Skip to content

How to Fix BIND Forwarder Configuration Error

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about How to Fix BIND Forwarder Configuration Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

BIND returns SERVFAIL for queries to external domains — the forwarders are misconfigured, unreachable, or creating a forwarding loop.

The Problem

$ dig @localhost google.com
; <<>> DiG 9.18.0 <<>> @localhost google.com
; (server found)
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

Step-by-Step Fix

Step 1: Configure forwarders correctly

options {
    directory "/var/cache/bind";

    forwarders {
        8.8.8.8;
        1.1.1.1;
    };
    forward only;  // or forward first;

    recursion yes;
    allow-query { any; };
};

Step 2: Test forwarder connectivity

dig @8.8.8.8 google.com
dig @1.1.1.1 google.com

Step 3: Remove forwarding loop

// Wrong: Forwarding to itself
forwarders {
    127.0.0.1;
};

// Right: Forward to external resolvers
forwarders {
    8.8.8.8;
    1.1.1.1;
};

Step 4: Use forward only vs forward first

// forward only: always use forwarders, never query root servers
forward only;

// forward first: try forwarders first, then query root servers
forward first;

Step 5: Set timeout

options {
    forwarders {
        8.8.8.8;
        1.1.1.1;
    };
    fudge-time 5;  // Time to wait for forwarder response
};

Step 6: Log forwarding failures

logging {
    category queries { default_debug; };
    category resolver { default_debug; };
};

Prevention Tips

  • Never forward to 127.0.0.1 (creates a loop)
  • Use multiple forwarders for redundancy
  • Monitor forwarder availability regularly
  • Use forward first instead of forward only to fall back to root servers

Common Mistakes with forwarder config

  1. Misunderstanding that String is [Char] with poor performance for large text operations
  2. Using foldl instead of foldl' causing stack overflow on large lists
  3. Forgetting deriving (Show, Eq) on custom data types needed for debugging

These mistakes appear frequently in real-world BIND code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### What does "forwarding loop" mean in BIND?

A forwarding loop occurs when BIND forwards to a server that eventually forwards back to the original server (or itself). This creates an infinite loop and returns SERVFAIL. Never forward to 127.0.0.1 and ensure forward chains do not create circular paths.

What is the difference between "forward only" and "forward first"?

forward only sends queries exclusively to the configured forwarders and returns SERVFAIL if they are unreachable. forward first tries the forwarders first but falls back to standard recursive resolution from the root servers if the forwarders fail.

How do I debug BIND forwarding issues?

Enable resolver logging: add category resolver { debug; }; to the logging section. Check /var/log/syslog for BIND messages. Use dig +trace to trace the full query path and identify where the failure occurs.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro