acl internaldns {
   192.168.11.3;
   192.168.10.3;
   192.168.10.6;
   # Nameserver Gateway Altenschlirf
   192.168.10.254;
   172.16.0.1;
   # Nameserver Gateway Novalishaus
   192.168.81.1;
   10.2.11.2;
   # Nameserver wolle
   10.113.12.3;
};

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

   // Security options
   listen-on port 53 {
      127.0.0.1;
      10.10.11.254;
      192.168.11.1;
      192.168.11.254;
   };

   // Use this sender IPv4 for zone transfers
   //transfer-source 192.168.11.1 ; 

   allow-query {
      127.0.0.1;
      192.168.0.0/16;
      10.0.0.0/8;
      172.16.0.0/12;
      2001:6f8:107e::/48;
      fe80::/8;
      ::1/128;
   };

   // caching name services
   recursion yes;

   allow-recursion {
      127.0.0.1;
      192.168.0.0/16;
      172.16.0.0/12;
      10.0.0.0/8;
      fe80::/8;
      ::1/128;
   };

   allow-transfer {
      internaldns;
   };
   transfer-source 192.168.11.1;
   notify-source 192.168.11.1;


	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { none; };

   ## - If zone-statistics is "yes", statistic file will be written.
   ## -
   ## - Notice:
   ## -    The named.stats file may grow very large over the time use some logrotate to keep it
   ## -    small, this may result in graphs being reset ( something I don't care about here )
   ## -
   zone-statistics yes;
   statistics-file "/var/log/named/named.stats";
};

logging {
   channel simple_log {
      file "/var/log/named/bind.log" versions 3 size 5m;
      //severity warning;
      severity info;
      print-time yes;
      print-severity yes;
      print-category  yes;
   };
   channel queries_log {
      file "/var/log/named/query.log" versions 10 size 5m;
      severity debug;
      //severity notice;
      print-time yes;
      print-severity yes;
      print-category no;
   };
   channel log_zone_transfers {
      file "/var/log/named/axfr.log" versions 5 size 2m;
      severity info;
      print-time yes;
      print-severity yes;
      print-category yes;
   };
   category resolver {
      queries_log;
   };
   category queries {
      queries_log;
   };
   category xfer-in {
      log_zone_transfers;
   };
   category xfer-out {
      log_zone_transfers;
   };
   category notify {
      log_zone_transfers;
   };
   category default{
      simple_log;
   };
};