.zone.net"  {
   type forward;
   forward only;
   forwarders { 192.168.168.168; };
};

zone "." {
        type hint;
        file "/dev/null";
};

Source

#end