Address-match-lists and subnetmasks
Barry Margolin
barmar at alum.mit.edu
Tue Sep 28 12:23:22 UTC 2004
In article <cjbclp$17ac$1 at sf1.isc.org>,
"Walkenhorst, Benjamin" <Benjamin.Walkenhorst at telekom.de> wrote:
> Hello everyone,
>
> If I specify an acl like this:
> acl "mynet" { 192.168/16; };
>
> ...and then define two views like this:
>
> view "internal" {
> match-clients { mynet; };
> ...
> };
>
> view "external" {
> match-clients { !mynet; any; };
> ...
> };
>
> I am wondering what my host might get to see, if its
> IP-adress is, say, 192.168.0.13/24.
> So how does BIND handle IP-adress and network mask? Does the network
> mask have to match the one given in the acl _exactly_, or does '192.168/16'
> mean to BIND 'all IP-adresses beginning with 192.168'?
> The BIND-ARM did not turn up useful information on this...
The only thing the server sees is the IP address of the client -- the
client doesn't tell it what its local subnet mask is. 192.168/16 means
"any address that begins with 192.168".
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list