options {
    forward only;

    forwarders {
        //1.1.1.1 port 53;
    };

    max-cache-ttl 10;
    max-ncache-ttl 10;
    max-cache-size 10M;

    stale-cache-enable yes;
    stale-answer-enable yes;
    max-stale-ttl 120;
    stale-answer-ttl 90;
    stale-answer-client-timeout 0;
    stale-refresh-time 40;

    // needed for bind9.16
    dnssec-validation no;

    max-udp-size 1232;
    edns-udp-size 1232;

    minimal-responses yes;

    listen-on port 1053 { 2.2.2.2; };
    listen-on-v6 port 1053 { none; };

    allow-query { any; };

    query-source 3.3.3.3;

    dscp 0;

    // version statement - inhibited for security
    // (avoids hacking any known weaknesses)
    version "not available";

    // disable all zone transfer requests
    allow-transfer{"none";};

    recursion yes;

    statistics-file "/var/named/named.stats";
    directory "/var/cache/bind";
    zone-statistics yes;
    resolver-retry-interval 800;
};

logging {
    channel container_stderr {
        stderr;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
    category default { container_stderr; };
    category unmatched { null; };
    // Add these for stale cache
    category resolver { container_stderr; };
    category serve-stale { container_stderr; };
};

// rdnc enabled
key "rndc-key" {
        algorithm hmac-md5;
        secret "testtest";
};

controls {
        inet 127.0.0.1 port 1053
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

statistics-channels {
    inet 127.0.0.1 port 1053 allow { 127.0.0.1; };
};

// test zone for internal health checker
zone "dnsproxy.health.test" in {
    type master;
    file "/usr/bind9_configurator/config/dnsproxy_health.rev";
    allow-update { none; };
};

// disabling EDNS
server ::/0 {
    edns no;
};
server 0.0.0.0/0 {
    edns no;
};

server 1.1.1.1 {
    query-source 3.3.3.3;
};