Domain Name System

Setting bind and zone, why doesn't it work?

Hello everyone, I raised centos 7 And Bind on it, while this is one dns server out. On the base config, I set up the zone, everything is fine, but when tuning the config, everything broke, that is, Bind works, but there is no domain resolving outside. iptables and selinux did not work before. (selinux-disabled, iptables-configured correct) The
problem is that I forgot to back up the previous configs and did not notice at what stage I broke it, because I was distracted by other issues in parallel.
111.111.111.222 -wan ip
111.111.111.100 -DNS1
111.111.111.99 -DNS2
10.0.0.0/8 -LAN IP's (there will be many)
10.2.0.9 -LAN IP dns srv (ns1)
/etc/named.conf
options {
listen- on port 53 { 127.0.0.1; 10.2.0.9; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "DNS Server";
allow-query { 10.0.0.0/8; };
allow-transfer { localhost; 10.0.0.0/8; };
allow-recursion { 10.0.0.0/8; };
forwarders { 111.111.111.100; 111.111.111.99; };
forward only;
recursive-clients 10;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "domain.com" { typemaster
;
file "domain.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/var/named/domain.com.zone $TTL 86400 @ IN SOA ns1.domain.com. root. domain.com. ( 20161201 ;Serial

3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns1.domain.com.
ns1 IN A 111.111.111.222
;
@MX10 mail.domain.com.
mail IN A 111.111.111.222
@ IN A 111.111.111.222
www IN A 111.111.111.222