Dig gives ;; connection timed out; no servers could be reached-

Tue Jan 1 21:50:51 UTC 2002

Tarek Hamdy wrote:
> 
> Happy new year all,

;)

>         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>...
>  auth-nxdomain yes;

I always define "auth-nxdomain no;", settig this to yes produces
the incorrect old behaviour of BIND, setting it to "no" gets rid
of the nagging warning, whilst producing the correct behaviour.
This isn't your problem, but it is an odd setting to choose.

>  allow-query { 192.168.113.32/27; 64.124.114.2; localhost; };
>  allow-recursion { 192.168.113.32/27; localhost; };

localhost is discouraged - use numeric IP addresses for
configuring DNS i.e. 127.0.0.1

See later.

> Zone file:
> 
> $TTL 86400
> $ORIGIN tarekham.com.

The correct $ORIGIN is usually set by default - so you rarely
need to use this directive.

> @       IN       SOA    ham.tarekham.com. thamdy.ham.tarekham.com (

Surely that is "thamdy.ham.tarekham.com." - the trailing dots
needs attention.

>                     2002010104 ; serial
>                     28800 ; refresh
>                     7200 ; retry
>                     604800 ; expire
>                     86400 ; ttl

This is now Negative TTL and can be lower.

> @        IN     SOA ham.tarekham.com. thamdy.ham.tarekham.com (

more dots.

>                     2002010105 ; serial
>                     28800 ; refresh
>                     7200 ; retry
>                     604800 ; expire
>                     86400 ; ttk
> )
>            IN      NS  ham
> 178     IN      PTR ham

Only a computer would be daft enough to read that as;
"ham.11.184.208.in-addr.arpa"

Maybe "178 IN PTR ham.tarekham.com." ?

It would be smart to have each domain include all the "NS"
records for the domain, even whilst testing. Remote nameservers
may cache the list of nameservers for the domain, and so end up
with just "ham" rather than the 3 servers for "tarekham.com"
that the ".com" nameservers return.

> When I uncomment the last item in the resolve.conf, I get an answer, but it
> is non-authoritative.

Since it works the file name is right - but I'm sure it is
resolv.conf

> When I reload named, I no errors in the log

Good.

> I will keep checking here and watch my e-mail. Any help would be
> appreciated.

Not sure it is sorted yet. 

I'd start by trying it without all the restrictive "allow-query"
and "allow-transfer" directives. It is far easier to add them
when it is working, and reasonably safe to leave them to last
unless your the subject of regular, serious hacking attempts, or
running an old version of BIND (9.1.3 is fine security wise,
although 9.2.0 is out already and has lots of minor bug fixes,
and useful enhancements), or really paranoid about who sees the
list of names in the zone file.

 Hope that helped?

 Simon