REFUSED but no log entry
Alan Clegg
alan at clegg.com
Wed Oct 10 12:04:23 UTC 2007
Jason Mitchell wrote:
> I replaced "match-clients { !localnets; !localhost; };" with
> "match-clients { ANY; };" and now I'm seeing the expected behavior.
ACLs all end in a silent "none;", so what you had the first time was:
match-clients { !localnets; !localhost; none; };
Not localnets, not localhost, and nobody else as well.
Instead of replacing that with a generic "any", how about:
match-clients { !localnets; !localhost; any; };
which matches everything EXCEPT localnets and localhost. I think that
is more along the lines of what you want to happen based on your
previous mail about the internal/external views.
AlanC
More information about the bind-users
mailing list