address/prefix length mismatch

Wed Aug 24 14:05:30 UTC 2022

> On 24. 8. 2022, at 15:58, Elias Pereira <empbilly at gmail.com> wrote:
> 
> hello Ondrej,
> 
> Not completely wrong, because 255 is the broadcast.

No, it's not. This is ACL specification, not a interface/network configuration.

> For a better understanding, then it would be Available range 10.60.0.1 to 10.60.1.254.

No, I've already provided you with a correct answer what 10.60.0.0/23 means in terms of range, why do you insist on this?

> Correctly specified range (without address/host bits) does takes the whole range.
> 
> Like this 10.60/23; ?

I think others have already answered that, I would be just repeating their answers.

Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On Wed, Aug 24, 2022 at 10:33 AM Ondřej Surý <ondrej at isc.org <mailto:ondrej at isc.org>> wrote:
> 
> 
>> On 24. 8. 2022, at 15:26, Elias Pereira <empbilly at gmail.com <mailto:empbilly at gmail.com>> wrote:
>> 
>> 
>> Hello Greg,
>> 
>> Why doesn't bind work with networks/subnets in the conventional way?
> 
> It does.
> 
>> If the private subnet is 10.60.0.0/23 <http://10.60.0.0/23>, then it means that the address range is 10.60.0.1 to 10.60.1.254.
> 
> That’s wrong. 10.60.0.0/23 <http://10.60.0.0/23> means 10.60.0.0 to 10.60.1.255 range.
> 
>> How do I configure this ACL in named.conf.local so that it takes the whole range?
> 
> Correctly specified range (without address/host bits) does takes the whole range.
> 
> Ondrej 
> --
> Ondřej Surý — ISC (He/Him)
> 
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> 
>> On Wed, Aug 24, 2022 at 9:31 AM Anand Buddhdev <anandb at ripe.net <mailto:anandb at ripe.net>> wrote:
>> On 24/08/2022 14:16, Elias Pereira wrote:
>> 
>> Hi Elias,
>> 
>> > Oh, sorry... :D
>> > 
>> > here it is
>> > 
>> > # cat named.conf.local
>> > # ACL das redes internas
>> > # Ultima modificação: 24/08/2022
>> > 
>> > acl "internal" {
>> > 10.60.0.1/23 <http://10.60.0.1/23>;
>> 
>> This is the issue. The address part of the prefix should be the lowest 
>> address in that prefix. If you change this to 10.60.0.0/23 <http://10.60.0.0/23>, it will be 
>> fine. The same goes for all the other prefixes in your list. Change the 
>> 1's to 0's.
>> 
>> > 10.10.1.1/24 <http://10.10.1.1/24>;
>> > 10.10.2.1/25 <http://10.10.2.1/25>;
>> > 10.10.3.1/25 <http://10.10.3.1/25>;
>> > 10.10.4.1/25 <http://10.10.4.1/25>;
>> > 10.10.5.1/25 <http://10.10.5.1/25>;
>> > 10.51.0.1/23 <http://10.51.0.1/23>;
>> > 10.10.6.1/25 <http://10.10.6.1/25>;
>> > 10.10.7.1/26 <http://10.10.7.1/26>;
>> > 172.20.0.1/26 <http://172.20.0.1/26>;
>> > 10.50.0.1/23 <http://10.50.0.1/23>;
>> > 10.40.0.1/22 <http://10.40.0.1/22>;
>> > 10.56.0.1/22 <http://10.56.0.1/22>;
>> > };
>> 
>> 
>> -- 
>> Elias Pereira
>> -- 
>> Visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
>> 
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ <https://www.isc.org/contact/> for more information.
>> 
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
> 
> 
> -- 
> Elias Pereira

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220824/30518ebf/attachment-0001.htm>