K. Bins wrote:
> Randy,
>
> ra...@psg.com (Randy Bush) wrote:
>
> > can i use an acl{} or other macro in `also-notify`? i have a bunch of
> > zones where i want the same `also-notify` list.
>
> Been running into the same issue and tried to find out. My master lists
&g
Randy,
ra...@psg.com (Randy Bush) wrote:
> can i use an acl{} or other macro in `also-notify`? i have a bunch of
> zones where i want the same `also-notify` list.
Been running into the same issue and tried to find out. My master lists and acls
are identical as yours seem to be. I've bee
have spent a bit searching but no result. so ...
can i use an acl{} or other macro in `also-notify`? i have a bunch of
zones where i want the same `also-notify` list.
thanks
randy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
On 11/10/2021 6:25 AM, Giddings, Bret wrote:
Is there any other facility for including effectively the same grant
statements within multiple zones?
I am not aware of any
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Hello,
I want to use the same update-policy grant statements multiple times in
different zones and would therefore prefer to use something like an ACL.
It doesn’t appear to be the case that you can create something like
acl “FOO” {
grant EXAMPLE.COM krb5-self . A ;
grant * tcp-self . PTR(1
; The ECS option is still supported in dig and mdig
>> via the +subnet option, and can be parsed and logged
>> when received by named, but it is no longer used
>> for ACL processing. The "
) the ECS to you, that
works great, but the plumbing into the acl is what is needed to serve up
a separate view by source client.
Being realistic, this is not a large deployment, if it's an edge case
then it is surely not worth anyone's time to add support back in.
Thank you again
On Thu, Sep 02, 2021 at 02:26:59PM -0400, Ryan McGuire wrote:
> Thank you, in my searching I failed to come across that.
>
> Do you know if it's been replaced by something more "practical to
> deploy"? I found some discussion regarding support for "The PROXY
> Protocol"
oy) has been removed.
The ECS option is still supported in dig and mdig
via the +subnet option, and can be parsed and logged
when received by named, but it is no longer used
for ACL processing. The &q
The ECS option is still supported in dig and mdig
via the +subnet option, and can be parsed and logged
when received by named, but it is no longer used
for ACL processing. The "geoip-use-ecs" option
.
-Ryan
On 9/2/21 10:06 AM, Ryan McGuire wrote:
I'm setting ECS in dnsdist in hopes of using it in an ACL to choose a
view. The views are working well, and the ECS is read by bind9 (see
log below), but I can't seem to find a syntax for adding an ecs entry
into an acl. Here is what I've tried
I'm setting ECS in dnsdist in hopes of using it in an ACL to choose a
view. The views are working well, and the ECS is read by bind9 (see log
below), but I can't seem to find a syntax for adding an ecs entry into
an acl. Here is what I've tried:
acl "filtered" {
192.168.0.90;
19
On Sun, Apr 25, 2021 at 01:47:31PM +0530, Sachchidanand Upadhyay via bind-users
wrote:
> I am using geoip based ACL to restrict traffic. Now I want to allow all
> country traffic except two or three, like i want to allow all traffic
> except country A, B and C.
>
> Can anyone
Hi,
I am using geoip based ACL to restrict traffic. Now I want to allow all country
traffic except two or three, like i want to allow all traffic except country A,
B and C.
Can anyone give an example to achieve the same?
BR,
Sachchidanand
On Thu, Apr 15, 2021 at 03:35:38PM +0800, Zhengyu Pan wrote:
> I want to implement intelligent DNS through bind9. I need to add a custom
> line(IP address ranges) to bind9 using acl and view when add a user.
> Because when add a tenant, i need to define a new acl and view. I don't
> wa
>do you mean, the same domains with different content, depending on clients'
>IPs? That's common multiple-view setup
>(nothing special or intelligent).
Yes, I will create a view and acl for every client. Because every client has
the unique IP address.
>Why? Do you have that
Ps?
Maybe they could use local DNS server talking to your DNS server using TSIG,
and instead of IPs you'd define TSIG keys.
So i want to know whether have commands or API to add acl and view like the command "rndc
addacl" or "rndc addview"?
I'm afraid for now there's no way
The views and ACLS
are added frequently.
So i want to know whether have commands or API to add acl and view like the
command "rndc addacl" or "rndc addview"?
Updating config file frequently may affect other zones in this dns server.
At 2021-04-15 15:08:26, "Matus UHLAR - f
On 15.04.21 15:35, Zhengyu Pan wrote:
I want to implement intelligent DNS through bind9.
I need to add a custom line(IP address ranges) to bind9 using acl and view
when add a user. Because when add a tenant, i need to define a new acl
and view. I don't want to update named.conf config file
Hi,
I want to implement intelligent DNS through bind9. I need to add a custom
line(IP address ranges) to bind9 using acl and view when add a user. Because
when add a tenant, i need to define a new acl and view. I don't want to update
named.conf config file frequently.
Does bind9 support
You use the "ecs" key word like this.
acl example { ecs 10.0.0.0/8; };
view ecs-net-10-only {
match-clients { example; };
};
Also using colour or fonts is not a good way to highlight
what
query was
> received, enabling
> authoritative servers to give different answers to the same resolver for
> different resolver clients.
>
>
>
> *An ACL containing an element of the form ecs prefix will match if a
> request arrives in containing*
> *an ECS option encoding a
for
different resolver clients.
An ACL containing an element of the form ecs prefix will match if a request
arrives in containing
an ECS option encoding an address within that prefix. If the request has no ECS
option,
then "ecs" elements are simply ignored. Address
On 8 October 2016 at 09:57, Pol Hallen <bin...@fuckaround.org> wrote:
> 192.168.1/24 is not a valid netmask
>>
>
> huh?
> In linux and BSD I always use 192.168.1/24 (how shortcut of 192.168.1.0/24)
> and so on...
You're confusing network configuration with ACL
And don't forget the copious comments in named.conf, so that your successor can
easily see, at a glance, what start/end addresses those clusters of ACL
elements represent.
sure! :-)
thanks
Pol
___
Please visit https://lists.isc.org/mailman
And don't forget the copious comments in named.conf, so that your successor can
easily see, at a glance, what start/end addresses those clusters of ACL
elements represent.
- Kevin
-Original Message
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I
think you want:
acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; }
acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26;
192.168.1.192/29; }
thanks guys
? :-)
- Kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Pol
Hallen
Sent: Monday, October 17, 2016 2:37 PM
To: bind-users@lists.isc.org
Subject: defines ip to acl
Hello all :-)
I need to setup 2 kind
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I
think you want:
acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; }
acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26;
192.168.1.192/29; }
On 2016-10-17, 13:41, "bind-
Hello all :-)
I need to setup 2 kind of acl on same network, ie:
ip from 192.168.1.1 to 192.168.1.99 belongs to acl1
and ip from 192.168.1.100 to 192.168.1.199 to acl2
acl net1 { 192.168.1.1-99/24 };
acl net1 { 192.168.1.99-199/24 };
what's the correct way? I didn't find nothing :-/
thanks
I think what you are looking for is:
acl test0 { !192.168.1.50/32; 192.168.1.0/24; };
http://jodies.de/ipcalc is a good resource for checking. (As was mentioned
by Reindl...)
Learning basic sub-netting of IP addresses (Both IPv4 and IPv6) takes time
but it's necessary for DNS configuration
On 8 October 2016 at 14:14, Pol Hallen <bin...@fuckaround.org> wrote:
> acl test0 { !192.168.1.50/24; 192.168.1/24;};
acl test0 { !192.168.1.50; 192.168.1.0/24;};
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
192.168.1/24 is not a valid netmask
huh?
In linux and BSD I always use 192.168.1/24 (how shortcut of
192.168.1.0/24) and so on...
hint: using /24 everywhere is nonsense
why?
My goal is allow 192.168.1.0/24 (net) and deny 192.168.1.50 (host)
thanks
Pol
Am 08.10.2016 um 15:14 schrieb Pol Hallen:
Hi all :-)
can someone advice me about a fully howto / handbook to understand ACL?
I need to permit all network 192.168.1/24 and deny 192.168.1.50/24 host:
acl test0 { !192.168.1.50/24; 192.168.1/24;};
192.168.1/24 is not a valid netmask
Hi all :-)
can someone advice me about a fully howto / handbook to understand ACL?
I need to permit all network 192.168.1/24 and deny 192.168.1.50/24 host:
acl test0 { !192.168.1.50/24; 192.168.1/24;};
thanks for help!
Pol
___
Please visit https
On Tue, Apr 26, 2016 at 10:22 AM, Ali Jawad <alijaw...@gmail.com> wrote:
> Hi Bob
> I did have a look at
> http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger ,
> and while in theory it can be used in a way similar to ACL I cant see how
> it accommodat
Hi Bob
I did have a look at
http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger , and
while in theory it can be used in a way similar to ACL I cant see how it
accommodates for faster changes, would you please elaborate ?
On Tue, Apr 26, 2016 at 4:46 PM, Bob Harold <rh
> > either public or private zone,
>
> Rather than the tool writing an ACL for bind, can the tool instead
> reconfigure the user's local workstation dns settings to point to one of
> two different (sets of) bind servers? One serves the public zone, one
> serves the private zone.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-04-25 at 23:23 +0300, Ali Jawad wrote:
> based on a user tool the users "hundreds in corporate environment" get
> either public or private zone,
Rather than the tool writing an ACL for bind, can the tool instead
reconf
On 25/04/16 22:23, Ali Jawad wrote:
Hi Ali Jawad,
> I do have a very specific requirement for private/public zones and based on
> a user tool the users "hundreds in corporate environment" get either public
> or private zone, the tool simply writes to an ACL file, my problem
Hi
I do have a very specific requirement for private/public zones and based on
a user tool the users "hundreds in corporate environment" get either public
or private zone, the tool simply writes to an ACL file, my problem is that
the only way I found that does not flush the cache of
On Mon, Feb 29, 2016 at 04:11:03PM -0500, Alan Clegg wrote:
> Would also be cool to have a meta-zone or type (overlay similar to RPZ
> perhaps?) that could be used to configure DNS options.
>
> Then your existing DNS tools could act as your management interface.
Stay tuned for 9.11, which will
On 2/29/16, 4:04 PM, "/dev/rob0" wrote:
>On Mon, Feb 29, 2016 at 11:18:33AM +0200, Ali Jawad wrote:
>> Is there a mature/tested method of loading ACLs through a DB query
>> instead of editing the config file or reading/writing into a
Hi
Is there a mature/tested method of loading ACLs through a DB query instead
of editing the config file or reading/writing into a text file ?
Regards
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
).
- Kevin
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of MURTARI, JOHN
Sent: Tuesday, August 04, 2015 4:19 PM
To: bind-users@lists.isc.org
Subject: Negation in view match-clients ACL
and a default ACL
- Each ACL has its own zone file , users get served based on Geo
location. If the users are not part of any geo location they are
served the
default ACL and zone files.
- For a few hundred users I want to asign their IPs to specific Geo
locations even
different. Here is my scenario and I would
appreciate
if you could advice me.
- I do have 6 different Geo ACLs and a default ACL
- Each ACL has its own zone file , users get served based on Geo
location. If the users are not part of any geo location they are
served
Hi Matt,
in my understanding, rndc reload zone in view reloads the zone
file only, not the configuration where the matched-clients { }
statement is listed. So, you'll have to run a full config reload if you
change the matched-clients { } list.
I just wonder why you want to move a client's ip
I'm running BIND 9.9.5-3 on Ubuntu 14.04.1.
I'm trying to figure out how to change the match-clients prefixes in a view
without having to restart BIND or do full config reload. My actual BIND
config has many views and restarts can take several minutes.
Here is my simple test set up.
recommend using acl statements:
#v+
# here I am naming each component network
# (use names that make sense to you)
acl net-57-0 { 204.57.0.0/24; };
acl net-57-5 { 204.57.5.0/24; };
acl net-216-55-18 { 216.55.18.0/24; };
# and then I build the composite networks per view
acl view1 { net-57-0; net-57
Hi Robert,
Thanks for the reply.
I also should have mentioned that this is for an authoritative DNS setup.
I'm evaluating different DNS options to support CDN-like testbed where, due
to Internet path changes/outages, I would ideally like the ability to
rapidly change where particular clients are
On Jan 29, 2014, at 7:45 AM, Pika.Aman a...@thingsto.me wrote:
Hi there,
I would like to ask if there exists any way to dynamic update the ip
addresses in the list of the ACL clause without reload or re-start the bind
server? Hoping someone can help me! Thank you!!
You could put
On 29.01.14 14:45, Pika.Aman wrote:
I would like to ask if there exists any way to dynamic update the ip
addresses in the list of the ACL clause without reload or re-start the
bind server? Hoping someone can help me! Thank you!!
No, the dynamic configuration like this is not supported
Hi there,
I would like to ask if there exists any way to dynamic update the ip addresses
in the list of the ACL clause without reload or re-start the bind server?
Hoping someone can help me! Thank you!!
--
Pika Aman
Sent with Sparrow (http://www.sparrowmailapp.com/?sig
Augie,
On Monday, 2013-02-04 19:01:38 -0600,
Jeremy C. Reed jr...@isc.org wrote:
On Mon, 4 Feb 2013, Augie Schwer wrote:
Does anyone have any experience using a large ( 1k ) entry ACL list?
Was there any performance degradation?
I haven't implemented my ACL yet, but it has quickly
Does anyone have any experience using a large ( 1k ) entry ACL list?
Was there any performance degradation?
I haven't implemented my ACL yet, but it has quickly ballooned up, and I am
hoping to get some advice from others in a similar situation.
--
Augie Schwer-au...@schwer.us
On Mon, 4 Feb 2013, Augie Schwer wrote:
Does anyone have any experience using a large ( 1k ) entry ACL list?
Was there any performance degradation?
I haven't implemented my ACL yet, but it has quickly ballooned up, and I am
hoping to get some advice from others in a similar situation
to named.conf but only allow
certain IP addresses to issue queries against it.
I'm not very familiar with the concept of views but I wonder if the
match-client statement might be the way to go. Alternatively we can
setup an external ACL (or firewall statement) that only allows queries
I'm not very familiar with the concept of views but I wonder if the
match-client statement might be the way to go.
It sounds like the one you're interested in is match-destinations
actually.
options {
listen-on port 53 { 128.83.185.40; 128.83.185.41; NATIVE IP; };
...
On 30/08/12 03:19, GS Bryan wrote:
My BIND version, as shown by 'named -v' is BIND
9.9.1-P1-RedHat-9.9.1-2.P1.el6.
'named-checkconf /etc/named.conf' doesn't throw any error messages whatsoever.
--
Bryan S.G.
You're correct - named-checkconf doesn't see the problem, but named
errors
On 30/08/12 03:17, GS Bryan wrote:
hmm... that explains it.
Damn, DNSMadeEasy needs to have notify notices sent to a different IP
set than their nameserver service. This means that I have to hardcode
this myself.
Another question then, if zone 'example.net' has the NS records of
I tried to use the acl statement in my named.conf file, but I have a
hard time making it work. In my named.conf file, I've put these acl
statements in these formats (made up IP addresses mind you):-
--
// Individual ACL list
acl addr1 {
11.22.33.44;
12.23.34.45;
};
acl
On 08/29/2012 03:25 PM, GS Bryan wrote:
Then when I put the 'alladdr' thing in my 'allow-transfer' and
'also-notify' arguments,
also-notify does not take an acl. The ARM will give you more information
on the grammar.
That said, this is a very annoying problem that I wish there was a
better
On Thu, 30 Aug 2012, GS Bryan wrote:
also-notify { alladdr; };
This uses an ip_addr instead of an address_match_list. Some versions of
named-checkconf will tell you expected IP address.
/etc/named.conf:111: masters alladdr not found
I can't reproduce your problem. What version of
In message
CAOJ-cLgi-Z1DyEnKq1PbK4+jzGG3ew8ZHfv10B751sEbb9V-=q...@mail.gmail.com
, GS Bryan writes:
I tried to use the acl statement in my named.conf file, but I have a
hard time making it work. In my named.conf file, I've put these acl
statements in these formats (made up IP addresses mind
On 08/29/2012 04:02 PM, Mark Andrews wrote:
A plain address in a acl is shorthand for address/32 or address/128
depending apon the address type. While they are visually similar
the two list are functionally very different.
Mark,
I understand the behind the scenes reasons why the 2 things
.
On Thu, Aug 30, 2012 at 9:42 AM, Doug Barton do...@dougbarton.us wrote:
On 08/29/2012 03:25 PM, GS Bryan wrote:
Then when I put the 'alladdr' thing in my 'allow-transfer' and
'also-notify' arguments,
also-notify does not take an acl. The ARM will give you more information
on the grammar
My BIND version, as shown by 'named -v' is BIND 9.9.1-P1-RedHat-9.9.1-2.P1.el6.
'named-checkconf /etc/named.conf' doesn't throw any error messages whatsoever.
--
Bryan S.G.
On Thu, Aug 30, 2012 at 9:59 AM, Jeremy C. Reed jr...@isc.org wrote:
On Thu, 30 Aug 2012, GS Bryan wrote:
Hello,
I am running slave DNS server using BIND. Today when try to run named-checkconf
file as below , i am getting highlighted error.
Kindly assist me
[root@server]# named-checkconf /etc/named.rfc1912.zones
/etc/named.rfc1912.zones:78: undefined ACL 'redhat'
/etc/named.rfc1912.zones:85
: undefined ACL 'redhat'
/etc/named.rfc1912.zones:85: undefined ACL 'redhat'
/etc/named.rfc1912.zones:92: undefined ACL 'redhat'
/etc/named.rfc1912.zones:100: undefined ACL 'redhat'
Isn't it kind of obvious? You are checking the syntax of the file
named.rfc1912.zones, but the ACL is refers
Dear Anand,
Yes, both primary and slave running with different version. Will it cause any
problem if both are running with different version?
--- On Sat, 3/12/11, Anand Buddhdev ana...@ripe.net wrote:
From: Anand Buddhdev ana...@ripe.net
Subject: Re: undefined ACL error while running
i've bind9 running as a primaryhost to a number of bind-andb-other
slaves.
i'm trying to set up to use different TSIG keys with different
secondaries.
in my named.conf, i've
...
acl acl_slave_1 { 1.1.1.1; };
acl acl_slave_2 { 2.2.2.2; 3.3.3.3; 4.4.4.4; 5.5.5.5
:
i've bind9 running as a primaryhost to a number of bind-andb-other
slaves.
i'm trying to set up to use different TSIG keys with different
secondaries.
in my named.conf, i've
...
acl acl_slave_1 { 1.1.1.1; };
acl acl_slave_2 { 2.2.2.2; 3.3.3.3; 4.4.4.4; 5.5.5.5
hi,
On Sun, 05 Dec 2010 19:16 +0100, Sten Carlsen st...@s-carlsen.dk
wrote:
Given that you control your key distribution correctly and safely, would
the following work?
allow-transfer { key key-slave-1; key key-slave-2; };
Only relevant slaves have the various keys, so do you need to
; };
};
If you want to use named ACLs, then I think you need to define them
backwards, to reject not accept, something like this:
# pass through any host except slave1 hosts
acl notslave1 { !1.1.1.1; any; };
# pass through any host except slave2 hosts
acl notslave2 { !2.2.2.2
hi,
On Sun, 05 Dec 2010 20:57 +, Evan Hunt e...@isc.org wrote:
I haven't tested this, but I think it will do what you want:
...
allow-transfer {
{ !notslave1; key key1; };
{ !notslave2; key key2; };
none;
};
this !acl format works, but only
Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2
Description: There was a flaw where the wrong ACL was applied. This
flaw could allow access to a cache via recursion even though the ACL
disallowed it.
CVE: pending
CERT: pending
Posting date: 2010-09-28
Program
Hello all,
I have BIND 9.7.1 installed in Solaris 10. I need to use a forwarder for a
certain internal private IP zone to a certain internal DNS severs. In the
meantime I need to use certain ACL so that it would forward the queries and
reply to them only from certain IP address clients. So I
Hi Prabhat,
I think you don't need this ACL in your forwarder server, define it on
the authoritative server (1.2.3.4 and 5.6.7.8, according to your
example).
Regards,
Nuno Paquete
No dia 2010/07/12, às 19:27, Prabhat Rana prana9...@yahoo.com
escreveu:
Hello all,
I have BIND 9.7.1
Subject: Re: ACL for forward zone
To: Prabhat Rana prana9...@yahoo.com
Cc: bind-users@lists.isc.org
Date: Monday, July 12, 2010, 4:17 PM
Hi Prabhat,
I think you don't need this ACL in your forwarder server,
define it on
the authoritative server (1.2.3.4 and 5.6.7.8, according to
your
access to the authoritative
servers.
Prabhat.
--- On Mon, 7/12/10, Nuno Paquete nunopaqu...@lusocargo.pt wrote:
From: Nuno Paquete nunopaqu...@lusocargo.pt
Subject: Re: ACL for forward zone
To: Prabhat Rana prana9...@yahoo.com
Cc: bind-users@lists.isc.org
Date: Monday, July 12, 2010, 4:17 PM
hi all,
is there a built-in ACL that represents any IPv6 connection?
I have some experiment with allow-query { aclhere; };
where aclhere represents any IPv6 network, anywhere from the Internet.
If there's no built-in, what is the best way to come up with an equivalent?
Thanks
If there's no built-in, what is the best way to come up with an equivalent?
I think this will work:
acl any6 { ::0/0; };
acl any4 { 0.0.0.0/0; };
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users
this king of mistypes.
I wonder if it wouldn't be better to check ACL's first and check-names
just
after it?
On 26.02.10 13:08, Mark Andrews wrote:
It really depends what's more important for you to see. Whether
you got a recursive query that didn't match a acl or a query that
failed
Hello,
I see that hosts that are not allowed to recurse are often generating
check-named errors.
I wonder if it wouldn't be better to check ACL's first and check-names just
after it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
On 25.02.10 12:01, Matus UHLAR - fantomas wrote:
I see that hosts that are not allowed to recurse are often generating
check-named errors.
check-names it is.
I apparently too often use named so I do this king of mistypes.
I wonder if it wouldn't be better to check ACL's first and check-names
of mistypes.
I wonder if it wouldn't be better to check ACL's first and check-names just
after it?
It really depends what's more important for you to see. Whether
you got a recursive query that didn't match a acl or a query that
failed check-names. Both get REFUSED so the client can't tell
.
[RT #377, #728, #860]
Roughly, include can occur instead of a keyword in any list where all
list elements are introduced by keywords; e.g. view, options, logging,
zone. But not acl because the elements there do not (in general) start
with keywords.
Yes. I meant to say, wherever
On 19.10.09 09:49, Mark Andrews wrote:
acl's can include other acls.
I'm having a hard time seeing why you need to include a file here.
include custom.acl; // defines acl customacl
acl hdanets {
92.168.1.0/24; // hda network
customacl;
};
otoh, it could ease configuration
On Oct 18 2009, Joseph S D Yao wrote:
On Sat, Oct 17, 2009 at 10:33:37PM -0400, Robert Moskowitz wrote:
I am trying to build up an environment where the user can maintain
custom files and leave the basic files alone.
So I have a named.acl that works, I add an include line:
acl hdanets
line:
acl hdanets {
192.168.1.0/24; // hda network
include custom.acl;
};
and get the error:
Starting named:
Error in named configuration:
named.acl:3: missing ';' before ''
...
Glancing through the 9.6 ARM https://www.isc.org/files/Bv9.6ARM.pdf,
it seems to me that include
and leave the basic files alone.
So I have a named.acl that works, I add an include line:
acl hdanets {
192.168.1.0/24; // hda network
include custom.acl;
};
and get the error:
Starting named:
Error in named configuration:
named.acl:3: missing ';' before
the user can maintain
custom files and leave the basic files alone.
So I have a named.acl that works, I add an include line:
acl hdanets {
192.168.1.0/24; // hda network
include custom.acl;
};
and get the error:
Starting named:
Error in named configuration:
named.acl:3: missing
I am trying to build up an environment where the user can maintain
custom files and leave the basic files alone.
So I have a named.acl that works, I add an include line:
acl hdanets {
192.168.1.0/24; // hda network
include custom.acl;
};
and get the error:
Starting named
On Sat, Oct 17, 2009 at 10:33:37PM -0400, Robert Moskowitz wrote:
I am trying to build up an environment where the user can maintain
custom files and leave the basic files alone.
So I have a named.acl that works, I add an include line:
acl hdanets {
192.168.1.0/24; // hda network
Greetings:
Trying to implement acl in my named.conf... for Bind 9.2.2
acl eagle { 192.168.1.0/24; localhost; };
But when I issued an reload, I got:
Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error]
/etc/named.conf:2: unknown option 'acl'
Mar 23 08:55:39 ns1 named[13578]: [ID 866145
Worked like a charm.
Thanks.
-John
Alan Clegg wrote:
John D. Vo wrote:
Greetings:
Trying to implement acl in my named.conf... for Bind 9.2.2
acl eagle { 192.168.1.0/24; localhost; };
But when I issued an reload, I got:
Mar 23 08:55:39 ns1 named[13578]: [ID 866145
In message 49c79d6b.7060...@eagle.net, John D. Vo writes:
Greetings:
Trying to implement acl in my named.conf... for Bind 9.2.2
acl eagle { 192.168.1.0/24; localhost; };
But when I issued an reload, I got:
Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error]
/etc/named.conf:2
On Mar 23 2009, John D. Vo wrote:
Trying to implement acl in my named.conf... for Bind 9.2.2
acl eagle { 192.168.1.0/24; localhost; };
But when I issued an reload, I got:
Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error]
/etc/named.conf:2: unknown option 'acl'
Mar 23 08:55:39 ns1
On Fri, 2008-11-14 at 17:35 -0800, Chris Buxton wrote:
Use a firewall (with deep packet inspection) to restrict by subnet.
Then use the TSIG key in the allow-update statement.
Unfortunately, to my knowledge, that's the only way to do this.
Wouldn't using a BIND view to restrict by
1 - 100 of 104 matches
Mail list logo