Version 9.8.0b1 of BIND brings with it a new zone type, which IIRC was developed by the DeNIC. It is called a static-stub, and it allows an administrator to force queries for a particular zone to go to specified addresses instead of BIND recursing for the name server records of that zone.

So, for example, suppose you have a zone called uno.aa and you want BIND to direct queries at your name server located at, you’d set up a static-stub zone as

    zone "uno.aa" {
      type static-stub;
      server-names {
      // server-addresses {
      // };

Instead of using server-names, you can use server-addresses.

So, I hear you asking, what’s the difference between static-stub and a forwarding zone? The difference is that with the former, BIND sends non- recursive queries (RD bit clear), whereas with the latter, the RD (recursion desired) is set.

Oh, and to forestall a question: yes, DNSSEC-signed zones work as well. Simply add your key material to the trusted-keys configuration, and Bob’s your uncle.

    trusted-keys {
      uno.aa 257 3 7 

Very practical for testing, at the moment.

DNS and BIND :: 25 Jan 2011 :: e-mail