to make a long story short - dyn.net who hosts dns for some of our sites and also twitter stopped allowing queries on poirt 53 and requires queries on port 1028 or higher.

they told me to comment out something that looked like this:

If you are experiencing issues with your recursive DNS servers reaching Dyn's DNS servers, I recommend that you inspect
your BIND configuration file(s) for the following lines and remove them:

query-source port 53; ******
query-source-v6 port 53; ******

what is found was 'query-source' in named.conf on my windows servers and commented it out and restarted isc bind, but now all dns lookups through that server fail.

any ideas on how to comply with their request?

options {
directory "c:\named\zone";
query-source address * port 53;
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
max-cache-ttl 900; // limit cached record to 900 seconds - 15 minutes
max-ncache-ttl 900; // limit cache negative response to 900 seconds - minutes
cleaning-interval 17; // clean cache every 17 minutes
};