On 2024/06/19 20:23, Chaz Kettleson wrote:
> Hello,
> 
> This should probably be submitted upstream, but I first noticed on
> OpenBSD. I believe the below diff is the implied intent.

Yes, please send it upstream. It is simpler if we pick it up from
there rather than have to deal with local changes during an update
(especially if they want to make changes to the proposed tlwording).

>  Access control list.  When at least one \fBallow\-query\fR option is
> -specified, then the in the \fBallow\-query\fR options specified addresses
> -are are allowed to query the server for the zone.  Queries from unlisted or
> +specified, then the specified addresses in the \fBallow\-query\fR options
> +are allowed to query the server for the zone.  Queries from unlisted or
>  specifically BLOCKED addresses are discarded. If NOKEY is given no TSIG
>  signature is required.  BLOCKED supersedes other entries, other entries are
>  scanned for a match in the order of the statements. Without
>