Bind9 DNS question...

[Milleman]

Hi,
My first posting here!

I have installed the Bind9 DNS server into an Ubuntu 8.04 server. I managed to make it work for all the computers that belongs to the same subnet, at a real internet IP subnet (not a private IP like 192 etc). It is also not behind a firewall. I have entered the DNS server IP to all my computers attached to the same subnet. I can now use my private DNS server instead of the one from my ISP.

My question:
Is it possible for my friends out there in cybespace to also use my DNS server by entering its IP their DNS settings?

So far I haven't managed to make it work. If another computer somewhere out there in the cloud is entering the IP of my private DNS server into their internet settings, they are not able to use that server at all. Seems like it is blocked or doesn't allow computers that is not on the same subnet, to use my DNS server. Is there a configuration that I've missed?

[rcgreen]

I need to know more about your subnet. Do you have all of your computers on public IP addresses? What kind of connection
do you have to the internet?

[Milleman]

I got this from a mailing list:

"By default, BIND blocks IP addresses that aren't on a local network
from using it for recursion. Setting up an open DNS server which
permits anyone to use it creates an easy vector for your DNS server to
be used in Denial of Service attacks, so the default is to be
completely closed. It is not recommended to open up your DNS server
to the world. If your friends have static IP addresses (i.e. the IP
addresses of their computers aren't ever changed by their ISP) then
you can allow them in using the 'allow-query' and 'allow-recursion'
options."

The question is: - Where do I put the 'allow-query' and 'allow-recursion'
options? When I made the setup, followed the tutorial at the following page:

How to Setup a DNS Server in Ubuntu

Any clues?
/Mill