named.conf

options {
        directory       "/var/tmp";
        allow-transfer { localhost; }; // Useful for testing.
        recursion no;

// Return a fake string for the version number. (not real security, but fun)
        version "Colorless green ideas sleep furiously";
};

key "rndc-key" {
	algorithm hmac-md5;
	secret "_RNDC_SECRET_GOES_HERE_";
};

controls {
	inet 127.0.0.1 port 953
		allow { 127.0.0.1; } keys { "rndc-key"; };
};


// TSIG shared secret - replace 'INSERT-GENERATED-SECRET-HERE' with one generated by:
// dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST
// The shared secret must match that configured on the master DNS server you are transfering zones from.
key key-name1 {
	algorithm hmac-sha512;
	secret "INSERT-GENERATED-SECRET-HERE"; 
};

// The server to pull zone transfers from.
server 123.123.123.123 { 
	keys {key-name1;};  //The key name configured above.
};

// Logging
logging {
        channel default_debug {
                file "/var/log/bind/named.log";
                severity dynamic;
        };
};

// Zones from here down
// Follow the template below to add zones.

//Slave (either with or without DNSSEC):
//zone "FQDN" {
//      type slave;
//      notify no;  // These is no need for slaves to send out notifies.
//      masters { SERVERIP; };  //Add the IP of the master server. Transaction signatures (TSIG) should be setup for the server above.
//      file "/var/named/zones/slave/FQDN"; //BIND will pull the zone from the master and put it here.
//};

// E.g.:
zone "example.com" {
      type slave;
      notify no;
      masters { 123.123.123.123; };
      file "/var/named/zones/slave/example.com";
};