key "rndckey" {
        algorithm       hmac-md5;
        secret          "$DAS_ERZEUGTE_SECRET";
};

# The controls clause is used to define access information and controls when using remote
# administration services, for example, the rndc utility.
controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";

        recursion yes;

        allow-recursion {
                127.0.0.1;
                192.168.10.0/24;
                };

        // forwarders (in this example: opendns) are optional on a caching DNS Server
        // forwarders {
        //         208.67.222.222;
        //         208.67.220.220;
        // };

        listen-on {
                127.0.0.1;
                192.168.10.250;
                };

        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address * port 53;

        version "REFUSED";

        allow-query {
                127.0.0.1;
                192.168.10.0/24;
                };
        };

server 127.0.0.1 {
        keys { rndckey; };
        };

zone "." IN {
        type hint;
        file "named.root";
        };