The aim is to restrict a user from executing ls -d command with nslookup. My present configuration that does not work is : acl mynameservers {155.124/16;}; allow-transfer {mynameservers;}; ---------------------------------------- Any advice is welcome (-: Stef.