acl (access-lists)
Kelly Scroggins
kelly at cliffhanger.com
Fri Jul 21 05:49:56 UTC 2000
Quoting Kevin Darcy <kcd at daimlerchrysler.com>:
Kelly Scroggins wrote:
> I'm wondering if I can define an access-list that
> will restrict a range of addresses within a
> subnet. As opposed to the entire subnet.
>
> I want to restrict some address from making
> queries to a specific zone. Or restrict them TO
> a zone.
>
> Is this possible?
It's all possible, it's just a matter of how ugly you want to get. BIND
8's address match list syntax doesn't support arbitrary ranges of
addresses, but if the range happens to be on a bit boundary, you can use
prefix notation. And, of course, there's always individual enumeration
of addresses and/or negation operators. To make things at least a
*little* maintainable, you may wish to give discrete ranges their own
ACL names, and then nest those ACL's into larger ACL's where necessary.
- Kevin
That's what I was afraid of. I read this same
info in The NDS and BIND book, but hoped for a
magic trick to work around it.
Thanks,
kelly
More information about the bind-users
mailing list