Setup bind to resolve local dns request and not recursive

So, I want to allow programs on my server to ask my copy of BIND to perform recursive queries, but I don’t want it performing them for anyone else. How did I configure that? It’s very simple–it only takes a line in each of two configuration files. First, my resolv.conf file contains this line:

nameserver 127.0.0.1

That means that programs on my server should send DNS queries to the DNS server at IP address 127.0.0.1 (which as you may know is the “localhost” address–on every computer, it’s an IP address used by that computer). That line was already there, so I didn’t have to change that.

Second, I added one line to named.conf. The “allow-recursion” line in the “options” section specifies which IP addresses can request recursive queries from this server.

options {
allow-recursion { 127.0.0.1/32; };
// etc.
};

This means that recursive DNS requests coming from 127.0.0.1 (with all 32 bits being significant) are allowed. All other recursive requests are blocked.