[Samba] Restrict who can query my DNS

[Leonardo Yanes Batista]

Hello everyone, could you help me find a solution to restrict who can check my DNS within my domain?

I have a domain controller with SAMBA4 and as DNS backend I use BIND9.

I would like to be able to define who are the IPs that I want to allow to consult my DNS. I tried the following but I failed to get it 
/etc/bind/named.conf.options 
... 
options { 
allow-query { 
localhost; 
}; 
.... 
} 

In essence, this should allow the domain controller itself to be the only one that has permission to query itself, but when I try to query from a PC in my domain, the DNS keeps responding to my queries. How could I avoid this?