I have a problem with implementing an ACL that restricts recursive
queries. If I allow recursive queries from any networks all is OK, if I
try to restrict it to certain networks I can see in the logs that
recursion is refused for queries from legitimate IP address.

12-Jan-2005 10:54:33.238 security: notice: denied recursion for query
from [62.244.x.x].12422 for www.ishop.co.uk IN

Can anyone see anything wrong with the configuration below?

I am running bind 8.4.4.

This is OK:

acl our-nets { any; };
allow-recursion { our-nets; };

This seems to cause the problems:

acl our-nets { localhost;;;
allow-recursion { our-nets; };

I have the ACLs in an include file, which is included at the beginning
of named.conf before the options directive.