You can control which networks/IPs can recursively access this nameserver by 'tweaking' the 'localnet' and 'remote-rec' ACLs
// /etc/named.conf
acl localnet { 192.168.2.0/24; 127.0.0.1; };
acl remote-rec { 1.2.3.4; };
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-recursion { localnet; remote-rec; };
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "caching-example/named.root";
};
zone "localhost" IN {
type master;
file "caching-example/localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "caching-example/named.local";
allow-update { none; };
};