correct syntax for TSIG & IP restrictions for named-ACL versus just IP?
pgngw+dev001+bind-users at f-m.fm
pgngw+dev001+bind-users at f-m.fm
Mon Dec 6 00:43:39 UTC 2010
hi,
On Sun, 05 Dec 2010 20:57 +0000, "Evan Hunt" <each at isc.org> wrote:
> I haven't tested this, but I think it will do what you want:
...
> allow-transfer {
> { !notslave1; key key1; };
> { !notslave2; key key2; };
> none;
> };
this !acl format works, but only in the single ACL case. i.e.,
allow-transfer { { !notslave1; key key1; }; none; };
allow-transfer { { !notslave2; key key2; }; none; };
both work as expected. but,
allow-transfer { { !notslave1; key key1; }; { !notslave2; key key2; };
none; };
only enables AXFR to slave1 -- slave2 no longer seems to initiate any
transfers, as if it's not getting any notify.
still poking around ...
> I wrote an explanation of BIND ACLs on this list a few years back that
> you may find helpful in explaining the syntactic insanity:
>
> http://www.mail-archive.com/bind-users@lists.isc.org/msg00045.html
yes, to 'insanity', and yes to 'helpful'. thanks!
More information about the bind-users
mailing list