ACLs as external files
Peter DrakeUnderkoffler
bind at ratgut.com
Mon Mar 5 15:51:17 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sure, use the include statement:
include "/File/Path/From/Root";
You can use this the separate any part of the named.conf, such as keys, logging, etc..
as long as you conform to the syntax.
If you are looking to have a simple text file with IP addresses listed without the
needed formatting of the named.conf file, you would have to wrap that in something
like m4 or similar. You need to perform management tasks on the name server if the
ACLs get updated with a reload or restart anyway, this could be part of that process.
Thanks
Peter
Peter DrakeUnderkoffler
Xinupro, LLC
617-834-2352
Fr34k wrote:
> Hello All,
>
> I have a question regarding ACL management.
>
> Today, we have an ACL like:
> acl "local-blocks" { 192.168/16; 172.16/12; 10/8; } ;
>
> ...then in options...
>
> allow-query { "local-blocks"; };
> allow-recursion { "local-blocks"; };
>
> Rather than add/remove/modify IP blocks to this ACL, it would be nice to
> reference a seperate external file to manange and reference it from named.conf
>
> Does BIND offer this facility for ACLs?
> If so, someone mind sharing an example/details?
>
> I would rather distribute ACL files than try to manage entire named.conf files,
> if possible.
>
> Thanks -- Chris
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFF7Dx1l+lekZRM55oRAiFSAJ9WmJYC9X91LavYc6m1V6L0D/8y7gCgvf72
RBWy7I5n6EW+1xLGgnx3Yso=
=gNBq
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list