diff --git a/README.md b/README.md
index 76237a4..79ec7a3 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,8 @@ None
 
  * `bind_role` - the role `master` or `slave`, don't generate dnssec key on `slave`
  * `bind_zones` - the dns zones
+ * `bind_listen_ipv4` - enable or disable ip v4 support (default: true)
+ * `bind_listen_ipv6` - enable or disable ip v6 support (default: true)
 
 ## How to use
 
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..e8dbf6b
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+bind_listen_ipv4: true
+bind_listen_ipv6: true
diff --git a/spec/bind.rb b/spec/bind.rb
index b632118..ce130ce 100644
--- a/spec/bind.rb
+++ b/spec/bind.rb
@@ -32,6 +32,15 @@ describe file('/etc/bind/named.conf.local') do
   it { should contain '4.2.2.4' }
 end
 
+describe file('/etc/bind/named.conf.options') do
+  it { should be_file }
+  it { should be_mode 644 }
+  it { should be_owned_by 'root' }
+  it { should be_grouped_into 'root' }
+  it { should contain 'listen-on { any; };' }
+  it { should contain 'listen-on-v6 { none; };' }
+end
+
 describe port(53) do
   it { should be_listening.with('tcp') }
   it { should be_listening.with('udp') }
diff --git a/templates/named.conf.options.j2 b/templates/named.conf.options.j2
index e8c6873..4ef0b97 100644
--- a/templates/named.conf.options.j2
+++ b/templates/named.conf.options.j2
@@ -8,8 +8,8 @@ options {
 	dnssec-lookaside auto;
 
 	auth-nxdomain no;    # conform to RFC1035
-	listen-on { any; };
-	listen-on-v6 { none; };
+	listen-on { {% if bind_listen_ipv4 %}any{% else %}none{% endif %}; };
+	listen-on-v6 { {% if bind_listen_ipv6 %}any{% else %}none{% endif %}; };
 
 	version none;
 };
diff --git a/tests/bind.yml b/tests/bind.yml
index 35619d5..d6cd148 100644
--- a/tests/bind.yml
+++ b/tests/bind.yml
@@ -1,6 +1,7 @@
 - hosts: localhost
   connection: local
   vars:
+    bind_listen_ipv6: false
     bind_role: master
     bind_zones:
       test.local: