DoT answers only for loopback interface
Sten Carlsen
stenc at s-carlsen.dk
Mon May 4 19:01:22 UTC 2026
Think that 192.168.0.0/16 = 192.168.x.x which includes 192.168.10.0/24 so adding your !192… will only work if if comes in the right sequence relative to the 192.168.0.0/16; (don't recall how priorities work here)
--
Best regards
Sten Carlsen
A pessimist is a person that can find a problem for every solution.
> On 4 May 2026, at 17.12, poubeline--- via bind-users <bind-users at lists.isc.org> wrote:
>
> OK, I have found something strange.
>
> In my named.conf.local file I have:
>
> acl bogusnets {
> 0.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
> 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
> };
>
>
>
> and in my named.conf.options file I have:
>
> blackhole { bogusnets; };
>
>
>
> and in this case I cannot query from my local net.
>
> If I comment the 'blackhole' line in named.conf.options everything works.
>
>
>
> I don't understand why I cannot query from my local net event if it is not in the 'bogusnets' ACL.
>
> Even if I add '!192.168.10.0/24;' in the 'blackhole' or in the 'bogusnets' ACL I cannot query from my local net.
>
>
>
> If anyone has a clue, let me know
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260504/2e2cb396/attachment.htm>
More information about the bind-users
mailing list