acl internal-network {
        10.0.0.0/8;
        192.168.0.0/16;
        172.16.0.0/12;
        157.15.82.0/23;
};



options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable 
        // nameservers, you probably want to use them as forwarders.  
        // Uncomment the following block, and insert the addresses replacing 
        // the all-0's placeholder.
        allow-query     { localhost; internal-network; };
        allow-transfer { localhost;  };
        response-policy { zone "trustpositifkominfo" policy cname dnssehat.8bit.net.id; };
        allow-recursion { internal-network; localhost;};

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;
};

        zone "trustpositifkominfo" IN {
        type slave;
        masters { 103.148.44.44;  103.154.123.130; 139.255.196.202; 103.148.45.45; };
        file "/etc/bind/slaves/db.rpz";
};
        zone "rpz.zone" IN {
        type master;
        file "/etc/bind/db.rpz";
};