Issues running multiple BIND DNS servers behind a single Public IP
Solution 1:
Try this DNSsec configuration on all of your DNS resolvers:
options {
//dnssec-enable no; - remove the line, the option has been obsoleted
dnssec-validation auto;
}
The options dnssec-enable has been deprecated (see ARM, p. 156) and DNSsec lookaside validation (DLV) also has been deprecated (see ARM, p. 156).
For recursive resolvers I do not believe you need something else.
Note that dnssec-validation auto; is the default setting so you do not even need to enter this one.