also-notify with ACL in zone scope not working in BIND 9.4.1-P1
Mark Andrews
Mark_Andrews at isc.org
Tue Aug 21 07:17:17 UTC 2007
> I'm having difficulty with getting ACLs working with also-notify in the zone
> scope. A straight IP works, ACL doesn't.
also-notify does not take a ACCESS CONTROL LIST.
> I have couple of ACLs defined for internal and external views. Below are the
> simplified copy of the external view, and the ACL in question (to narrow
> down the problem issue).
>
> The following configuration fails named-checkconf with the error
> /etc/namedb/named.conf:132: expected IP address near '"'
> (Line 132 is the line with also-notify on it.)
>
---
> acl "third" { 69.13.35.100; };
Which is shorthand for 'acl "third" { 69.13.35.100/32; };'.
Which means if you *compare* the first 32 bits of an IPv4
address you will get a match if they equal 69.13.35.100.
> view "external" {
>
> match-clients { any; };
> recursion no;
>
> zone "afis.info" in {
> type master;
> file "master/afis.info";
> notify yes;
> also-notify {"third";};
> allow-transfer {"third";};
> };
>
> zone "." {
> type hint;
> file "named.root";
> };
> };
> ---
>
> However, the following configuration works fine (the only difference is IP
> instead of an ACL reference in also-notify):
>
> ---
> acl "third" { 69.13.35.100; };
>
> view "external" {
>
> match-clients { any; };
> recursion no;
>
> zone "afis.info" in {
> type master;
> file "master/afis.info";
> notify yes;
> also-notify {69.13.35.100;};
> allow-transfer {"third";};
> };
>
> zone "." {
> type hint;
> file "named.root";
> };
> };
> ---
>
> I've tried with and without quotes in the ACL reference, no difference.
>
> Apress's "Pro DNS and BIND" has the following example on page 342:
Well the example is wrong then.
> ---
> acl "someips" {
> 10.0.0.1; 192.168.23.1; 192.168.23.15;
> };
> acl "moreips" {
> 10.0.0.2;
> 192.168.23.128/25; // 128 IPs
> };
> acl "allips" {
> "someips";
> "moreips";
> };
> view "my stuff" {
> match-clients {"someips";};
> ....
> };
> zone "example.com" in{
> type master;
> file "master.example.com";
> also-notify {"allips";};
> };
> ---
>
> What am I doing differently, if anything?
>
> I'm running BIND 9.4.1-P1 on FreeBSD 6.2.
>
> Thanks for any insights! If this has been discussed previously, please
> point me to the right direction; I couldn't find anything about this in the
> archive.
>
> Ville
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list