9.4.2-P2 and listen-on directive

Mark Andrews Mark_Andrews at isc.org
Mon Aug 11 14:35:19 UTC 2008


> Hello,
> 
> 
> Mon, 11 Aug 2008 15:03:28 +0400 Anatoly Pugachev wrote:
> 
> > ok, found error in my named.conf file:
> > 
> > if i use 
> > 
> >   listen-on { 192.168.1.1; 127.0.0.1; };
> > 
> > everything works as expected, and if only i use:
> > 
> >   listen-on { 192.168.1.1; localhost; };
> > 
> > named will start listening all available interfaces. Is this expected
> > behaviour?
> 
> Yes. The "localhost" ACL is built-in and represents "the IPv4 and IPv6 
> addresses of all network interfaces on the system".
> 
> May be it's time to suggest BIND developers to provide an additional 
> built-in ACL "loopback":
> 
> acl loopback {
> 	127.0.0.1;
> };

	I'm afraid your looback acl is a little bit anemic :-)

  acl lookback {
	127/8; ::1; fe80::/12%lo0;
  };
 
 
> -- 
> 
> Yours sincerely,
> 
> Andrey G. Sergeev (AKA Andris)     http://www.andris.name/
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list