acl's and some suggestions for ISC

Mark_Andrews at Mark_Andrews at
Sun Jan 25 07:10:32 UTC 2004

> In article <bup6t9$1qei$1 at>, /dev/rob0 <rob0 at> 
> wrote:
> > Why not? The BIND 9 Configuration Reference implied that acl's could be
> > used anywhere one might need a list of IP's or netblocks. There really
> > wasn't much said about "masters" syntax, but I see on closer examination
> > now that some options say "address_match_list", but masters does not.
> > Why can't "masters" use an address_match_list?
> Because you need to know specific addresses to connect to.  An address 
> match list is like a wildcard, it specifies an address pattern.  What 
> would it mean to use something like is a master -- there 
> are 256 addresses in that range.
> What you want is a named address list, which is not the same thing as an 
> ACL.  This would be a nice new feature.  And since a plain address can 
> be used wherever an address pattern, it would make sense for an address 
> list name to be usable wherever an ACL is required, but *not* the other 
> way around.
> -- 
> Barry Margolin, barmar at
> Arlington, MA

	BIND 9.3 has master lists which can be used in master clauses
	and other master lists.

	Note master lists are more complicated than just lists of
	addresses.  They allow keys to be associated with the master.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at

More information about the bind-users mailing list