Limit recursive lookups using BIND (named.conf)?

[sciulli]

Has anyone done this yet? I've read a guide at http://www.cymru.com/Documents/secur...-template.html

But being totally new to VPS I didn't know exactly how to implement this without breaking something. I want to ensure I do everything properly before moving my primary site from my old host to my new VPS.

My biggest concern is overall security. I've implemented *most* of the security settings outlined in http://www.jaguarpc.com/forums/showthread.php?t=13646 (or at least those that I could understand).

[sciulli]

Would this be a fairly safe entry within the options section?

// Prevent DoS attacks by generating bogus zone transfer
// requests. This will result in slower updates to the
// slave servers (e.g. they will await the poll interval
// before checking for updates).
notify no;

// Generate more efficient zone transfers. This will place
// multiple DNS records in a DNS message, instead of one per
// DNS message.
transfer-format many-answers;

allow-recursion { 127.0.0.1; 69.73.130.223; 69.73.132.223;};