The final tab is Access Lists, which enables you to allow or deny access to your network's DNS servers for specified blocks of network addresses (known as netblocks). This can be useful if you need to grant access to them for remote users (such as users connecting through a VPN), or to deny access to certain local netblocks. You can add an access list entry by clicking on the green +Add down button and to the right of the access list table.

The first option is the Access List name, in which you can specify a name for the access list. The next option is the Action drop-down box, in which you can specify what to do with DNS queries that originate on the netblock defined by this access list entry. The options are as follows:

• Deny: Stops queries from the defined netblock. Queries are dropped silently.
• Refuse: Stops queries from the defined netblock. Instead of dropping the query silently, it sends back a DNS rcode REFUSED.
• Allow: Allows queries from hosts within the defined netblock.
• Allow Snoop: Similar to Allow, but allows both recursive and non-recursive access from hosts within the defined netblock. This should only be configured for the administrator for such uses as troubleshooting.

The Description field allows you to enter a (non-parsed) description. Finally, the Networks field is where you enter the netblock (subnet) on which the access list takes effect. You must also select the CIDR of the subnet in the adjacent drop-down box. To the right, you can enter a description of this netblock. You can add the newly defined access list by pressing the green Add Network button at the bottom of the page.