I found a fix that works but I'm not sure what it opens up as far as security risk.
My DNS servers are intended to be authoritative so I added
allow-query { any; };
to named.conf.options and restarted bind9 on each of my three DNS servers in the cluster.
Seems to answer queries from outside my network now for records both on the servers and external to them. I guess this provides recursion as well?
|