options {
    directory "/var/cache/bind";
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    allow-query { any; };
    
    // Enable recursion for LAN clients
    recursion yes;
    allow-recursion { 127.0.0.0/8; 192.168.0.0/16; 172.16.0.0/12; 10.0.0.0/8; };
    
    // Forward external queries to upstream DNS
    forwarders {
        9.9.9.9;        // Quad9 (threat-blocking)
        149.112.112.112; // Quad9 secondary
        1.1.1.1;        // Cloudflare
    };
    forward only;
    
    allow-transfer { none; };
    pid-file "/var/run/named/named.pid";
    
    // Security
    dnssec-validation auto;
    
    // Rate limiting (DDoS protection)
    rate-limit {
        responses-per-second 10;
        window 5;
    };
    response-policy { zone "rpz.vortex"; };
};

// Authoritative zone - secubox.in

include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.logging";
// Authoritative zone - secubox.in
zone "secubox.in" {
    type master;
    file "/etc/bind/zones/secubox.in.zone";
    allow-query { any; };
    allow-transfer { 217.70.177.40; };  // ns6.gandi.net
    also-notify { 217.70.177.40; };
    notify yes;
};
include "/etc/bind/named.conf.vortex";
include "/etc/bind/named.conf.zones";