acl my_net { 
    192.168.2.0/24;
    127.0.0.0/24;
    10.5.0.0/16;
};

acl my_other_net {
    172.0.0.0/8;
};

options {
        directory "/var/cache/bind";
        listen-on { any; };
        listen-on-v6 { none; };

        auth-nxdomain no;    # conform to RFC1035

        allow-recursion {
                my_net;
        };
        blackhole {
                my_other_net;
        };
        allow-transfer {
                none;
        };
        allow-update {
                none;
        };
        dnssec-validation no;
        recursion yes;
        allow-query-cache { any; };
        version "not available"; // Disable for security

        # disable the integrated handling of RFC1918 and non-assigned IPv6 space reverse dns
        empty-zones-enable no;

};

// the loopback reverse zone
// why is this needed?
// - when a reverse DNS lookup for 127.0.0.1 address is received,
// the recursive server doesn’t have to look somewhere else for 
// the answer. It has to be defined locally 
// since it is just a localhost address 
zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "." {
  type forward;
  forward only;
  forwarders { 10.5.0.4; };
};