key and ip adress
Ian Watts
ian at radix.net
Wed Feb 14 22:31:19 UTC 2001
Thanks for the advice! What I MEANT to ask, though, was how to best do
what Mark suggested - deny updates from everybody else and require a key
from whatever isn't denied, our own server(s). The only thing that comes
to mind involves a lot of "not" lines before the key requirement.
Is that the only way, or is there another way to phrase the addresses to
include, for example, blocks of class A addresses to keep our match list a
reasonable size? Let's say I'd like to block everything but 10/8
addresses, then accept by key.
I appreciate any guidance.
-- Ian Watts
On Wed, 14 Feb 2001, Cricket Liu wrote:
> > > > Actually you can. Deny the IP's you don't want then accept
> > > > by key.
> > >
> > > Cute! I hadn't thought of that.
> >
> > Interesting. What is the best way to DENY, say, everything but one IP
> > address or my local subnet? What kind of match list expression(s) would
> > capture that?
>
> acl "all-but-one" {
> 192.168.0.1;
> ! any;
> };
>
> cricket
>
More information about the bind-users
mailing list