diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
index 4ca30f87c..ce1e420ff 100644
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
@@ -9,14 +9,20 @@
         <id>domain.domainname</id>
         <label>Zone Name</label>
         <type>text</type>
-        <help>Set the name for this zone. Both forward and reverse zones may be specified, i.e. example.com or 0.168.192.in-addr.arpa.</help>
+        <help>Set the name for this zone. Both forward and reverse zones may be specified, e.g. "example.com" or "0.168.192.in-addr.arpa"</help>
+    </field>
+    <field>
+        <id>domain.forwardonly</id>
+        <label>Forward Only</label>
+        <type>checkbox</type>
+        <help>Disables recursion if forwarding fails. The default is to attempt resolution via forwarders first and only perform recursive lookups if forwarding fails. This setting is only meaningful if the list of forwarders is not empty. Can be used to override global forwarding behaviour for this domain by specifying the same servers below as those on the General tab.</help>
     </field>
     <field>
         <id>domain.forwardserver</id>
-        <label>Primary IP</label>
+        <label>Forwarder IPs</label>
         <style>tokenize</style>
         <type>select_multiple</type>
         <allownew>true</allownew>
-        <help>Set the IP address of server to forward requests to.</help>
+        <help>Set any combination of IPv4 and IPv6 addresses. Queries for this domain will be forwarded to these addresses. Used to override global forwarders for this domain.</help>
     </field>
 </form>
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
index 23e9c9202..e83a927d9 100644
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@@ -61,13 +61,20 @@
         <advanced>true</advanced>
         <help>Specify the IPv6 address used as a source for zone transfers.</help>
     </field>
+    <field>
+        <id>general.forwardonly</id>
+        <label>Forward Only</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help>Disables recursion if forwarding fails. The default is to attempt resolution via forwarders first and only perform recursive lookups if forwarding fails. This setting is only meaningful if the list of forwarders is not empty.</help>
+    </field>
     <field>
         <id>general.forwarders</id>
-        <label>DNS Forwarders</label>
+        <label>Forwarders</label>
         <style>tokenize</style>
         <type>select_multiple</type>
         <allownew>true</allownew>
-        <help>Set one or more hosts to send your DNS queries if the request is unknown.</help>
+        <help>Set any combination of IPv4 and IPv6 addresses to forward queries to when the answer is unknown.</help>
     </field>
     <field>
         <id>general.filteraaaav4</id>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
index 6743b66ae..8d35003ad 100644
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/bind/domain</mount>
     <description>BIND domain configuration</description>
-    <version>1.1.2</version>
+    <version>1.1.3</version>
     <items>
         <domains>
             <domain type="ArrayField">
@@ -21,6 +21,10 @@
                 <primaryip type="NetworkField">
                     <AsList>Y</AsList>
                 </primaryip>
+                <forwardonly type="BooleanField">
+                    <Default>0</Default>
+                    <Required>Y</Required>
+                </forwardonly>
                 <forwardserver type="NetworkField">
                     <AsList>Y</AsList>
                 </forwardserver>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
index 238c9dc24..57feaba18 100644
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/bind/general</mount>
     <description>BIND configuration</description>
-    <version>1.0.12</version>
+    <version>1.0.13</version>
     <items>
         <enabled type="BooleanField">
             <Default>0</Default>
@@ -45,6 +45,10 @@
             <Default>53530</Default>
             <Required>Y</Required>
         </port>
+        <forwardonly type="BooleanField">
+            <Default>0</Default>
+            <Required>Y</Required>
+        </forwardonly>
         <forwarders type="NetworkField">
             <AsList>Y</AsList>
         </forwarders>
diff --git a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
index 0d9b55eda..6a21cacc9 100644
--- a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
+++ b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
@@ -200,6 +200,7 @@
                     <tr>
                         <th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
                         <th data-column-id="domainname" data-type="string" data-visible="true">{{ lang._('Zone') }}</th>
+                        <th data-column-id="forwardonly" data-type="string" data-formatter="boolean" data-visible="true">{{ lang._('Forward Only') }}</th>
                         <th data-column-id="forwardserver" data-type="string" data-visible="true">{{ lang._('Forwarder IPs') }}</th>
                         <th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
                         <th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
index 9196b5de3..7f0dabed2 100644
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@@ -39,7 +39,10 @@ options {
 {% endif -%}
 
 {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
-        forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
+{%   if helpers.exists('OPNsense.bind.general.forwardonly') and OPNsense.bind.general.forwardonly == '1' %}
+        forward            only
+{%   endif -%}
+        forwarders         { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
 {% endif -%}
 
 {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
@@ -154,6 +157,11 @@ zone "rpzbing" { type primary; file "/usr/local/etc/namedb/primary/bing.db"; not
 zone "{{ domain.domainname }}" {
         type {{ domain.type }};
 {%       if domain.type == 'forward' %}
+{%         if domain.forwardonly == '1' %}
+        forward only;
+{%         else %}
+        forward first;
+{%         endif %}
         forwarders { {{ domain.forwardserver.replace(',', '; ') }}; };
 {%       elif domain.type == 'secondary' %}
 {%         if domain.transferkey is defined %}