How to Make Forwarders of BIND Named Server Work

Your DNS might not cache all the records of internet, but you can forward the query to external DNS for servicing your clients.

There're two entries that you must know:

1. The option forwarders must be added to indicate which external DNS to forward the queries.
2. The option dnssec-validation must be set to no. dnssec-validation indicates that a resolver (a caching or caching-only name server) will attempt to validate replies from DNSSEC enabled (signed) zones. For further information. You may check DNS BIND9 Security Statements.

[root@primary-dns ~]# vi /etc/named.conf
...
options {
        ...
        forwarders {
            8.8.8.8;
            168.95.1.1;
        };
        ...
        dnssec-validation no;
};
...
Let's verify the configuration.
[root@primary-dns ~]# named-checkconf
It seems no problem. We should restart named.service
[root@primary-dns ~]# systemctl restart named
We're done.