Seems like googles opendns responded a bit differently from the isp DNS servers..

Should I try to use only googles servers?

Would it help to remove forwarders? Are they necessary?

Forwarders aren't necessary but they're preferred, give it a go without and if it works leave it that way.

I removed my forwarders, and reset the config file, and now it has worked for several days without restaring the named service. =) Happy camper!

I was getting the same error while trying configuring forwarding-only DNS server on CentOS 6.3 on my virtual machine. I solved it by changing these lines

dnssec-enable yes;
dnssec-validation yes;

to

dnssec-enable no;
dnssec-validation no;

in named.conf

Check that the time on your system is accurate. Time being off can influence if crypto-related things, like DNSSEC, work or not.

In my case, my DNS server is virtualized and was turned off for about 6 hours. When it came back up, the time was off, and ntp couldn't work because it could resolve ntp.org to sync the time against because DNS wasn't working. Nice chicken-and-egg problem. I manually set the time to be accurate, and named started validating responses and things started working.

This page is the one that lead me to checking the system time: http://spectlog.com/content/BIND_nam....com/A/IN'