The Full Enchilada

I had not used Bind9 for quite some time and recently I was setting up some domains which I really was not authoritative for, ie Godaddy was actually acting as the real SOA DNS server for it but I wanted to TEST and check if my local configuration was working ok. In the past I would just run nslookup, then tell it to use local server with “SERVER IP” or “SERVER localhost” and then when I did my lookups it would return ONLY what my locally running named domain nameserver replied. Everything I tried this time spewed out only records from the real authoritative name servers at Godaddy, ignoring what my local dns named configuration said. I tried with dig mydomain.com @localhost and others. I even tried dig +trace and dig +recurse=no and I also tried in nslookup doing set recurse=no to disable recursion but nothing I did gave me a non recursive lookup!

What finally worked!? I went to a WINDOWS machine and used NSLOOKUP from the Windows XP machine and again with SERVER command set active (dns) domain name server to the IP of my linux box running named. Hurray, looking up the domains this way now showed me what I had configured my linux servers dns with. It confirmed for me everything on my local linux server was working as planned.
I then realized that this had worked from Windows Desktop because it being an external system, BIND had been configured in named.conf to NOT allow RECURSION to external networks so as to not create an open recursive DNS for the world.

So how can I successfully run a non recursive domain lookup from the linux server running bind 9 named? Do I need to edit /etc/named.conf and disable recursion globally for internal network also and do a quick /etc/init.d/named restart ? (yea, it’s rhel-ish ..)

Or what is the correct OPTION flag/argument for dig or nslookup so I can do no recurse, non recursive domain lookups? How about for reverse dns lookups such as dig -x IP.-in-addr.arpa @localhost ?

Gonna crash for the night so maybe it’ll come to me in a twisted morning dream