ACL and keys
Ladislav Vobr
lvobr at ies.etisalat.ae
Fri Aug 22 20:04:14 UTC 2003
thanks for the info, I found the link with Mark's comment. Kevin posted
a confusing one, where is no "any" statement in the notslaves acl, which
is crutial. btw very elegent solution. I knew address_match_lists are
processed in order, but that acl are as well, this a little hidden :-)
posting the full link for everybody who is searching.
http://marc.theaimsgroup.com/?l=bind-users&m=100142567531837&w=2
my tested config now
acl slaves {
194.170.1.11;
};
include "sharedsecret.txt";
acl notslaves { ! slaves; any; };
options {
directory "/usr/local/dns/ns0.bind-8.3.6/zones";
datasize 20M;
listen-on { 194.170.1.12; };
allow-transfer { ! notslaves; key tsigkey.; };
and only 194.170.1.11 and only with TSIG key is allowed.
Ladislav
Jim Reid wrote:
>>>>>>"Ladislav" == Ladislav Vobr <lvobr at ies.etisalat.ae> writes:
>>>>>>
>>>>>>
>
> Ladislav> aha, I basically in this example want only 194.170.1.11
> Ladislav> but only when it has a valid key, then nobody
> Ladislav> else.... with or without keys or with the same or
> Ladislav> different ip....
>
>An example of how to combine IP addresses with a TSIG key for access
>control was posted to this list a few months ago. This explained how
>to provide an ACL that requires the client to have an acceptable IP
>address AND a valid TSIG key. Consult the list archives.
>
>
>
More information about the bind-users
mailing list