BIND DNS problem after upgrading from Wheezy to Squeeze

I have a server which acts as a DNS server for our LAN. All our internal servers have A records on it using a .local domain and it forwards all other requests out to the root servers using the in built list provided with BIND. All clients on the LAN have this machine set as their only DNS server.

It has worked fine for 6 years under Wheezy but I have just upgraded it to Stretch. I did an upgrade to Jessie first, rebooted checked everything was OK, and then immediately upgraded to Stretch.

Since then we keep getting intermittent DNS lookup failures for various domains on the internet, which will typically work if you click the refresh button in the browser a few times.

BIND seems to just log to syslog/systemd it doesnt appear to be configured to use its own log. If I run journalctl -xe | grep "named" I can get the log entries but none of them relate to the failed DNS lookup. If I do it immediately after a failure has occured nothing is logged so Im at a bit of a loss to work out what might be wrong.

Does anyone have any ideas please?



PS I should add that as far as I can tell it has never had a problem with resolving our internal .local domain it just seems to be real internet domains its having issues with.