From 04588f0c18021a3a763dda7203d43eaefa30dfc5 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 27 Apr 2020 00:42:22 +0200
Subject: [PATCH] [bind] Configure transfert and hide version

---
 .../templates/bind/named.conf.options.j2                 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/bind-authoritative/templates/bind/named.conf.options.j2 b/roles/bind-authoritative/templates/bind/named.conf.options.j2
index 1b0c09ac..8ebc5935 100644
--- a/roles/bind-authoritative/templates/bind/named.conf.options.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.options.j2
@@ -23,4 +23,13 @@ options {
 	dnssec-validation auto;
 
 	listen-on-v6 { any; };
+
+	// Disable recursion on authoritative DNS server
+	recursion no;
+
+	// Disallow zone transfert by default
+	allow-transfer { none; };
+
+	// Hide version from clients
+	version "not currently available";
 };