Skip to content

How to Make Forwarders of BIND Named Server Work

  • by
Your DNS might not cache all the records of internet, but you can forward the query to external DNS for servicing your clients.

There're two entries that you must know:
  1. The option forwarders must be added to indicate which external DNS to forward the queries.
  2. The option dnssec-validation must be set to no. dnssec-validation indicates that a resolver (a caching or caching-only name server) will attempt to validate replies from DNSSEC enabled (signed) zones. For further information. You may check DNS BIND9 Security Statements.
[root@primary-dns ~]# vi /etc/named.conf
...
options {
        ...
        forwarders {
            8.8.8.8;
            168.95.1.1;
        };
        ...
        dnssec-validation no;
};
...

Let's verify the configuration.
[root@primary-dns ~]# named-checkconf
It seems no problem. We should restart named.service
[root@primary-dns ~]# systemctl restart named
We're done.

Leave a Reply

Your email address will not be published. Required fields are marked *