bind not getting out of my LAN?

Sun Aug 18 14:44:23 UTC 2013

If I try to check my dns from inside my LAN (on either ns1 or ns2), everything seems fine:

# dig webmail.covisp.net | grep -A1 ";; ANSWER" | tail -1
webmail.covisp.net.	86400	IN	CNAME	www.covisp.net.

# dig www.covisp.net | grep -A1 ";; ANSWER" | tail -1
www.covisp.net.		86400	IN	A	75.148.117.90

# dig @ns1.covisp.net mail.covisp.net | grep -A1 ";; ANSWER" | tail -1
mail.covisp.net.	86400	IN	A	75.148.117.91

But If I try to use an external server:

# dig @8.8.8.8 mail.covisp.net 

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 mail.covisp.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10140
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.covisp.net.		IN	A

;; Query time: 4085 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 18 08:36:34 2013
;; MSG SIZE  rcvd: 33

# dig @75.75.75.75 mail.covisp.net 

; <<>> DiG 9.8.3-P1 <<>> @75.75.75.75 mail.covisp.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Here's the top of my named.conf:

options {
       directory       "/etc/namedb";
       pid-file        "/var/run/named/pid";
       listen-on { 75.148.117.93; 75.148.117.91; 127.0.0.1; };
       statistics-file "/var/stats/named.stats";
       dnssec-enable yes;
       dnssec-validation yes;
};

key "rndc-key" { algorithm hmac-md5; secret "keykeykey="; };
controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; }; };

managed-keys {
       "." initial-key 257 3 8
       "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
       FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
       bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
       X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
       W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
       Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
       QxA+Uk1ihz0=";
};

zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; };
zone "." { type hint; file "slave/root-nameservers"; };

-- 
The older you get the more you need the people you knew when you were
young.