allowing queries from all IPv4 addresses but only a range of IPv6 addresses

Dennis Perisa dennis.perisa at gmail.com
Tue May 31 11:28:28 UTC 2011


yep that works. thanks Dave.  interestingly, 0/0 also works - thought
that might catch IPv6 as well, but a look at the rfc tells me the
correct syntax for 'any IPv6 host' is ::/0

On Tue, May 31, 2011 at 8:54 PM, David Forrest <drf at maplepark.com> wrote:
> On Tue, 31 May 2011, Dennis Perisa wrote:
>
>> Hello community,
>>
>> I have a requirement to configure BIND 9.7.3 to allow queries from any
>> IPv4 address and only a specific IPv6 prefix.
>>
>> The allow-query statement takes an address match list as argument, but
>> I'm not sure how I can specify 'any IPv4 host' without having to use
>> the 'any' keyword (which matches on ALL IPv4 and IPv6 addresses).
>>
>> Hoping you can help,
>> Dennis
>
> Dennis, how about:
>
> acl some-nets   {
>                0.0.0.0/0;              // all IPv4
>                2001:470:1f11:7d0::/64; // our IPV6 prefix
>                };
>
> ...
>
> match-clients   { some-nets; };
>
> ...
>
> Dave
>
> --
> David Forrest Maple Park Development Corporation St. Louis, Missouri
>



More information about the bind-users mailing list