options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable
	// nameservers, you probably want to use them as forwarders.
	// Uncomment the following block, and insert the addresses replacing
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation no;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
	include "/etc/bind/named.conf.options.local";
#	edns-udp-size 512;
#	max-udp-size 512;
	allow-query-cache {
		127.0.0.1;
		::1;
		# private addr space used in Freifunk, DN42 and Hackint
		fc00::/7;
		fd51:2bb2:fd0d::/64;
		fe80::/10;
		10.0.0.0/8;
		172.16.0.0/12;
		2001:0bf7::/32;
		2001:67c:2d50::/48;
		2a03:2260::/29;
		2a03:2267::/32;
	};
};