BIND ACL ranges and negations

Jim Reid jim at rfc1035.com
Wed Oct 4 08:42:47 UTC 2000


>>>>> "John" == John Hernandez <John.Hernandez at noaa.gov> writes:

    John> Is there a way to specify a range of /24 networks in a BIND
    John> ACL without explicity listing them all?

Yes. If the nets are contiguous, just use a wider "netmask" like a /20
or whatever is appropriate. Each element of an ACL is just translated
into a bit mask that gets applied to the IP address making the request.

    John> Also, can I negate a network in an ACL?

Yes. Did you read the documentation for address_match_list?



More information about the bind-users mailing list