Hi, I'd really appreciate some help on this. I thought this was working when testing, but today when rolling it into production it fails me. I have internal and external views in named.conf The goal is to allow everyone (in and out) to query my domain, but allow only internal users to query the outside world. We had this working before in Redhat 5, but something has changed and it isn't working for RH 6. The strange thing is, I can do queries of the outside OK from the DNS server, or from systems on the same subnet. The ones I want to let use the view, seem to match the view, but are blocked: Dec 20 10:14:58 sedna named[7574]: 20-Dec-2012 10:14:58.759 security: info: client XXX.YYY.200.66#55286: view internal: query (cache) '<a href="http://onmail.com/MX/IN">onmail.com/MX/IN</a>' denied acl "local_lan" { XXX.YYY.0.0/16; 127.0.0.1; }; view "internal" { /* This view will contain zones you want to serve only to "internal" clients that connect via your directly attached LAN interfaces - "localnets" . */ match-clients { local_lan; XXX.YYY.1.3; }; match-destinations { any; }; recursion yes; additional-from-auth yes; additional-from-cache yes; empty-zones-enable yes; notify yes; allow-transfer { adcs; XXX.YYYY.1.3; }; also-notify { XXX.YYY.200.67; XXX.YYY.200.66; XXX.YYY.1.3;}; // all views must contain the root hints zone: include "/etc/named.root.hints"; include "/etc/named.rfc1912.zones"; zone "<a href="http://mydomain.ca">mydomain.ca</a>" in { type master; file "forward/<a href="http://mydomain.ca">mydomain.ca</a>"; }; zone "XXX.YYY.in-addr.arpa" in { type master; file "reverse/db.XXX.YYY.rev"; }; }; I've changed the first digits of my network IPs to XXX.YYY. The DNS system is on XXX.YYY.2.48, and systems on subnet 2 can query it OK. Other systems which should fall in the /16 network are not able to query. It seems like there is something about Bind 9.8 I'm missing. Running BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5