Linux – view external: query (cache) denied on bind9/named

Have you tried using an ACL? Sounds funny, I know. Also, why the match-recursive-only turned on? Wouldn't that make your clients only get results if they are doing recursive queries?

acl "internal-net" { 
    10.24.0.0/16; 127/8;
};

view "internal" {
    match-clients { "internal-net"; };

    # --- I'm removing this because I'm making the daft assumption
    # --- that you are trusting your clients on your internal network,
    # --- so why bother restricting them?  Then there's this tidbit
    # --- from http://www.zytrax.com/books/dns/ch7/view.html#match-recursive-only
    # --- which seems to imply that the client match will fail because
    # --- the client might not be asking for recursion...
    #match-recursive-only yes;

    allow-recursion { "internal-net"; };
    allow-transfer { "internal-net"; };

    zone "ct.sierracollege.edu" {
        type master;
        file "data/db.ct.int";
    };

    include "/etc/named.rfc1912.zones";

    zone "." IN {
       type hint;
       file "named.ca";
    };
};

It seems you have users querying your server for names that aren't yours. If the 200k log events are all from the same client IP address, I'd block that IP in my firewall for 24-48 hours to see if they stop and report them to their ISP. If they're from many different addresses (especially from different ISPs and different parts of the world), I'd spend some time to figure out why they're querying your server.

dig example.com.co. NS

Does the above command mistakenly list your name server as an authoritative one for their domain? If so, contact them using their whois contact information.