diff --git a/CHANGES b/CHANGES
index ab01d8bff3..b5de78372f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+3743.	[bug]		delegation-only flag wasn't working in forward zone
+			declarations despite being documented.  This is
+			needed to support turning off forwarding and turning
+			on delegation only at the same name.  [RT #35392]
+
 3742.	[port]		linux: libcap support: declare curval at start of
 			block. [RT #35387]
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 604fb58940..ad5449c821 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -4234,8 +4234,16 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
 
 		(void)cfg_map_get(zoptions, "forward", &forwardtype);
 		(void)cfg_map_get(zoptions, "forwarders", &forwarders);
-		result = configure_forward(config, view, origin, forwarders,
-					   forwardtype);
+		CHECK(configure_forward(config, view, origin, forwarders,
+					forwardtype));
+
+		/*
+		 * Forward zones may also set delegation only.
+		 */
+		only = NULL;
+		tresult = cfg_map_get(zoptions, "delegation-only", &only);
+		if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
+			CHECK(dns_view_adddelegationonly(view, origin));
 		goto cleanup;
 	}
 
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 71642127e8..84ad97f747 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4316,8 +4316,8 @@ category notify { null; };
 		      Delegation only.  Logs queries that have been
 		      forced to NXDOMAIN as the result of a
 		      delegation-only zone or a
-		      <command>delegation-only</command> in a hint
-		      or stub zone declaration.
+		      <command>delegation-only</command> in a
+		      forward, hint or stub zone declaration.
 		    </para>
 		  </entry>
 		</row>
@@ -11050,6 +11050,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
     type forward;
     <optional> forward (<constant>only</constant>|<constant>first</constant>) ; </optional>
     <optional> forwarders { <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>dscp <replaceable>ip_dscp</replaceable></optional> ; ... </optional> }; </optional>
+    <optional> delegation-only <replaceable>yes_or_no</replaceable> ; </optional>
 };
 
 zone <replaceable>"."</replaceable> <optional><replaceable>class</replaceable></optional> {
@@ -11675,9 +11676,10 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
 		<term><command>delegation-only</command></term>
 		<listitem>
 		  <para>
-		    The flag only applies to hint and stub zones.  If set
-		    to <userinput>yes</userinput>, then the zone will also be
-		    treated as if it is also a delegation-only type zone.
+		    The flag only applies to forward, hint and stub
+		    zones.  If set to <userinput>yes</userinput>,
+		    then the zone will also be treated as if it is
+		    also a delegation-only type zone.
 		  </para>
 		  <para>
 		    See caveats in <xref linkend="root_delegation_only"/>.
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index ae9a38ab15..7e75c01008 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1440,7 +1440,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 	{ "notify", MASTERZONE | SLAVEZONE },
 	{ "also-notify", MASTERZONE | SLAVEZONE },
 	{ "dialup", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE },
-	{ "delegation-only", HINTZONE | STUBZONE | DELEGATIONZONE },
+	{ "delegation-only", HINTZONE | STUBZONE | FORWARDZONE |
+	   DELEGATIONZONE },
 	{ "forward", MASTERZONE | SLAVEZONE | STUBZONE |
 	  STATICSTUBZONE | FORWARDZONE },
 	{ "forwarders", MASTERZONE | SLAVEZONE | STUBZONE |