I have a BIND 9.6 instance that acts as a caching NS for the whole building and is also authoritative for an internal zone ("example" below):
zone "example" {
type master;
file "example";
update-policy { grant dhcp-update subdomain example. A TXT; };
};
Due to a rogue switch we lost connectivity with the rest of the world, and the NS started answering SERVFAIL; what surprised me was that the server was also unable to respond to queries for the example domain.
What is the reason of this behavior? Shouldn't the NS be able to answer since it has authoritative data?
edit: The rest of the configuration is the standard one shipped with Debian: hints for the root servers and the zones for localhost and broadcast.
You can turn up debugging to see if that doesn't directly answer your question. However, I'd suspect that the permissions on your zone file aren't allowing the bind user to read the file.
I define all my logging options in named.logging.conf and then use an include in the main file:
and then in named.conf:
Additionally, you don't mention views, but if you have any views defined, then all of your zones must be in defined views.