bind9 - forwarders are not working

I am experiencing an issue with bind. If i want to resolve any domain name that is on the zone file. It works fine. However, when I try to resolve anything that does not belong to the zone file. I know that actual DNS servers that are being forwarded are working fine. But somehow bind9 fails to use them. The content of /etc/bind/named.conf.options is:

options {
directory "/var/cache/bind";
forwarders {
    131.181.127.32;
    131.181.59.48;
};
dnssec-validation auto;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
};

I have also tried to use only one ip address and it still did not work. also the content of /etc/bind/named.conf is:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

So there is no problem with including options file. Any recommendations for fixing this problem?

I had this issue before with recent version of Bind (9.8.1).

The following option solved the problem for me :

dnssec-validation no;

You need to differentiate between your bind misconfiguration and not-working forwarders.

You can verify whether the forwarders are working or not using a command like:

$ dig @131.181.127.32 www.google.com

If you received a valid response, it is a working DNS server and so on.

You may need to add an explicit allow-recursion in your bind configuration. It is recommended to restrict this to specific IPs/subnets.