--- djbdns-1.05.original/log.h	2001-02-11 21:11:45.000000000 +0000
+++ djbdns-1.05/log.h	2003-07-29 17:12:44.000000000 +0100
@@ -23,6 +23,7 @@
 extern void log_nodata(const char *,const char *,const char *,unsigned int);
 extern void log_servfail(const char *);
 extern void log_lame(const char *,const char *,const char *);
+extern void log_ignore_referral(const char *,const char *,const char *);
 
 extern void log_rr(const char *,const char *,const char *,const char *,unsigned int,unsigned int);
 extern void log_rrns(const char *,const char *,const char *,unsigned int);
--- djbdns-1.05.original/log.c	2001-02-11 21:11:45.000000000 +0000
+++ djbdns-1.05/log.c	2003-07-29 17:12:33.000000000 +0100
@@ -196,6 +196,13 @@
   line();
 }
 
+void log_ignore_referral(const char server[4],const char * control, const char *referral)
+{
+  string("ignored referral "); ip(server); space();
+  name(control); space(); name(referral);
+  line();
+}
+
 void log_servfail(const char *dn)
 {
   const char *x = error_str(errno);
--- djbdns-1.05.original/query.c	2001-02-11 21:11:45.000000000 +0000
+++ djbdns-1.05/query.c	2003-07-29 17:13:13.000000000 +0100
@@ -781,6 +781,18 @@
 
 
   if (!dns_domain_suffix(d,referral)) goto DIE;
+
+  /* In strict "forwardonly" mode, we don't, as the manual states,
+  ** contact a chain of servers according to "NS" resource records.
+  ** We don't obey any referral responses, therefore.  Instead, we
+  ** eliminate the server from the list and try the next one.
+  */
+  if (flagforwardonly) {
+      log_ignore_referral(whichserver,control,referral);
+      byte_zero(whichserver,4);
+      goto HAVENS;
+  }
+
   control = d + dns_domain_suffixpos(d,referral);
   z->control[z->level] = control;
   byte_zero(z->servers[z->level],64);