Where does my bind config lookup dns entries?

Hy, I am in the course of learning how bind works. My goal is to have a local dns database so lookups in my lan are not going out to WAN.

I set up bind and didnt configure it as forwarding or caching server intentionally but it seems that is whats its doing as there is no "big dns" file anywhere, so bind does look up in the wan, but where?

I have enabled logging, but bind only shows which lan - client is doing a request and what it is requesting and wether the request fails or not. Every second request fails but functions at the second request, I dont know why, but thats secondary for now.

--> How do I find out what bind actually does - where does bind look up itself?

My named.conf.options file is, where *.125 is the bind server in my lan:

acl goodclients { // Name kann frei gewählt werden
 192.168.1.0/24;  // Lokales Netz (IP-Adressbereich anpassen)
 localhost;       // localhost sollte immer eingetragen sein
 localnets;
};


options {
    directory "/var/cache/bind";


    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.


    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================

    dnssec-validation auto;

    listen-on {127.0.0.1;192.168.1.125;};


    allow-query {goodclients;}; //ACL-Name von oben
    querylog yes;
};
logging {
        channel querylog {
                file "/var/log/named/querylog";
                severity debug 3;
        };
};

Thanks!

The normal behavior for a resolver server is to prime itself based on root hints (essentially a list of the nameservers for the root zone, including their IP addresses). BIND has built-in root hints which are used by default, but you can also specify the root hints explicitly in a root hint zone in the configuration.
Based on the root hints, the resolver server can bootstrap itself and is then able to look up any name in the public DNS tree by following the chain of delegations as necessary, starting from the root.

Forwarding is a special case where you configure a resolver server to not use this normal recursion behavior (as described above) itself, but instead pass on recursion requests to a different resolver server which does that same work instead.
(Forwarding can possibly be chained, but at some point someone needs to actually do the work, forwarding just passes on the work to someone else.)

It's not entirely clear if the goal is to change the behavior or just to understand what is happening. However, if you want BIND to act as an authoritative-only server, only serving the data in its own zones, you can set recursion no; in the options.