diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp
index 31d6845972..379f812923 100644
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@@ -667,7 +667,17 @@ void DomainServerSettingsManager::processNodeKickRequestPacket(QSharedPointer<Re
                     auto& kickAddress = matchingNode->getActiveSocket()
                         ? matchingNode->getActiveSocket()->getAddress()
                         : matchingNode->getPublicSocket().getAddress();
-
+                    
+                    // probably isLoopback covers it, as whenever I try to ban an agent on same machine as the domain-server
+                    // it is always 127.0.0.1, but looking at the public and local addresses just to be sure
+                    // TODO: soon we will have feedback (in the form of a message to the client) after we kick.  When we
+                    // do, we will have a success flag, and perhaps a reason for failure.  For now, just don't do it.  
+                    if (kickAddress == limitedNodeList->getPublicSockAddr().getAddress() ||
+                        kickAddress == limitedNodeList->getLocalSockAddr().getAddress() ||
+                        kickAddress.isLoopback() ) {
+                        qWarning() << "attempt to kick node running on same machine as domain server, ignoring KickRequest";
+                        return;
+                    }
                     NodePermissionsKey ipAddressKey(kickAddress.toString(), QUuid());
 
                     // check if there were already permissions for the IP