options {

	...

	[snip]

	# General
	directory		"/etc/namedb/working";
	pid-file		"/var/run/named.pid";

	auth-nxdomain		no;

	# Cache
	dump-file		"/var/db/named";
	max-cache-size		8m;

	# DNSSEC
	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-enable		yes;
	dnssec-validation	yes;
	dnssec-lookaside	auto;

	random-device		"/dev/urandom";

	[/snip]

	...

};