sortlist Arithmetic
Andris Kalnozols
andris at hpl.hp.com
Wed Oct 1 02:32:53 UTC 2003
> Martin McCormick <martin at dc.cis.okstate.edu> wrote:
>
> How does one combine bits to form a larger network in a
> sortlist? I need a sortlist for part of a Class B from x.x.0.0
> through x.x.223.255.
>
> I put in x.x/17 and got everything between the base and
> base.127.255 in the sortlist, but I haven't figured out how to add
> x.x/18 and x.x/19 to make one big sortlist. I've tried:
>
> sortlist {
> {
> x.x/17;
> x.x.128.0/18;
> x.x.192.0/19;
> };
> };
>
> sortlist {
> {
> x.x/17;
> x.x/18;
> x.x/19;
> };
> };
>
> and even really clever stuff like
> sortlist {
> {
> x.x/16;
> ! x.x/20;
> };
> };
>
> I did create some smaller sortlists covering parts of our
> network and they all worked. Those, however, were simple net/21 or
> net/24 ranges.
According to the BIND docs, "Each top level statement in the sortlist
must itself be an explicit address match list with one or two elements."
Your first two examples have three elements and the last example matches
x.x.0.0 through x.x.255.255 as a source address of the query and will
prefer an answer not matching x.x.0.0 through x.x.15.255. This is
assuming that BIND implicitly supplies a zero octet where necessary
since x.x./17 is only 16 bits of network for the 17-bit mask. I think
it's better to avoid such ambiguities for the human reading your config
file by supplying the third octet, i.e, x.x.0/17.
I suppose an extra set of braces would combine the three network
segments into one element:
sortlist {
{ { x.x.0/17; x.x.128/18; x.x.192/19; }; };
--------------------------------------
};
Or you can use an ACL to aggregate your multiple address match lists
into one symbolic element:
acl "ok-networks" { x.x.0/17; x.x.128/18; x.x.192/19; };
sortlist {
{ ok-networks; };
};
Andris Kalnozols
More information about the bind-users
mailing list