I am setting up a BIND (v9.16) nameserver.
Its main purpose is to work as a regular recursor for our internal hosts. For a couple of specific zones though (the ones that we host), I need to set it up as a forwarder. The goal is to avoid creating a dependency on root and TLD DNS servers, and being able to continue using our internal services even in the case of unavailability of our outside network connections.
This was easy to setup, here the relevant parts of my configuration :
options {
allow-recursion {
// Here comes the list of our inside networks
};
};
zone "somedomain.example" IN {
type forward;
forward first;
forwarders {
// Here comes the list of the primary servers for this zone
};
// ... repeated for all forward zones
This setup works as expected, but with a minor inconvenience. The list of primary servers has to be repeated for all the "forward" zones. We have quite a few of them, all with IPv4 and IPv6 addresses, and ^C/^V the list to all zones is not the most elegant thing I have seen, nor is it very DRY-compliant.
I know that the forwarders
statement can also be included in the global options
section, but from basic experiments I understand that this statement does not apply to forward zones, it is only meant for a forward-only nameserver (the documentation is not crystal-clear, but mentions that "if no forwarders
statement is present, [...] cancelling the effects of any forwarders in the options
statement").
Is there a way to create a named list of forwarders, more or less the same way we create ACLs, and use this symbolic name in the forwarders
statement inside relevant zones ?