I have a Centos 5.2 server which runs named for DNS resolution - it doesn't hold any information of its own, and just forwards all requests. From the named.conf:

options {
        forwarders {;; };

All other lines in named.conf are left as default.

I want to change the configuration so requests for anything under newdomain.com get passed to, while requests for any other address go to or

How can I configure the DNS on this server to do this?

  • 6,676
  • 24
  • 76
  • 106

3 Answers3


hehe, I up-voted the previous answer before doing some fettling myself.

Right, so, if you edit your named.conf and add the following:

zone "newdomain.com" {
    type forward;
    forward only;
    forwarders {; };

now you won't be able to do reverse lookups easily, you'll have to modify the following zone statement to make sense for the IP address(s) of the domain (this was originally a reverse for

zone "80.168.192.in-addr.arpa" {
    type forward;
    forward only;
    forwarders {; };

After making the changes, you should

  1. Check that you havn't faffed up the config files: named-checkconf

  2. Tell bind to reload its config: rndc reload (much prefered to /etc/init.d/bind reload )

Bear in mind this will return non-authorative answers for the domain. The way around this (and to offer better local caching should the remote DNS be problematic) would be to act as a slave for the zone.

edited to add the forward only; statement. this will cause the query to fail after trying the server(s) specified in forwarders, rather than failing and then trying a standard lookup. Also edited to change /etc/init.d/bind reload to rndc reload after advice in comments.

  • 842
  • 5
  • 11
  • 4
    The command 'rndc reload' is the prefered method to reload bind configuration files instead of using the init scripts to restart the daemon – Zypher Jan 04 '10 at 07:53
  • Zypher -thanks for setting me right about using rndc -I didn't realise. – BuildTheRobots Jan 04 '10 at 18:34
  • Thanks. I also needed to replace `dnssec-validation auto;` with `dnssec-validation no;` in named.conf.options. – mivk Dec 30 '13 at 17:07

If you are trying to optimize, and is auth for that zone, you can also use a stub zone:

zone "newdomain.com" {
    type stub;
    masters { };

This does something slightly differently than forwarding. It will query the server for NS records, and keep them in the cache at all times. This will do almost the same thing, but if another NS host (say, was also listed, your server would then learn about it and use it as well.

I believe a stub zone here is a better option than conditional forwarding.

Michael Graff
  • 6,588
  • 1
  • 23
  • 36

Can you operate as a slave for newdomain.com? i.e., do a full transfer?

  • 1,739
  • 8
  • 10
  • just did this after having problems with forwarding, by far the easiest option -assuming the admin of the other server allows your server to do a full transfer. – BuildTheRobots Jan 04 '10 at 05:20