Hello, running a root zone mirror like described in RFC 7706 explicit require the service is limited to run on loopback addresses. To use an already existing nsd instance it would be valuable if I could limit queries for a zone by client ip. I didn't found any configuration setting to achieve such restriction. Would the developer/other users consider such a feature valuable as well or do you suggest to really run a separate instance of nsd with an explicit limitation "listen only on loopback"? see "man 5 nsd.conf", section "Zone Options". I search for something like "allow-query: <ip-spec>" or "provide-query: <ip-spec>" Andreas