Very simple bind9 DNS server

Question

I am using Debian server 10 and bind9 for my DNS server network, I want very simple working with DNS server, my topology is like below:

client <-> DNS <-> voip.example.com

client IP: 172.17.106.9
client DNS primary: 172.17.106.15
client DNS secondary: 8.8.8.8

DNS IP: 172.17.106.15

voip.example.com IP: 172.17.106.12

I want to check the DNS records when each request is received from the client, and if it does not match, go to the secondary DNS stored in the client's secondary DNS(8.8.8.8)

I get this error on client cmd:

C:\Users\Farhad>nslookup voip.example.com
Server:  ns1.example.com
Address:  172.17.106.15

*** ns1.example.com can't find voip.example.com: Server failed

my bind9 configuration is here:

/etc/bind/named.conf.local

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";            # zone file path
};

zone "17.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.172.17";                 # 172.17.0.0/16 subnet
};

/etc/bind/named.conf.options

acl "trusted" {
        172.17.106.15;  # ns1
        172.17.106.9;   # client
        172.17.106.12;  # VoIP
};

options {
        directory "/var/cache/bind";

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
        listen-on { 172.17.106.15; };   # ns1 private IP address - listen on private network only
        allow-transfer { none; };      # disable zone transfers by default

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

};

/etc/bind/db.example.com

$TTL    604800
@                               IN      SOA     ns1.example.com.    f.example.com. (
                                3               ; Serial
                                604800          ; Refresh
                                86400           ; Retry
                                2419200         ; Expire
                                604800 )        ; Negative Cache TTL
;

; name servers - NS records
                                IN      NS      ns1.example.com.

; name servers - A records
ns1.example.com.            IN      A       172.17.106.15

; 172.16.0.0/16 - A records
voip.example.com.           IN      A       172.17.106.12

/etc/bind/db.172.17

$TTL    604800
@               IN      SOA     ns1.example.com.    f.example.com. (
                3               ; Serial
                604800          ; Refresh
                86400           ; Retry
                2419200         ; Expire
                604800 )        ; Negative Cache TTL
;

; name servers
            IN      NS      ns1.example.com.

; PTR Records
15.106      IN      PTR     ns1.example.com.        ; 172.17.106.15
12.106      IN      PTR     voip.example.com.       ; 172.17.106.12

Answer 1

now it works fine with changed db.example.com and delete ns2 record and resolve exactly IP address of voip.example.com

but my primary issue still exist: I want to check the DNS records when each request is received from the client, and if it does not match, go to the secondary DNS stored in the client's secondary DNS(8.8.8.8)

for example some client request to reach test.com , and client have primary dns 172.17.106.15 and secondary dns 8.8.8.8

query reviced from client to my dns server 172.17.106.15, but did not go to 8.8.8.8