can't get acl to work!

Sun Jul 16 20:16:10 UTC 2000

> Well first of all you should have shown *everything* that was in the
> options{} statement, *exactly* as it was printed there. Luckily for
> you it doesn't look there were any errors in the stuff you decided to
> hide from us, but who knows for sure? Amongst other things, showing

sorry, didn't mean to upset anyone. I should also have mentioned that
if I remove the acl statement (a // in front of it is enough) everything
works as expected.

I took that acl statement right out of the named.conf sample in the source
tree, the named.conf one used to check the parser.

Here is the complete file:

options {
	directory "/var/named";
	pid-file "/var/run/named.pid";
	notify no;
	acl can_query { !1.2.3/24; any; };
	allow-query { 127.0.0.1; 192.168.1.0/24; };
	allow-transfer {
		127.0.0.1;
		192.168.1.2;
	};
	allow-recursion { 127.0.0.1; 192.168.1.0/24; };
	check-names response warn;
	check-names master warn;
	listen-on {
		127.0.0.1;
		192.168.1.2;
		};
	};

zone "." {
	type hint;
	file "db.cache";
	};

zone "intra.schalter.com.br" {
	type master;
	file "intra.schalter.com.br.hosts";
	};

zone "1.168.192.in-addr.arpa" {
	type master;
	file "192.168.1.rev";
	};

zone "0.0.127.in-addr.arpa" {
	type master;
	file "127.0.0.rev";
	};

Yes, I don't even use the acl name. I first want it to work, i.e., pass OK
through the parser.

Again, with this file, /etc/rc.d/init.d/named restart logs the following:

Jul 16 17:28:16 mail named[21668]: named shutting down
Jul 16 17:28:16 mail named[21668]: USAGE 963779296 963776150 CPU=0u/0s CHILDCPU=0u/0s
Jul 16 17:28:16 mail named[21668]: NSTATS 963779296 963776150 A=62 PTR=16 MX=3
Jul 16 17:28:16 mail named[21668]: XSTATS 963779296 963776150 RR=58 RNXD=2 RFwdR=46 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=11 SAns=59 SFwdQ=22 SDupQ=3 SErr=0 RQ=81 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=46 SFail=0 SFErr=0 SNaAns=47 SNXD=1
Jul 16 17:28:16 mail named[21699]: starting.  named 8.2.2-P5 Wed Feb 16 05:32:07 BRDT 2000 ^Iroot at mapinguari.conectiva.com.br:/usr/src/rpm/BUILD/bind-8.2.2P5/src/bin/named
Jul 16 17:28:16 mail named[21699]: /etc/named.conf:5: syntax error near acl
Jul 16 17:28:16 mail named[21699]: /etc/named.conf:6: syntax error near allow-query
Jul 16 17:28:16 mail named[21699]: hint zone "" (IN) loaded (serial 0)
Jul 16 17:28:16 mail named[21699]: Zone "intra.schalter.com.br" (file intra.schalter.com.br.hosts): No default TTL set using SOA minimum instead
Jul 16 17:28:16 mail named[21699]: intra.schalter.com.br.hosts: WARNING SOA expire value is less than 7 days (432000)
Jul 16 17:28:16 mail named[21699]: intra.schalter.com.br.hosts:8: data "intra.embrasul.com.br" outside zone "intra.schalter.com.br" (ignored)
Jul 16 17:28:16 mail named[21699]: master zone "intra.schalter.com.br" (IN) loaded (serial 963175004)
Jul 16 17:28:16 mail named[21699]: Zone "1.168.192.in-addr.arpa" (file 192.168.1.rev): No default TTL set using SOA minimum instead
Jul 16 17:28:16 mail named[21699]: 192.168.1.rev: WARNING SOA expire value is less than 7 days (432000)
Jul 16 17:28:16 mail named[21699]: master zone "1.168.192.in-addr.arpa" (IN) loaded (serial 963175021)
Jul 16 17:28:16 mail named[21699]: Zone "0.0.127.in-addr.arpa" (file 127.0.0.rev): No default TTL set using SOA minimum instead
Jul 16 17:28:16 mail named[21699]: 127.0.0.rev: WARNING SOA expire value is less than 7 days (432000)
Jul 16 17:28:16 mail named[21699]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 963175854)
Jul 16 17:28:16 mail named[21699]: listening on [127.0.0.1].53 (lo)
Jul 16 17:28:16 mail named[21699]: listening on [192.168.1.2].53 (eth0)
Jul 16 17:28:16 mail named[21699]: listening on [200.203.204.65].53 (ppp0)
Jul 16 17:28:16 mail named[21699]: Forwarding source address is [0.0.0.0].1054
Jul 16 17:28:16 mail named[21700]: Ready to answer queries.

If I comment out the acl statement (// in front of that line), I get:

Jul 16 17:29:57 mail named[21700]: named shutting down
Jul 16 17:29:57 mail named[21700]: USAGE 963779397 963779296 CPU=0u/0s CHILDCPU=0u/0s
Jul 16 17:29:57 mail named[21700]: NSTATS 963779397 963779296 A=1 PTR=1
Jul 16 17:29:57 mail named[21700]: XSTATS 963779397 963779296 RR=1 RNXD=0 RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=1 SAns=2 SFwdQ=0 SDupQ=0 SErr=0 RQ=2 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=0 SFErr=0 SNaAns=0 SNXD=0
Jul 16 17:29:57 mail named[21710]: starting.  named 8.2.2-P5 Wed Feb 16 05:32:07 BRDT 2000 ^Iroot at mapinguari.conectiva.com.br:/usr/src/rpm/BUILD/bind-8.2.2P5/src/bin/named
Jul 16 17:29:57 mail named[21710]: hint zone "" (IN) loaded (serial 0)
Jul 16 17:29:57 mail named[21710]: Zone "intra.schalter.com.br" (file intra.schalter.com.br.hosts): No default TTL set using SOA minimum instead
Jul 16 17:29:57 mail named[21710]: intra.schalter.com.br.hosts: WARNING SOA expire value is less than 7 days (432000)
Jul 16 17:29:57 mail named[21710]: intra.schalter.com.br.hosts:8: data "intra.embrasul.com.br" outside zone "intra.schalter.com.br" (ignored)
Jul 16 17:29:57 mail named[21710]: master zone "intra.schalter.com.br" (IN) loaded (serial 963175004)
Jul 16 17:29:57 mail named[21710]: Zone "1.168.192.in-addr.arpa" (file 192.168.1.rev): No default TTL set using SOA minimum instead
Jul 16 17:29:57 mail named[21710]: 192.168.1.rev: WARNING SOA expire value is less than 7 days (432000)
Jul 16 17:29:57 mail named[21710]: master zone "1.168.192.in-addr.arpa" (IN) loaded (serial 963175021)
Jul 16 17:29:57 mail named[21710]: Zone "0.0.127.in-addr.arpa" (file 127.0.0.rev): No default TTL set using SOA minimum instead
Jul 16 17:29:57 mail named[21710]: 127.0.0.rev: WARNING SOA expire value is less than 7 days (432000)
Jul 16 17:29:57 mail named[21710]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 963175854)
Jul 16 17:29:57 mail named[21710]: listening on [127.0.0.1].53 (lo)
Jul 16 17:29:57 mail named[21710]: listening on [192.168.1.2].53 (eth0)
Jul 16 17:29:57 mail named[21710]: Forwarding source address is [0.0.0.0].1055
Jul 16 17:29:57 mail named[21711]: Ready to answer queries.

Sorry for the long email.