Debian – Why BIND does not use the forwarders any more

binddebiandomain-name-system

BIND does not use the forwarders to resolve any more. It just goes to the root servers. I do not know when this started happening since everything worked transparently, but for sure bind configuration was not altered. It was upgraded though using apt.

I am on Debian 7 and current bind version is BIND 9.8.4.

Configuration:

options {
    directory "/var/cache/bind";
    forwarders { 
        8.8.8.8;
        8.8.4.4;
    };
    forward only;
    dnssec-validation no;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

Any ideas to re enable forwarding?

Best Answer

but for sure bind configuration was not altered. It was upgraded though using apt.

Upgrading the core engine is enough to make things not working, even if the configuration has not been altered !

As mentioned here :

In versions of BIND prior to (and including) BIND 9.4.1, the default behavior of BIND servers was to allow recursion for all clients (unless otherwise specified.)

So you should explicitely allow recursion because it is needed to make Forwarders work :

allow-recursion { any; };

To retain the same behaviour you have previously i would suggest to add these directives into your options { ... } block :

allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
Related Topic