From: Chaz Kettleson <chaz@pyr3x.com>
Subject: Re: nsd.conf(5) allow-query wording
To: tech@openbsd.org
Date: Thu, 20 Jun 2024 08:21:48 -0400


On Thu, Jun 20, 2024 at 08:08:51AM GMT, Stuart Henderson wrote:
> On 2024/06/19 20:23, Chaz Kettleson wrote:
> > Hello,
> > 
> > This should probably be submitted upstream, but I first noticed on
> > OpenBSD. I believe the below diff is the implied intent.
> 
> Yes, please send it upstream. It is simpler if we pick it up from
> there rather than have to deal with local changes during an update
> (especially if they want to make changes to the proposed tlwording).
> 

Makes sense. Submitted upstream.

> >  Access control list.  When at least one \fBallow\-query\fR option is
> > -specified, then the in the \fBallow\-query\fR options specified addresses
> > -are are allowed to query the server for the zone.  Queries from unlisted or
> > +specified, then the specified addresses in the \fBallow\-query\fR options
> > +are allowed to query the server for the zone.  Queries from unlisted or
> >  specifically BLOCKED addresses are discarded. If NOKEY is given no TSIG
> >  signature is required.  BLOCKED supersedes other entries, other entries are
> >  scanned for a match in the order of the statements. Without
> > 
>