Bind not resolving domain name

I have a dedicated server that I can't seem to get my domain name to resolve correctly with bind. I tried many internet searches and compared different config files, but I can't seem to figure it out. I only have one ip address and gateway address.

dig @localhost www.euphorics.net

    ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> @localhost www.euphorics.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58762
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.euphorics.net.     IN  A

;; ANSWER SECTION:
www.euphorics.net.  3600    IN  A   38.130.218.68

;; AUTHORITY SECTION:
euphorics.net.      3600    IN  NS  ns2.euphorics.net.
euphorics.net.      3600    IN  NS  ns1.euphorics.net.

;; ADDITIONAL SECTION:
ns1.euphorics.net.  3600    IN  A   38.130.218.68
ns2.euphorics.net.  3600    IN  A   38.130.218.68

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Oct 19 08:24:26 EDT 2016
;; MSG SIZE  rcvd: 130

/etc/named.conf

    //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 38.130.218.68; };
#       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-transfer { 38.130.218.68; };      # disable zone transfers by default
        allow-query     { trusted; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

acl "trusted" {
        127.0.0.1;    # ns1 - can be set to localhost
        38.130.218.68;    # ns2
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";

/etc/named/named.conf.local

    zone "euphorics.net" {
    type master;
    file "/etc/named/zones/db.euphorics.net"; # zone file path
};

zone "130.38.in-addr.arpa" {
    type master;
    file "/etc/named/zones/db.38.130";  # 10.128.0.0/16 subnet
};

/etc/named/zones/db.euphorics.net

    $TTL 3600
@       IN      SOA     ns1.euphorics.net. admin.euphorics.net. (
                              3         ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL

; name servers - NS records
euphorics.net.          IN      NS      ns1.euphorics.net.
euphorics.net.          IN      NS      ns2.euphorics.net.

; name servers - A records
@                                   A       38.130.218.68
www                                 A       38.130.218.68
ns1.euphorics.net.          IN      A       38.130.218.68
ns2.euphorics.net.          IN      A       38.130.218.68

Also I added port 53 tcp/udp to firewalld and also to iptables. I even turned off my firewall to see if that would help, but it didn't. Rebooted bind / server, still no go.

This is not good advice from a security point of view! The default value for recursion is yes, so commenting out recursion yes; leaves it at yes. This in combination with overriding allow-query to any (do look at the manual for how the allow-* settings interact when you start overriding one but not the others!) means that you're now running a wide-open recursor!

@Lindqvist... Exactly and an open resolver may be used for generating DDoS attack.

Yeah, I enabled recursion and set acl back to trusted. Never really messed up with bind before since digital ocean / linode already had these things configured....

I'm sorry I set recursion to no, rebooted server. Thanks for the advice, I can't however connect to the domain name unless the allow-query is set to any. Is this ok or do I need to find an alternative to this solution?

allow-query set to any is required on authoritative servers.

It's worth noting that leaving out allow-query entirely allows queries to authoritative zones without also having the side-effect of changing what is allowed when it comes to recursion. Do see the allow-* settings in the manual (specifically how these interact when you start overriding some of them): ftp.isc.org/isc/bind9/cur/9.10/doc/arm/…

@Lindqvist you're about right! I missed to point that recursion must be done to certain acl list. Edited : added missing point. Not good if you haven't slept in 24 hours guys...