Должно быть так (только свои ip и dns подставь):
# ss -4tunap | grep -i "\:53 "
udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:* users:(("named",pid=3927,fd=514))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=3927,fd=513))
tcp LISTEN 0 10 192.168.1.1:53 0.0.0.0:* users:(("named",pid=3927,fd=23))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=3927,fd=22))
# dig @192.168.1.1 ya.ru
; <<>> DiG 9.11.28 <<>> @192.168.1.1 ya.ru
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28101
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ya.ru. IN A
;; ANSWER SECTION:
YA.ru. 430 IN A 87.250.250.242
;; AUTHORITY SECTION:
YA.ru. 2830 IN NS ns2.yandex.ru.
YA.ru. 2830 IN NS ns1.yandex.ru.
;; ADDITIONAL SECTION:
ns1.yandex.ru. 255922 IN A 213.180.193.1
ns2.yandex.ru. 255922 IN A 93.158.134.1
ns1.yandex.ru. 140 IN AAAA 2a02:6b8::1
ns2.yandex.ru. 1626 IN AAAA 2a02:6b8:0:1::1
# cat /var/lib/bind/etc/options.conf | grep -i forward
//forward only;
forwarders { 213.234.0.2; 213.234.2.6; };# service bind status
named is running
# dig @213.234.0.2 ya.ru
; <<>> DiG 9.11.28 <<>> @213.234.0.2 ya.ru
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43199
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ya.ru. IN A
;; ANSWER SECTION:
YA.ru. 362 IN A 87.250.250.242
;; AUTHORITY SECTION:
YA.ru. 1562 IN NS ns2.yandex.ru.
YA.ru. 1562 IN NS ns1.yandex.ru.
;; ADDITIONAL SECTION:
ns1.YANDEX.ru. 254650 IN A 213.180.193.1
ns2.YANDEX.ru. 254650 IN A 93.158.134.1
ns1.YANDEX.ru. 1937 IN AAAA 2a02:6b8::1
ns2.YANDEX.ru. 620 IN AAAA 2a02:6b8:0:1::1
;; Query time: 4 msec
;; SERVER: 213.234.0.2#53(213.234.0.2)
;; WHEN: Пн мая 24 15:50:09 MSK 2021
;; MSG SIZE rcvd: 199
