Dns server error ( bind9 denied)

I installed ispconfig 3.2 using the nginx install with the source I have appeared in linte.
https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller
i want to do using your own dns server and allowing the use of google dns servers if needed.

test system I use.
ubuntu 18
hostname : yes
hostname -f : yes
static ip : yes
dns redirect : yes
hardware: 4gb ram, 4gb swap, 4 cpu and 32 hdd.

The commands I use.

Code:

dpkg-reconfigure locales
dpkg-reconfigure tzdate
cd /tmp
git clone https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller.git
cd ispconfig-autoinstaller
./ispc3-ai.sh --lang=en --use-nginx  --channel=stable --debug

named.conf.options //default

Code:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

//       forwarders {
//              0.0.0.0;
//       };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        version "unknown";

        allow-transfer {none;};

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Outputs of /var/log/syslog

Code:

Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#59479 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#62271 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#59192 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#55026 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#57836 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#61588 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#55957 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#51642 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#65444 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#58314 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#50796 (www.facebook.com): query (cache) 'www.facebook.com/A/IN' denied

named.conf.options //I arranged here.

Code:

      forwarders {
              8.8.8.8;
              8.8.4.4;
       };

I have a problem now.
Sorry for my English, I'm lacking in understanding and writing.

 

yes, I want to use it for my own zones.

When I use my DNS server, access to the other internet is disabled.
I want to be able to surf the internet while using my own dns server.

I reboot after edits.
sorry for my english

 

Do you mean your internal name servers can not resolve public internet hostnames?
Then forwarding does not work. You seem to use Google name servers as forwarders, I do not know if they allow this kind of use or if it is sensible. Try running without forwarders, that should work. If you need faster name resolution, add the closest name servers in network topology, usually your Internet service providers name servers (and they tend to allow using them as forwarders for their customers).
If this does not work, what changes have you done to bind9 setup?

 

yes..

Code:

    forwarders {
             8.8.8.8;
             8.8.4.4;
      };

This is just the change I've made.

 

The solution of my problem.
named.conf.options // add

Code:

allow-recursion { any; };

 

Code:

acl goodclients {
    192.0.2.0/24;
};

Code:

options {
    directory "/var/cache/bind";

    recursion yes;
    allow-query { goodclients; };
    . . .

Are you talking about an update that will be done this way?

After the update I made, my dns service usage information does not appear in the log file. Do you have any information about this?