Problem with ACL in named.conf

GS Bryan chifuyu at
Thu Aug 30 01:25:00 UTC 2012

I tried to use the acl statement in my named.conf file, but I have a
hard time making it work. In my named.conf file, I've put these acl
statements in these formats (made up IP addresses mind you):-

// Individual ACL list

acl addr1 {;;

acl addr2 {;;;

acl addr3 {;

// Nested ACLs list

acl alladdr {


Then when I put the 'alladdr' thing in my 'allow-transfer' and
'also-notify' arguments, as shown below, BIND will fail to start:-


zone "" {
        type master;
        file "examplenet.conf";
        allow-transfer { "alladdr"; };
        also-notify { "alladdr"; };
		key-directory "keys/examplenet/";
		inline-signing yes;
		auto-dnssec maintain;


Here is the log:-

BIND 9 is maintained by Internet Systems Consortium,
Inc. (ISC), a non-profit 501(c)(3) public-benefit
corporation.  Support and training for BIND 9 are
available at
adjusted limit on open files from 1024 to 1048576
found 1 CPU, using 1 worker thread
using 1 UDP listener per interface
using up to 4096 sockets
loading configuration from '/etc/named.conf'
reading built-in trusted keys from file '/etc/named.iscdlv.key'
using default UDP/IPv4 port range: [1024, 65535]
using default UDP/IPv6 port range: [1024, 65535]
listening on IPv4 interface lo,
listening on IPv4 interface venet0:0, <redacted>#53
listening on IPv6 interface lo, ::1#53
listening on IPv6 interface venet0, <redacted>#53
generating session key for dynamic DNS
sizing zone task pool based on 10 zones
/etc/named.conf:111: masters "alladdr" not found
loading configuration: not found
exiting (due to fatal error)

>From examples I read from the Internet, I don;t think I have done
anything wrong. If I put all the IP addresses from addr1, addr2 and
addr3 into the allow-transfer and also-notify statements, BIND will
start normally without problems.

Thanks for reading.
Bryan S.G.

More information about the bind-users mailing list