view based on negated acl doesn't match

rajesh.panchikarla at wipro.com rajesh.panchikarla at wipro.com
Tue Feb 21 08:29:51 UTC 2006 

Try acl externals { ! internals ; any; };
Thanks
Rajesh

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Ross Boylan
Sent: Tuesday, February 21, 2006 1:32 PM
To: bind-users at isc.org
Cc: Ross Boylan
Subject: view based on negated acl doesn't match

I'm running bind9 (v 9.3.1-2.0.1 on Debian GNU/Linux) trying to use
views to present different views inside and outside my local network.
The inside views seem to be matching fine.  I use

acl internals { 127.0.0.1; 192.168.40.0/24; };
acl externals { ! internals ; };

view "outside" {
	match-clients { externals; };
....

view "inside" {
	match-clients { internals; };

When I try to query from outside I get this message from bind (with -d
2):
20-Feb-2006 22:18:10.983 client 65.175.48.58#42837: no matching view in
class 'IN'
20-Feb-2006 22:18:10.983 client 65.175.48.58#42837: no matching view in
class
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  43111
;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.betterworld.us.            IN      A

I also tried match-clients {! internals;}; on the theory that the
sense of the negation might be lost.  That didn't work.  match-clients
{any;}; does work, though it's broader than I want.

What am I missing here?  And what's the right way to do what I'm
trying to do?

Thanks.
Ross Boylan




The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

More information about the bind-users mailing list