You might need to explicitly allow queries from clients in the options section in named.conf:
example:
allow-query {
::;
127.0.0.1;
10.0.0.0/8;
192.168.0.0/24;
};
or just allow anyone:
allow-query { any };
Of course it would be safer to restrict queries to your clients only.
Sorry your thread was sitting, I just joined and maybe I can help.
From the error this is a recursion setting, your inside server is trying to do look ups and being denied (which you knew) I think it might be related to changes in the named.conf noted here:
[security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default \(localnets;
localhost;\) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default \(localnets;
localhost;\) is used.
Are you using allow-recursion? or allow-query-source, are you using any sort of match clients or anything like that? (a snip of the named.conf would help).