diff --git a/dns/bind/Makefile b/dns/bind/Makefile
index 48b788c2a..0407be82f 100644
--- a/dns/bind/Makefile
+++ b/dns/bind/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		bind
-PLUGIN_VERSION=		1.14
+PLUGIN_VERSION=		1.15
 PLUGIN_COMMENT=		BIND domain name service
 PLUGIN_DEPENDS=		bind916
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
diff --git a/dns/bind/pkg-descr b/dns/bind/pkg-descr
index 4c59d1e86..02fed8ac0 100644
--- a/dns/bind/pkg-descr
+++ b/dns/bind/pkg-descr
@@ -8,6 +8,10 @@ necessary for asking and answering name service questions.
 Plugin Changelog
 ================
 
+1.15
+
+* Add support for "Transfer Source [IP|IPv6]" options
+
 1.14
 
 * Reject built-in ACL names
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
index 6b52705ab..1889a6a47 100644
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@@ -33,6 +33,20 @@
         <type>text</type>
         <help>Set the port the service should listen to.</help>
     </field>
+    <field>
+        <id>general.transfersource</id>
+        <label>Transfer Source IP</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>Specify the IPv4 address used as a source for zone transfers.</help>
+    </field>
+    <field>
+        <id>general.transfersourcev6</id>
+        <label>Transfer Source IPv6</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>This determines which local address is bound to IPv6 TCP connections used to fetch zones transferred inbound by the server.</help>
+    </field>
     <field>
         <id>general.forwarders</id>
         <label>DNS Forwarders</label>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
index 2411472f1..1d0dc3c7f 100644
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@@ -27,6 +27,16 @@
             <Required>Y</Required>
             <asList>Y</asList>
         </listenv6>
+        <transfersource type="NetworkField">
+            <Required>N</Required>
+            <AddressFamily>ipv4</AddressFamily>
+            <NetMaskAllowed>N</NetMaskAllowed>
+        </transfersource>
+        <transfersourcev6 type="NetworkField">
+            <Required>N</Required>
+            <AddressFamily>ipv6</AddressFamily>
+            <NetMaskAllowed>N</NetMaskAllowed>
+        </transfersourcev6>
         <port type="PortField">
             <default>53530</default>
             <Required>Y</Required>
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
index 1a8de537a..7196cf2c2 100644
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@@ -15,16 +15,24 @@ options {
         dump-file       "/var/dump/named_dump.db";
         statistics-file "/var/stats/named.stats";
 
-{% if helpers.exists('OPNsense.bind.general.listenv4') and OPNsense.bind.general.listenv4 != '' %} {% if helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
+{% if helpers.exists('OPNsense.bind.general.listenv4') and OPNsense.bind.general.listenv4 != '' and helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
         listen-on port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv4.replace(',', '; ') }}; };
-{% endif %}{% endif %}
-{% if helpers.exists('OPNsense.bind.general.listenv6') and OPNsense.bind.general.listenv6 != '' %} {% if helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
+{% endif %}
+{% if helpers.exists('OPNsense.bind.general.listenv6') and OPNsense.bind.general.listenv6 != '' and helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
         listen-on-v6 port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv6.replace(',', '; ') }}; };
-{% endif %}{% endif %}
+{% endif -%}
+
+{% if helpers.exists('OPNsense.bind.general.transfersource') and OPNsense.bind.general.transfersource != '' %}
+        transfer-source {{ OPNsense.bind.general.transfersource }};
+{% endif -%}
+
+{% if helpers.exists('OPNsense.bind.general.transfersourcev6') and OPNsense.bind.general.transfersourcev6 != '' %}
+        transfer-source-v6 {{ OPNsense.bind.general.transfersourcev6 }};
+{% endif -%}
 
 {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
         forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
-{% endif %}
+{% endif -%}
 
 {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
         response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} };