Florian Weimer wrote: >> private IP addresses (127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, >> 172.16.0.0/12 and 169.254.0.0/16) > > Filtering 127/8 would break DNSBLs, so you can't really do this. > Sorry; I'm a newbie and don't understand the problem. 1. If I want to install a black list, I'd expect to find it as a configuration option. 2. I don't see any configuration items specifically titled "DNSBL"; closest option seems to be local-data: # You can override certain queries with # local-data: "adserver.example.com A 127.0.0.1" 3. This request simply blocks external replies that resolve to private addresses; how could some external name server legitimately resolve to a 127/8 address within my computer? At any rate, if it is a configuration alternative, the local administrator could determine whether it would be advantageous or problematic. Thank you for considering this!