servfail

Hello Gurus,

I am practicing for RHCE. I have configured unbound caching server, but getting a servfail .
Here is the output of my test. I practiced using the labs provided in ROL. I got the same error. Then I did the same thing in my environment.

dig @desktop1.ashu.com A ashu.com

; >> DiG 9.9.4-RedHat-9.9.4-29.el7 >> @desktop1.ashu.com A ashu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER- opcode: QUERY, status: SERVFAIL, id: 21756
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ashu.com. IN A

;; Query time: 1 msec
;; SERVER: 10.0.0.209#53(10.0.0.209)
;; WHEN: Wed Dec 23 13:38:22 EST 2015
;; MSG SIZE rcvd: 37

Here is my unbound.conf

egrep -v '#|^$' /etc/unbound/unbound.conf
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 2
interface: 0.0.0.0
interface-automatic: no
access-control: 0.0.0.0/0 allow
chroot: ""
username: "unbound"
directory: "/etc/unbound"
log-time-ascii: yes
pidfile: "/var/run/unbound/unbound.pid"
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: no
unwanted-reply-threshold: 10000000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
trusted-keys-file: /etc/unbound/keys.d/.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
domain-insecure: "ashu.com"
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/.conf
remote-control:
control-enable: yes
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf
forward-zone:
name: .
forward-host: 10.0.0.201

Thank for you help