DNS server not serving LAN queries

[Thurisaz]

On the updated FreeBSD 13.1-releng I have installed a DNS bind9.16.29 as caching resolver. It's serving its own queries ( dig gmail.com states NOERROR), though nslookup gmail.com on any Windows client in its LAN returns DNS request timed out persistently with any domain used.
Option listen-on is set to loopback and LAN interface. File /etc/resolv.conf contains the loopback address and the server's domain name.
Recursion is enabled and explicitly limited to LAN IPs and localhost by the allow-recursion statement.
ISP DNS forwarders are set correctly, the default forward first behavior preserved. DNSSEC validation and IPv6 are both disabled to avoid a crapton of lame events due to ISP DNS stripping DNSSEC off.
Gateway function is enabled.

This error reproduces on any hardware configuration, so this can be a misnomer somewhere in the config files. Could anyone tell me where the error lurks?

 

[covacat]

try to query isp dns from the windows/lan box, see if works
tcpdump
dig Lan-ip gmail.com a (from the bsd box)

 

[zirias@]

[listen-on] is set to loopback and LAN interface.

Verify it's indeed listening with sockstat -l.

If yes, a timeout is a clear indication for a networking problem (it wouldn't occur if your server would reject the query), so check your network, don't forget firewalls if applicable.

 

[Thurisaz]

The cause was revealed itself and it's for ROFL! Simply an unconfigured firewall: when I've enabled ipnat and created a mapping ruleset for it, this erratic behavior vanished as if it never existed!