view based on negated acl doesn't match [SOLVED]

Ross Boylan RossBoylan at stanfordalumni.org
Tue Feb 21 18:21:22 UTC 2006


On Tue, Feb 21, 2006 at 01:59:51PM +0530, rajesh.panchikarla at wipro.com wrote:
> 
> Try acl externals { ! internals ; any; };
> Thanks
> Rajesh

Thank you.  That's exactly what I needed; it works fine.
Ross

> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Ross Boylan
> Sent: Tuesday, February 21, 2006 1:32 PM
> To: bind-users at isc.org
> Cc: Ross Boylan
> Subject: view based on negated acl doesn't match
> 
> I'm running bind9 (v 9.3.1-2.0.1 on Debian GNU/Linux) trying to use
> views to present different views inside and outside my local network.
> The inside views seem to be matching fine.  I use
> 
> acl internals { 127.0.0.1; 192.168.40.0/24; };
> acl externals { ! internals ; };
> 
> view "outside" {
> 	match-clients { externals; };
> ....
> 
> view "inside" {
> 	match-clients { internals; };
> 
> When I try to query from outside I get this message from bind (with -d
> 2):
> 20-Feb-2006 22:18:10.983 client 65.175.48.58#42837: no matching view in
> class 'IN'
> 20-Feb-2006 22:18:10.983 client 65.175.48.58#42837: no matching view in
> class
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  43111
> ;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;www.betterworld.us.            IN      A
> 
> I also tried match-clients {! internals;}; on the theory that the
> sense of the negation might be lost.  That didn't work.  match-clients
> {any;}; does work, though it's broader than I want.
> 
> What am I missing here?  And what's the right way to do what I'm
> trying to do?
> 
> Thanks.
> Ross Boylan
> 
> 
> 
> 
> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
> 
> WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
> 
> www.wipro.com
> 



More information about the bind-users mailing list