Any info on whether the newly announced bug can be triggered before the query ACL is applied on a recursive only server? An authoritative only server ought to be safe? Cheers C