The default named.conf should not contain a query-source statement.

Comment it out and describe what it's for and why not to use it.

etc/named.conf

@@ -1,12 +1,18 @@
-# $NetBSD: named.conf,v 1.4 2006/03/23 13:50:44 itojun Exp $
+# $NetBSD: named.conf,v 1.5 2008/07/23 05:47:48 dholland Exp $
 
 # boot file for secondary name server
 # Note that there should be one primary entry for each SOA record.
 
 options {
 	directory "/etc/namedb";
-	query-source address * port 53;
 	allow-recursion { localhost; localnets; };
+
+	#
+	# This forces all queries to come from port 53; might be
+	# needed for firewall traversals but should be avoided if
+	# at all possible because of the risk of spoofing attacks.
+	#
+	#query-source address * port 53;
 };
 
 zone "." {