====== lwresd.conf - local cache only ======
Either /etc/lwresd.conf (or in Debian) /etc/bind/lwresd.conf
Problem with just using default configuration (without lwresd.conf) is that it will continue to try to resolve for example AAAA records in the root NS servers.
This causes delays if these packets are dropped by a FW.

So we set the search suffix (search) and add forwarders and say that lwresd should do forward only not "forward first".

This was found in lwresd 1:9.8.4.dfsg.P1-6+nmu2+deb7u1 i386 Lightweight Resolver Daemon

<code>
lwres {
        search { "example.domain"; };
};

options {
        forward only;
        forwarders { 192.0.2.10; 192.0.2.11; };
};
</code>

And in /etc/nsswitch.conf change the hosts line to:
<code>
hosts:          files lwres [NOTFOUND=return] dns
</code>