BIND9 Forwarding Reverse DNS

I've set up a BIND9 DNS Server. It should only do forwarding:

• local.domain1 - forwarders 172.24.16.10 / 172.24.16.11
• local.domain2 - forwarder x.x.x.x
• internet - forwarders 8.8.8.8 / 8.8.4.4

My files look like:

named.conf

acl internals { 127.0.0.0/8; 172.24.0.0./14; 10.42.42.0/24; };
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named.conf.options

directory "/var/cache/bind";
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
//recursion yes;
allow-query { internals; };
allow-recursion { internals; };
//empty-zones-enable no;
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { any; };

named.conf.local (nothing configured in here)

named.conf.default-zones

zone "." { type hint; file "/usr/share/dns/root.hints"; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
zone "local.domain1" { type forward; forwarders { 172.24.16.10; 172.24.16.11; }; };
zone "24.172.in-addr.arpa" { type forward; forwarders { 172.24.16.10; 172.24.16.11; }; };
zone "local.domain2" { type forward; forwarders { x.x.x.x; }; };

nslookup on hostnames in local.domain1, local.domain2 and on the internet are fine. But lookups on ip addresses for local hosts (e.g. 172.24.20.30) get NXDOMAIN. Can you please help me with that? Where is my fault?

nslookup for host on the internet

nslookup for host on local.domain1

nslookup on ip addresses wih specified DNS Server it seems the forwarding for "zone 24.172.in-addr.arpa" is not ok - but why?

dig +trace 24.172.in-addr.arpa

; <<>> DiG 9.16.22-Debian <<>> +trace 24.172.in-addr.arpa
;; global options: +cmd
.                       81209   IN      NS      i.root-servers.net.
.                       81209   IN      NS      g.root-servers.net.
.                       81209   IN      NS      m.root-servers.net.
.                       81209   IN      NS      k.root-servers.net.
.                       81209   IN      NS      c.root-servers.net.
.                       81209   IN      NS      d.root-servers.net.
.                       81209   IN      NS      h.root-servers.net.
.                       81209   IN      NS      e.root-servers.net.
.                       81209   IN      NS      f.root-servers.net.
.                       81209   IN      NS      a.root-servers.net.
.                       81209   IN      NS      b.root-servers.net.
.                       81209   IN      NS      j.root-servers.net.
.                       81209   IN      NS      l.root-servers.net.
.                       81209   IN      RRSIG   NS 8 0 518400 20220102050000 20211220040000 14748 . TfSR/gUwjjIz/OhH1qVcCH94JoRZL+VFLpR5MjtFB9fTxw5sRbZMZk/v GXpsdMgcmounzBBZWp1BjJ848ZUOxplxR8dYwZjaj50qqJ2WM36Nxb2e nBh4hA7ASPRwsICB/BXG4n9PqSeoH28C9i09k2CD9LadikmKFVIVV29n ZJQvdUpBw3U9Gw5QPz8fpXlbkhbsbUubygUvDQwrCKQJmT6URIUVmuSu 5dDcEMch0FaFsVMNeHW0w09TkHpFRfre842pmPHy9xlirUrfKkX6q5da 5ctz1zDOsGm9UnHMJyHm/RyVNZMKs8N39gfNNBBmoD6ZSr2pwbMub89Z 8g7atg==
;; Received 1137 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

in-addr.arpa.           172800  IN      NS      a.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      b.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      c.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      d.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      e.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      f.in-addr-servers.arpa.
in-addr.arpa.           86400   IN      DS      47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa.           86400   IN      DS      53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa.           86400   IN      DS      63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa.           86400   IN      RRSIG   DS 8 2 86400 20220102120000 20211220110000 52399 arpa. QiVnHdCHwcK7U7DzTIf/JiV7ieAyeAR4okMwHBKPkmIVvKDZwV+g4bpx 1pIRBkzun5zNEWd8sf7+5YyJQQ3tsBck7UTtPGEApWtIaZiCjxmB1oDp hOs0gnflr/B9v4YByHLiwmpwuByd15Cy7yJHu9gNJ2FMkTCr6hwp/ntI +CyWdlwvgDXrZ3Jlb1+myMMYWEy0J9OIuA24bZEXR99p0EQCKwFwv19c ZyGLaDOTaB7Loxtfo6zb3Cmc/42oT5pyPOXEWfL23IlyjhKA5CLQN+Ww 2GBKCYHcdEhTAy/+Fyfpo7Nxmg7PIR3eOUdKY/dZuQisvOYjDL/EB3KG cSLPMQ==
;; Received 860 bytes from 198.41.0.4#53(a.root-servers.net) in 4 ms

172.in-addr.arpa.       86400   IN      NS      r.arin.net.
172.in-addr.arpa.       86400   IN      NS      z.arin.net.
172.in-addr.arpa.       86400   IN      NS      x.arin.net.
172.in-addr.arpa.       86400   IN      NS      y.arin.net.
172.in-addr.arpa.       86400   IN      NS      u.arin.net.
172.in-addr.arpa.       86400   IN      NS      arin.authdns.ripe.net.
172.in-addr.arpa.       86400   IN      DS      48817 8 2 14C049148605E038D9D144555E6F20B53399C57ECBC040A2BFE15E43 35E60821
172.in-addr.arpa.       86400   IN      RRSIG   DS 8 3 86400 20220107182352 20211217125333 51651 in-addr.arpa. Fyray+8fqKbYIBIbj89FKkPubjLB22JPfdiNnizv5pcmiesU+nSfBdOS /NoKM7cxcJPjphWVSjNtMaY6zzxYLEjfep+6ufaPhuYOQcWvzyU6XwI/ lsdx4LkP0oSbgtPxG++nAmQaIg1uY25fzSt3cUkC6z2dX+xxSpvyPynN DsA=
;; Received 419 bytes from 199.180.182.53#53(a.in-addr-servers.arpa) in 156 ms

24.172.in-addr.arpa.    86400   IN      NS      blackhole-2.iana.org.
24.172.in-addr.arpa.    86400   IN      NS      blackhole-1.iana.org.
24.172.in-addr.arpa.    10800   IN      NSEC    240.172.in-addr.arpa. NS RRSIG NSEC
24.172.in-addr.arpa.    10800   IN      RRSIG   NSEC 8 4 10800 20220103133511 20211220123511 55521 172.in-addr.arpa. l9r3WjroC5tzdoOTB+a0p0ZFTH7Z85BE9PhCaFL5nlwNyNgy8c6enkN6 2P8UoYcXFrnCzUWiokHY7I7UgEdPDJMO+LKlFNvL1dGn3QwnXsoJVIQX hKTZ85VoGrMtepRgliWlDQwWeYazEjs4+xgAvmssfOtzPRQHMxhBmkkG r9s=
;; Received 354 bytes from 204.61.216.50#53(u.arin.net) in 4 ms

24.172.in-addr.arpa.    15      IN      SOA     prisoner.iana.org.24.172.in-addr.arpa. hostmaster.root-servers.org.24.172.in-addr.arpa. 1 1800 900 604800 15
;; Received 126 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 4 ms

Please add a 'forward only;' statement to the forwarded zones:

zone "24.172.in-addr.arpa" { 
    type forward; 
    forward only;
    forwarders { 
      172.24.16.10; 
      172.24.16.11; 
    }; 
};

If that doesn't make a difference, check if the name servers 172.24.16.10; 172.24.16.11 actually respond.

i found the fault on my side. i commented out the forwarders in my named.conf.options.

forward only;
forwarders { 8.8.8.8; 8.8.4.4; };

they are superfluous in my scenario. now it runs as intended. thank you for your support