add dnsmasq example, add pointer to 'recursors'

website/source/docs/guides/forwarding.html.markdown

@@ -13,10 +13,15 @@ requires elevated privileges. Instead of running Consul with an administrative
 or root account, it is possible to instead forward appropriate queries to Consul,
 running on an unprivileged port, from another DNS server.
 
-In this guide, we will demonstrate forwarding from [BIND](https://www.isc.org/downloads/bind/).
+In this guide, we will demonstrate forwarding from [BIND](https://www.isc.org/downloads/bind/), 
+as well as [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html).
 For the sake of simplicity, BIND and Consul are running on the same machine in this example,
 but this is not required.
 
+Additionally, by default, consul will not attempt to resolve CNAME records outside the `.consul.`
+zone, unless the [recursors](/docs/agent/options.html#recursors) configuration
+option is set.
+
 ### BIND Setup
 
 First, you have to disable DNSSEC so that Consul and BIND can communicate.
@@ -60,6 +65,15 @@ zone "consul" IN {
 Here we assume Consul is running with default settings and is serving
 DNS on port 8600.
 
+### Dnsmasq
+
+Add the following to your config.  Typically `/etc/dnsmasq.d/` is enabled which should allow creation of a file `/etc/dnsmasq.d/10-consul`:
+```text
+server=/consul/127.0.0.1#8600
+```
+restart the dnsmasq process after making configuration changes.
+
+
 ### Testing
 
 First, perform a DNS query against Consul directly to be sure that the record exists: