There're two entries that you must know:
- The option forwarders must be added to indicate which external DNS to forward the queries.
- The option dnssec-validation must be set to no. dnssec-validation indicates that a resolver (a caching or caching-only name server) will attempt to validate replies from DNSSEC enabled (signed) zones. For further information. You may check DNS BIND9 Security Statements.
[root@primary-dns ~]# vi /etc/named.conf
...
options {
...
forwarders {
8.8.8.8;
168.95.1.1;
};
...
dnssec-validation no;
};
...
Let's verify the configuration.
[root@primary-dns ~]# named-checkconf
It seems no problem. We should restart named.service
[root@primary-dns ~]# systemctl restart named
We're done.