key and ip adress
Cricket Liu
cricket at VeriSign.com
Wed Feb 14 22:41:24 UTC 2001
> Thanks for the advice! What I MEANT to ask, though, was how to best do
> what Mark suggested - deny updates from everybody else and require a key
> from whatever isn't denied, our own server(s). The only thing that comes
> to mind involves a lot of "not" lines before the key requirement.
Yeah, I think that's true.
> Is that the only way, or is there another way to phrase the addresses to
> include, for example, blocks of class A addresses to keep our match list a
> reasonable size? Let's say I'd like to block everything but 10/8
> addresses, then accept by key.
Wouldn't
acl "not-10" {
! 10/8;
key-name;
};
do what you want?
cricket
More information about the bind-users
mailing list