In my setup clients request are first against the bind DNS server that is provided by Zentyal. If the lookup fails because it isn't specified in the local DNS it uses the forwarders (ISP DNS, Google DNS, OpenDNS, etc).
Seeing as Zentyal uses the Bind9_DLZ backend it is configured essentially as described
HERE in the Samba Wiki. There you will find a section describing how to "Downloading the DNS Root Servers List" and a section of the basic configuration that denotes how to include that downloaded root dns server list.
Now, on Zentyal, bind and it's configurations are located at
/etc/bind. There is a file called
db.root, which is equivalent to
named.root in the samba example, and contains the root servers list. That file is referenced in the main bind configuration file
named.conf. It looks like this;
include "/etc/bind/named.conf.options";
include "/etc/bind/keys";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
With all that in mind, I would postulate that if you were to edit the stubs file for bind you could exclude the root servers. Edit file
/usr/share/zentyal/stubs/dns/named.conf.mas
and delete the section
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
I can't say if that will work or give you the desired result. I honestly am not sure what you are even trying to accomplish. There also could be a better way to handle what you want that I'm not aware of. However I figured I'd give you an idea of what I'd try based on what you were asking. (PS: if what you were trying to do was to create an isolated "closed" network I'd think you would just provide a LAN interface without any WAN interface...but I probably don't understand what you are trying to do).