view based on negated acl doesn't match

rajesh.panchikarla at rajesh.panchikarla at
Tue Feb 21 08:29:51 UTC 2006

Try acl externals { ! internals ; any; };

-----Original Message-----
From: bind-users-bounce at [mailto:bind-users-bounce at] On
Behalf Of Ross Boylan
Sent: Tuesday, February 21, 2006 1:32 PM
To: bind-users at
Cc: Ross Boylan
Subject: view based on negated acl doesn't match

I'm running bind9 (v 9.3.1-2.0.1 on Debian GNU/Linux) trying to use
views to present different views inside and outside my local network.
The inside views seem to be matching fine.  I use

acl internals {;; };
acl externals { ! internals ; };

view "outside" {
	match-clients { externals; };

view "inside" {
	match-clients { internals; };

When I try to query from outside I get this message from bind (with -d
20-Feb-2006 22:18:10.983 client no matching view in
class 'IN'
20-Feb-2006 22:18:10.983 client no matching view in
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  43111
;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;            IN      A

I also tried match-clients {! internals;}; on the theory that the
sense of the negation might be lost.  That didn't work.  match-clients
{any;}; does work, though it's broader than I want.

What am I missing here?  And what's the right way to do what I'm
trying to do?

Ross Boylan

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

More information about the bind-users mailing list