options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";

        recursion yes;

        allow-recursion {
                127.0.0.1;
                10.10.10.0/24;
                172.31.10.0/24;
                10.20.8.0/24;
        };

        // these are the opendns servers (optional)
        forwarders {
                10.20.2.10;
        };
        dnssec-validation no;
        listen-on {
                127.0.0.1;
                {{ new_ip }};
        };


        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address *;

        // so people can't try to guess what version you're running
        version "REFUSED";
        allow-query { any; };
//        allow-query {
//                127.0.0.1;
//                10.10.10.0/24;
//                172.31.10.0/24;
//                10.20.8.0/24;
//	};
};

zone "stage-ge.org" IN {
        type master;
        file "data/stage-ge.org.zone";
        allow-update { none; };
        };

// Reverse lookups
zone "{{ reverse_zone }}.IN-ADDR.ARPA" {
	type master;
	file "data/stage_ge_org.rev";
};