also-notify with ACL in zone scope not working in BIND 9.4.1-P1
Ville Walveranta
ville at walveranta.org
Tue Aug 21 06:48:41 UTC 2007
I'm having difficulty with getting ACLs working with also-notify in the zone
scope. A straight IP works, ACL doesn't.
I have couple of ACLs defined for internal and external views. Below are the
simplified copy of the external view, and the ACL in question (to narrow
down the problem issue).
The following configuration fails named-checkconf with the error
/etc/namedb/named.conf:132: expected IP address near '"'
(Line 132 is the line with also-notify on it.)
---
acl "third" { 69.13.35.100; };
view "external" {
match-clients { any; };
recursion no;
zone "afis.info" in {
type master;
file "master/afis.info";
notify yes;
also-notify {"third";};
allow-transfer {"third";};
};
zone "." {
type hint;
file "named.root";
};
};
---
However, the following configuration works fine (the only difference is IP
instead of an ACL reference in also-notify):
---
acl "third" { 69.13.35.100; };
view "external" {
match-clients { any; };
recursion no;
zone "afis.info" in {
type master;
file "master/afis.info";
notify yes;
also-notify {69.13.35.100;};
allow-transfer {"third";};
};
zone "." {
type hint;
file "named.root";
};
};
---
I've tried with and without quotes in the ACL reference, no difference.
Apress's "Pro DNS and BIND" has the following example on page 342:
---
acl "someips" {
10.0.0.1; 192.168.23.1; 192.168.23.15;
};
acl "moreips" {
10.0.0.2;
192.168.23.128/25; // 128 IPs
};
acl "allips" {
"someips";
"moreips";
};
view "my stuff" {
match-clients {"someips";};
....
};
zone "example.com" in{
type master;
file "master.example.com";
also-notify {"allips";};
};
---
What am I doing differently, if anything?
I'm running BIND 9.4.1-P1 on FreeBSD 6.2.
Thanks for any insights! If this has been discussed previously, please
point me to the right direction; I couldn't find anything about this in the
archive.
Ville
More information about the bind-users
mailing list