So recently I was spinning up some new authoritative names servers. I have stuck with bind for authoritative for years because the format of the files and queries is THE standard for DNS zones. IMHO, there are some better resolvers out there but I stick with bind for authoritative.
Anyway, on to my issue. The purpose of one of these servers was for reverse DNS. I added the in-addr files and added a few zone files. Things hummed along for a few days and the server went through an update and the authoritative stuff stopped working. After some digging here is what I found.
Bind 9.4 introduces a new option called
allow query has specifically to do with the ability to query the namesever for records it is authoritative for. If that option is not there it will deny queries. Once I added the following code things started working correctly.
A few later I come back to a different machine to troubleshoot an issue with a customer PTR record and found the log files were filling up with cache-denied messages. this was fixed by adding the two lines of code below.
In this case, some of the IP space still had servers pointing to it, most likely due to the domain holder going offline or out of business.