REFUSED but no log entry
Jason Mitchell
jm at hcn.com.au
Wed Oct 10 12:31:29 UTC 2007
Hi Alan,
Maybe I'm wrong, but I think that having "{ !localnets; !localhost; }" in the
external view is redundant as they'd be matched by the prior views, and never
make it to the external (external is the third view)?
Regards,
Jason
On Wed, 10 Oct 2007 08:04:23 -0400, Alan Clegg wrote
> Jason Mitchell wrote:
> > I replaced "match-clients { !localnets; !localhost; };" with
> > "match-clients { ANY; };" and now I'm seeing the expected behavior.
>
> ACLs all end in a silent "none;", so what you had the first time was:
>
> match-clients { !localnets; !localhost; none; };
>
> Not localnets, not localhost, and nobody else as well.
>
> Instead of replacing that with a generic "any", how about:
>
> match-clients { !localnets; !localhost; any; };
>
> which matches everything EXCEPT localnets and localhost. I think
> that is more along the lines of what you want to happen based on
> your previous mail about the internal/external views.
>
> AlanC
More information about the bind-users
mailing list