acl's and some suggestions for ISC
Barry Margolin
barmar at alum.mit.edu
Fri Jan 23 19:23:55 UTC 2004
In article <bup6t9$1qei$1 at sf1.isc.org>, /dev/rob0 <rob0 at gmx.co.uk>
wrote:
> Why not? The BIND 9 Configuration Reference implied that acl's could be
> used anywhere one might need a list of IP's or netblocks. There really
> wasn't much said about "masters" syntax, but I see on closer examination
> now that some options say "address_match_list", but masters does not.
> Why can't "masters" use an address_match_list?
Because you need to know specific addresses to connect to. An address
match list is like a wildcard, it specifies an address pattern. What
would it mean to use something like 192.168.10.0/24 is a master -- there
are 256 addresses in that range.
What you want is a named address list, which is not the same thing as an
ACL. This would be a nice new feature. And since a plain address can
be used wherever an address pattern, it would make sense for an address
list name to be usable wherever an ACL is required, but *not* the other
way around.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
More information about the bind-users
mailing list