> I think we need to stop spread misconfigured named's too. Any
> objections?
I like OpenBSD's way a bit better:
acl clients {
localnets;
::1; 127.0.0.1;
};
options {
allow-recursion { clients; };
};
It's the same as you propose, but also allows hosts on directly
connected networks to query.