view based on negated acl doesn't match
Ross Boylan
RossBoylan at stanfordalumni.org
Tue Feb 21 08:01:40 UTC 2006
I'm running bind9 (v 9.3.1-2.0.1 on Debian GNU/Linux) trying to use
views to present different views inside and outside my local network.
The inside views seem to be matching fine. I use
acl internals { 127.0.0.1; 192.168.40.0/24; };
acl externals { ! internals ; };
view "outside" {
match-clients { externals; };
....
view "inside" {
match-clients { internals; };
When I try to query from outside I get this message from bind (with -d 2):
20-Feb-2006 22:18:10.983 client 65.175.48.58#42837: no matching view in class 'IN'
20-Feb-2006 22:18:10.983 client 65.175.48.58#42837: no matching view in class
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43111
;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.betterworld.us. IN A
I also tried match-clients {! internals;}; on the theory that the
sense of the negation might be lost. That didn't work. match-clients
{any;}; does work, though it's broader than I want.
What am I missing here? And what's the right way to do what I'm
trying to do?
Thanks.
Ross Boylan
More information about the bind-users
mailing list