On Wed, 30 Jul 2008, kenneth.reeves@verizon.com wrote:

> I'm having a strange problem with 9.5.0-P1. We upgraded from 9.2.3 last
> week. Since then we have had problems with resolution of some domains
> and not others. For example, we can't get resolution from the root name
> servers for Microsoft.com, yahoo.com, msnbc.com, hotmail.com. We can
> get it for dell.com, hp.com, cisco.com, novell.com and most others. We
> put a sniffer on the wire going out to the internet and the queries were
> going out but nothing was coming back for those domains. We then
> reverted back to 9.2.3 and all is working well again. We are using the
> same conf and zone files. Nothing has changed. We have updated our
> db.root file, but that has not helped. Any ideas. This is compiled and
> running on Solaris 9.

I am guessing that lookups that do work are in your cache. Maybe this is
your problem:

BIND 9.4 onwards implements "allow-query-cache". The "allow-query"
option is no longer used to specify access to the cache. The
"allow-query" option continues to specify which hosts are allowed
to ask ordinary DNS questions. The new "allow-query-cache" option
is used to specify which hosts are allowed to get answers from the
cache. Since BIND 9.4.1, if "allow-query-cache" is not set then
"allow-recursion" is used if it is set, otherwise "allow-query" is
used if it is set, otherwise the default localnets and localhost
is used.

(from doc/misc/migration.)

Also see the ARM for further details. Also see

Make sure your allow-query-cache, allow-recursion, and/or allow-query
options are defined as appropriate.