bind would not work unless allow-query is "any"

Solution 1:

When you listen-on 127.0.0.1 or localhost or ::1, and/or allow-query from localhost only, bind will answer only to queries originating from the same computer that runs bind. (It set this way in "testing" probably because they probably just meant to test that bind works without opening it to outside for security reasons.)

It is normal to set those to "any" so that it will be accessible from outside.

Solution 2:

If your DNS server is a local caching server, set

allow-query { <your subnet>; }; 

in options. And, in each zone:

allow-query { any; };

If you are not using it as a caching server, set it on options to none;

allow-query { none; };

Basically, you don't want your server answering to domains you are not authoritative.

Tags:

Bind

Query