diff --git a/CHANGES b/CHANGES
index fc2bcae4d1..ebc8f591d9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+3743.	[bug]		delegation-only flag wasn't working in forward zone
+			declarations despite being documented.  This is
+			needed to support turning off forwarding and turning
+			on delegation only at the same name.  [RT #35392]
+
 3742.	[port]		linux: libcap support: declare curval at start of
 			block. [RT #35387]
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 3c792dadf5..a79db8d3d4 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -3878,8 +3878,16 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
 
 		(void)cfg_map_get(zoptions, "forward", &forwardtype);
 		(void)cfg_map_get(zoptions, "forwarders", &forwarders);
-		result = configure_forward(config, view, origin, forwarders,
-					   forwardtype);
+		CHECK(configure_forward(config, view, origin, forwarders,
+					forwardtype));
+
+		/*
+		 * Forward zones may also set delegation only.
+		 */
+		only = NULL;
+		tresult = cfg_map_get(zoptions, "delegation-only", &only);
+		if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
+			CHECK(dns_view_adddelegationonly(view, origin));
 		goto cleanup;
 	}
 
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 51d687a247..63a001e3c6 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4240,8 +4240,8 @@ category notify { null; };
 		      Delegation only.  Logs queries that have been
 		      forced to NXDOMAIN as the result of a
 		      delegation-only zone or a
-		      <command>delegation-only</command> in a hint
-		      or stub zone declaration.
+		      <command>delegation-only</command> in a
+		      forward, hint or stub zone declaration.
 		    </para>
 		  </entry>
 		</row>
@@ -10524,6 +10524,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
     type forward;
     <optional> forward (<constant>only</constant>|<constant>first</constant>) ; </optional>
     <optional> forwarders { <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
+    <optional> delegation-only <replaceable>yes_or_no</replaceable> ; </optional>
 };
 
 zone <replaceable>"."</replaceable> <optional><replaceable>class</replaceable></optional> {
@@ -11141,14 +11142,15 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
                 </listitem>
               </varlistentry>
 
-              <varlistentry>
-                <term><command>delegation-only</command></term>
-                <listitem>
-                  <para>
-                    The flag only applies to hint and stub zones.  If set
-                    to <userinput>yes</userinput>, then the zone will also be
-                    treated as if it is also a delegation-only type zone.
-                  </para>
+	      <varlistentry>
+		<term><command>delegation-only</command></term>
+		<listitem>
+		  <para>
+		    The flag only applies to forward, hint and stub
+		    zones.  If set to <userinput>yes</userinput>,
+		    then the zone will also be treated as if it is
+		    also a delegation-only type zone.
+		  </para>
 		  <para>
 		    See caveats in <xref linkend="root_delegation_only"/>.
 		  </para>
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index af1b87ae23..d185a2b04c 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1323,7 +1323,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 	{ "notify", MASTERZONE | SLAVEZONE },
 	{ "also-notify", MASTERZONE | SLAVEZONE },
 	{ "dialup", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE },
-	{ "delegation-only", HINTZONE | STUBZONE | DELEGATIONZONE },
+	{ "delegation-only", HINTZONE | STUBZONE | FORWARDZONE |
+	   DELEGATIONZONE },
 	{ "forward", MASTERZONE | SLAVEZONE | STUBZONE |
 	  STATICSTUBZONE | FORWARDZONE },
 	{ "forwarders", MASTERZONE | SLAVEZONE | STUBZONE |