That is because forwarder is supposed to handle only zone "", but addresses response is from zone. Therefore it queries contents of that according to global forwarders or iteratively. BIND9 attempts to deliver the most authoritative answer it can, so it ignores hints from server not authoritative for it. I do not know a way to disable such behavior. Dns caches such as dnsmasq would forward the reply as it is, but bind uses zones with authoritative servers preferred. It does so to prevent unrelated servers pushing invalid answers into your cache.

Workaround might be to forward also zone to the same server. Can you share why should it return different addresses than the authoritative servers offers?

I think if you need to override some addresses, RPZ might help you. At least you would have a list of rules where the answer is modified. I think most proper servers do it this way without ability to change the behavior.

Just my 2 cents.


On 04. 04. 23 8:08, Yang via bind-users wrote:

hi bind admin,

 when i use bind-9.11 for my interdns, deviceip is,

i config

zone ""

 in { type forward ; forward only; forwarders {; }; };

1、when i dig @

2、 return record "CNAME, A, A" to device10.1.1.1

3、but device10.1.1.1 not return A, A to me

4、device10.1.1.1 go to qurey recursive itself,and get another record

i have questions

1、why config is forward only, but bind get CNAME & A,bind do not return A to me,and query cname again itself?


Petr Menšík
Software Engineer, RHEL
Red Hat,
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
Visit to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at for more information.

bind-users mailing list

Reply via email to