address/prefix length mismatch

Greg Choules gregchoules+bindusers at googlemail.com
Wed Aug 24 12:27:59 UTC 2022 

Hi Elias.
I can't say why this might have worked with 9.11 (if it did - I'd be
surprised). But you should not/cannot define ACLs like this:
10.60.0.1/23;
/23 means consider only the first 23 bits of the available 32 bits of an
IPv4 address and ignore the rest (in this context. Please don't someone
else shoot me down for other uses of netmasks).

Since the human-readable version of an IPv4 address (in bits) is 8.8.8.8
(no, not THAT 8.8.8.8) a /23 mask means care about the first three octets
(24 bits), except the last bit of the third octet (back to 23 bits), and
don't care about the fourth octet at all.

So in this case the third octet *must* be an even number (zero is even in
this context) and the fourth octet should be zero. Like this:
10.60.0.0/23;

10.60.2.0/23; would also be acceptable.
10.60.17.0/23; would not be acceptable because the third octet is odd, so
its low order bit is 1.

I hope that helps.
Greg



On Wed, 24 Aug 2022 at 13:17, Elias Pereira <empbilly at gmail.com> wrote:

> Oh, sorry... :D
>
> here it is
>
> # cat named.conf.local
> # ACL das redes internas
> # Ultima modificação: 24/08/2022
>
> acl "internal" {
> 10.60.0.1/23;
> 10.10.1.1/24;
> 10.10.2.1/25;
> 10.10.3.1/25;
> 10.10.4.1/25;
> 10.10.5.1/25;
> 10.51.0.1/23;
> 10.10.6.1/25;
> 10.10.7.1/26;
> 172.20.0.1/26;
> 10.50.0.1/23;
> 10.40.0.1/22;
> 10.56.0.1/22;
> };
>
> On Wed, Aug 24, 2022 at 9:14 AM Anand Buddhdev <anandb at ripe.net> wrote:
>
>> On 24/08/2022 14:08, Elias Pereira wrote:
>>
>> Hi Elias,
>>
>> > I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
>> >
>> > Now I get the address/prefix length mismatch error in name.conf.local.
>> >
>> > In my first AD that I have not upgraded yet, it is working correctly
>> with
>> > the same settings in version 9.11.x.
>> >
>> > What is the problem with version 9.16.x?
>>
>> We don't know what your named.conf.local looks like, so it's impossible
>> to help you. Please help yourself by asking a better question, in which
>> you show your configuration. Then someone can probably spot the error
>> and provide a helpful answer.
>>
>> Regards,
>> Anand
>>
>
>
> --
> Elias Pereira
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220824/0af47aa4/attachment.htm>

More information about the bind-users mailing list