Stop being authoritative for the domain
Remove the zone from BIND's configuration, i.e. remove
zone "example.com" { type master; file "/etc/bind/db.example.com"; };
and then reload the configuration with
$ sudo rndc reload
Separate your authoritative and recursive DNS infrastructure
You probably have nameserver 127.0.0.1 in your /etc/resolv.conf. You could remove it and add recursive name servers you can use as resolvers.
Although it is technically possible to have both recursive and authoritative roles on the same server, it is not recommended. There are several reasons for this isolation:
Preventing amplification attacks (RFC 5358, 4).
Preventing DNS cache poisoning, although this is mostly a historical reason best explained in the 3rd edition of Nemeth, E., Snyder, G., Seebass, S., & Hein, T. (2000). UNIX system administration handbook. Pearson Education. (Chapter 16 THE DOMAIN NAME SYSTEM; The BIND software; Authoritative and caching-only servers.):
In BIND4 and BIND 8, it wasn't a good idea to use a single name server
as an authoritative server for some zones and as a caching server for
others. Each named ran with a single in-memory database, and
cross-contamination could occur if memory was tight and cached data
mixed with authoritative data. BIND 9 has eliminated this problem, so
mix away.
For stability / load balancing: authorative name servers are crucial part of the Internet, as almost everything else relies on DNS. Therefore, we should not allow technical errors or high loads an a recursive server to affect the performance of this system.
Preventing this exact situation, where a name server stops being authoritative for the domain, but the local configuration keeps it answering authoritatively and eventually with outdated records.
