I have 2 CentOS servers that are both authoritative DNS for several domains and local resolvers. As configured, they are publicly visible resolvers, which I've known for awhile is not a good thing. whats the appropriate way of configuring the bind on CentOS 5.current to not allow recursion on queries from the public side, but still allow recursion locally? is it as simple as adding allow-recursion{} with the appropriate private subnets and localhost to named.conf ? -- john r pierce 37N 122W somewhere on the middle of the left coast