You might want to bring up your own name servers if you want to use Spamhaus that doesn’t like open resolvers like 1.1.1.1
Steps
Check if the current config is valid
named-checkconf
Then backup current options file as that’s where you’ll store the settings
cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak
You want to have these new bold section when you’re done:
root@server:~# cat /etc/bind/named.conf.options
acl "trusted" {
127.0.0.1;
a.b.c.d/29;
e.f.g.h;
};
options {
...
// allow recursion only for localhost and other select IPs
allow-recursion { trusted; };
allow-query { trusted; };
allow-query-cache { trusted; };
recursion yes;
}
Then
service named restart