Ah, the one extra thing it does, is that it stops your users from doing `dig bad.domain @1.1.1.1` which may be useful, depending on your threat model.
Ah, the one extra thing it does, is that it stops your users from doing `dig bad.domain @1.1.1.1` which may be useful, depending on your threat model.