key and ip adress

Cricket Liu cricket at VeriSign.com
Sat Feb 17 00:03:57 UTC 2001


> > > Is that the only way, or is there another way to phrase the addresses
to
> > > include, for example, blocks of class A addresses to keep our match
list a
> > > reasonable size?  Let's say I'd like to block everything but 10/8
> > > addresses, then accept by key.
> >
> > Wouldn't
> >
> > acl "not-10" {
> >     ! 10/8;
> >     key-name;
> > };
> >
> > do what you want?
>
> But that would deny updates from 10/8 and he said he wanted to block
> everything but 10/8.

Yes, I misinterpreted what Ian wrote.

> What I would try is:
>
> acl not-me { ! 10/8; any; };
> allow-update { ! not-me; key keyname; };

Good idea.

cricket



More information about the bind-users mailing list