7.6.1 Problem
You want to configure an "authoritative-only" or nonrecursive name server.
7.6.2 Solution
Disable recursion with the recursion options substatement:
options { directory "/var/named"; recursion no; };
If the name server isn't already configured as authoritative for one or more zones, add zone statements to named.conf, too.
7.6.3 Discussion
Since "authoritative-only" isn't a standard term (nor is "nonrecursive," really), a few words of explanation are in order. A nonrecursive or authoritative-only name server is one that only answers nonrecursive queries from remote name servers. It can't directly serve resolvers, since all resolvers send recursive queries by default, but you can delegate zones to it, and it's nearly invulnerable to spoofing attacks, since it normally doesn't send queries. It's also more resistant to denial of service attacks, since it doesn't process resource-intensive recursive queries.
For completeness, you may also want to disable glue fetching on BIND 8 name servers:
options { directory "/var/named"; recursion no; fetch-glue no; };
This step prevents the name server from sending queries to look up A records for name servers that appear in NS records. That, together with disabling recursion, makes the name server completely passive. It may prevent NOTIFY from working correctly, though, since the name server won't look up the addresses of name servers outside of the zones it's authoritative for. In that case, use Section 3.14 to configure the name server to send NOTIFY messages to the slaves explicitly.
Remember to limit concurrent zone transfers (Section 5.17) and accept only authorized zone transfer requests (Section 7.11) if the name server acts as a master.
7.6.4 See Also
Section 3.14, for explicit NOTIFY configuration; Section 5.17, to limit concurrent zone transfers; and Section 7.11, for adding zone transfer restrictions.
Getting Started
Zone Data
BIND Name Server Configuration
Electronic Mail
BIND Name Server Operations
Delegation and Registration
Security
Interoperability and Upgrading
Resolvers and Programming
Logging and Troubleshooting
IPv6