diff --git a/bind/files/debian/named.conf.options b/bind/files/debian/named.conf.options
index 7661808..c465724 100644
--- a/bind/files/debian/named.conf.options
+++ b/bind/files/debian/named.conf.options
@@ -17,5 +17,10 @@ options {
         auth-nxdomain no;    # conform to RFC1035
         {% if salt['pillar.get']('bind:config:ipv6', 'False') %}
         listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; };
-        {% endif %}
+        {% endif -%}
+
+        {# Allow inclusion of arbitrary statements -#}
+        {% for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%}
+        {{ statement }} {{ value}}
+        {% endfor -%}
 };
diff --git a/pillar.example b/pillar.example
index cbda55f..9d72ce2 100644
--- a/pillar.example
+++ b/pillar.example
@@ -11,6 +11,8 @@ bind:
     user: root
     group: named
     mode: 640
+    options:
+      allow-recursion: '{ any; };'  # Never include this on a public resolver
 
 bind:
   keys: