Hello,

I'm trying to do two things with forwarders.

The first is to forward requests to my ISP DNS servers to avoid hitting
the root servers where I can. Originally I am pretty sure that my
options{ forwarders...} was working correctly, but I can't validate that
using dig.

The second is to forward a specific zone to another subnet (VPN) for
domain resolution. This second subnet has it's own domain servers and I
would like to utilize them for that subnet for simplicity.

using things like dig +trace, it appears that I am using neither one of
my forwarders.

So, two questions:
What is the correct method of using dig to validate that my forwarders
are working correctly -- what should I see and what should I not see?

Is the following format actually correct? It doesn't act like it.

Currently I have the following in my named.conf:

options {
notify no;
forwarders {
24.169.224.226;
24.169.224.230;
};
forward first;

auth-nxdomain no; # conform to RFC1035

allow-query {
192.168.3/24;
192.168.30/24;
127.0.0/24;
};

allow-transfer { none; };
recursion yes;
};


zone "vpndomain.com" {
type forward;
//forward first;
forwarders { 192.168.30.2; };
//allow-query { 192.168.3.0/24; };
};

zone "30.168.192.in-addr.arpa" {
type forward;
//forward first;
forwarders { 192.168.30.2; };
//allow-query { 192.168.3.0/24; };
};