how to resolve all unknown names to 127.0.0.1 ?

Hello All !

There is a BIND 9.3.1. in deep intranet, so it hasn't access
to root servers.

It works as "forward only", forwards all non-auth queries to
upstream NSs in intranet too. Connection to NSs in Internet
to 53/udp and 53/tcp are impossible.

In named.conf there are:

(1) master intranet zones (about 20)
(2) slave intranet zones (about 40)
(3) forward-only Internet and intranet zones (about 200),
forwarders are the same upstream NSs.

So the question is:
how to force BIND resolve _all_ names not from (1) or (2) or (3)
to 127.0.0.1 ?

Quick, simple and wrong solutin:
make a zone "." type master, containing
* IN A 127.0.0.1
after that, all names from (3) gonna resolved to 127.0.0.1,
seems that "resolve from most-specific zone first" algorythm
is not implemented or forward zones are not authoritative.

Working now, bad and time-consuming solution:
i manually look at the dump of cache, recognize the names that
should be resolved to 127.0.0.1, and make a fake zone from them:
@ IN A 127.0.0.1
* IN A 127.0.0.1

Good and correct solution: ????

=== | /"\ ASCII RIBBON CAMPAIGN
WBR, Dmitry A.Provodnikov | \ / AGAINST HTML (RTF)
FIDO: 2:5000/97.31 | X MAIL AND NEWS
Team [TBH-TNG] | / \