很少接触bind的各种服务，可是几乎每年都会用到一次两次，每次都得重新搜索bind 的文档，太麻烦了。。下面是在stackoverflow上看到关于bind 的forwarding 和 recursion 的描述，写的很好.
Forwarding: just passes the DNS query to another DNS server (e.g. your ISP’s). Home routers use forwarding to pass DNS queries from your home network’s clients to your ISP’s DNS servers. For example, for foo.example.com, a forwarding DNS server would first check its cache (did it already ask this question before), and if the answer is not in its cache, it would ask its forwarder (your ISP’s DNS server) for the answer, which would respond with either a cached response, or would perform recursion until it figured out the answer.
Recursion: or caching server, the DNS server receiving the query takes it upon itself to figure out the answer to that query by recursively querying authoritative DNS servers for that domain. For example, for foo.example.com, a recursor would first query the root servers for what DNS servers are responsible for the .com TLD, then it would ask those servers for example.com, then it would query the servers for example.com for foo.example.com, finally getting the answer to the original query.
In terms of security, you should separate recursors/forwarders (typically DNS servers used to service a bunch of clients) and authoritative DNS servers (typically these are responsible ONLY for answering queries re: domains that they are authoritative for – these servers will NOT perform recursive queries for anyone).
在centos 7上安装bind 并把它设置为resursor server 最简单了，直接 yum install bind bind-utils就可以了，bind 的默认named.conf 就是一个完整只适用于本机localhost 的 resursor server 设置