acl's and some suggestions for ISC
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sun Jan 25 07:10:32 UTC 2004
> In article <bup6t9$1qei$1 at sf1.isc.org>, /dev/rob0 <rob0 at gmx.co.uk>
> wrote:
>
> > Why not? The BIND 9 Configuration Reference implied that acl's could be
> > used anywhere one might need a list of IP's or netblocks. There really
> > wasn't much said about "masters" syntax, but I see on closer examination
> > now that some options say "address_match_list", but masters does not.
> > Why can't "masters" use an address_match_list?
>
> Because you need to know specific addresses to connect to. An address
> match list is like a wildcard, it specifies an address pattern. What
> would it mean to use something like 192.168.10.0/24 is a master -- there
> are 256 addresses in that range.
>
> What you want is a named address list, which is not the same thing as an
> ACL. This would be a nice new feature. And since a plain address can
> be used wherever an address pattern, it would make sense for an address
> list name to be usable wherever an ACL is required, but *not* the other
> way around.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
>
BIND 9.3 has master lists which can be used in master clauses
and other master lists.
Note master lists are more complicated than just lists of
addresses. They allow keys to be associated with the master.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list