Did you change permissions on /etc/rndc,key? Are you chroot'ing BIND now and didn't copy rndc.key to the chroot directory?
Also, you need to comment out the following lines in named.conf:
Code:
query-source port 53;
query-source-v6 port 53;
They make you wide-open for DNS cache poisoning, even if you are on a patched version of BIND.