Problem with Views and ACLs
Boyack, Kurt
Kurt.Boyack at pyxis.com
Thu Jan 20 23:34:34 UTC 2005
A. Clausen writes:
> I'm having a real problem setting up ACLs for our DNS. This is a=20
> reasonable rendering of the ACLs I have (xxx.yyy.zzz/23 is=20
> our network's=20
> subnet):
>=20
> acl server_acl {
> xxx.yyy.zzz.1;
> xxx.yyy.zzz.9;
> xxx.yyy.zzz.19;
> xxx.yyy.zzz.251;
> };
>=20
> acl customer_acl {
> xxx.yyy.zzz.0/23;
> !server_acl;
> };
>=20
> acl outside_acl {
> any;
> };
>=20
> However, when I try to set up views based on these ACLs, the view=20
> attached to the "customer_acl" view catches the "server_acl"=20
> addresses as well. What am I doing wrong here?
I'm not sure if the order of an ACL matters here, but changing the =
customer_acl to the following might help:
acl customer_acl {
!server_acl;
xxx.yyy.zzz.0/23;
};
Also, the views have to be listed in the right order in named.conf. The =
first view that matches will be the one that is used.
More information about the bind-users
mailing list