Do not use query-source, if you not have to.
Define ACL:
acl "lan_ip" { 192.168.200.0/24; 127.0.0.1; };
For multihomed server, define views:
view "lan" {
match-clients { lan_ip; } ;
allow-query { lan_ip; } ;
allow-recursion { lan_ip; };
....
};
view "external" {
match-clients { !lan_ip ; any; } ;
allow-recursion { none; };
allow-query { none; } ;
zone "myzone" IN {
....
allow-query { any ; } ;
}
};
Allow query on particular zone, not globally.