>> All very interesting, but I'm afraid at my level of expertise on DNS, I'm
>> not following.  If I'm broken, how do I attempt to fix?  Someone mentioned
>> that our was not authoritative.  How does one even
>> decide that?  As far as I know I haven't had any issues until now...

>> Do you have a box such as a firewall or load-balancer sitting in front of
>> ns1?

>No, the box is hanging right off the internet on a static IP.

there's apparently something wrong about your server or its firewall. The
DNS responses (at least for the SOA) come out broken (at least they get
invalid here), however I have no idea in which way they are broken.

Maybe someone with better DNS knowledge could look at output I have posted
before. Available at or pcap
format at

