I had setup two BIND9 servers on ubuntu to service all VPN connected users. They were both linked just fine. I managed BIND via webmin installed.

A linux user and a Mac user were connecting to the VPN and then finding they could no longer connect to any web sites outside of the DNS domain.

nslookup google.com
;; Got recursion not available from 10.10.5.60, trying next server
Server: 10.10.5.61
Address: 10.10.5.61#53
** server can’t find google.com: NXDOMAIN

Well that’s no good. First server isn’t allowing recursive connections and the second one is not forwarding properly. I checked webmin and saw in the forwarding and transfers section that I had, indeed, already added 8.8.8.8, 8.8.4.4, 4.2.2.2, and 10.10.5.70 (internal DNS). So why was it not working?

Fired up putty and SSH’d in
nano /etc/bind/named.conf.options
Under the options { area add the following:
allow-query { any; };
allow-recursion { any; };
Save and quit

Reload Bind
/etc/init.d/bind9 reload

Profit