Deny recursive DNS lookups in named (in newer or older versions of BIND)
For security reasons, it's recommended to disable recursive DNS lookups. Here is how:
Find out your named version
named -v
If your BIND version is at least 9.x then insert the following, between options { }:
// Deny recursive lookups
allow-query { any; };
allow-transfer { none; };
allow-recursion { localhost; };
recursion yes;
So it looks like something like this: