ACL and keys
dj
drnj at freemail.redherring.co.uk
Wed Aug 27 10:41:59 UTC 2003
Forgive my boolean logic but
(slaves OR tsig)
is identical to
(not (not(slaves)) OR tsig)
So I don't see how the statement equates to
(Slaves AND slaves-with-tsig-key)
> > Why can't you use
> >
> > allow-transfer ( slaves; key tsigkey;};
> >
>
> That is allow "slaves" *or* allow "key tsigkey".
>
> > ?????
> >
> > As ! notslave == slaves
>
> acl slaves {
> 194.170.1.11;
> };
>
> acl notslaves {
> !slaves; any;
> };
>
> allow-transfer { !notslaves; key tsigkey;};
>
> This deny everyone but slaves then allow those with this key.
>
> Acls are parsed on a first match basis.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
More information about the bind-users
mailing list