DoT answers only for loopback interface

[poubeline at free.fr]

Hi Sten,


I might need new glasses or change my brain sometimes as I missed this 
/16 for the 192.168.0.0 IP range.

I updated my  bogusnets ACL with !192.168.10.0/24 before the 
192.168.0.0/16 and all is working like a charm now.

I knew there was something in this part but couldn't think of something 
else as I was struggling on this for a long time and I should have been 
very tired.


Thanks for pointing me in the right direction!


Best regards,

Laurent



Le 04/05/2026 à 21:01, Sten Carlsen a écrit :
> Think that 192.168.0.0/16 = 192.168.x.x  which includes 
> 192.168.10.0/24 so adding your !192…  will only work if if comes in 
> the right sequence relative to the 192.168.0.0/16; (don't recall how 
> priorities work here)
>
> -- 
> Best regards
> Sten Carlsen
>
> A pessimist is a person that can find a problem for every solution.
>
>
>> On 4 May 2026, at 17.12, poubeline--- via bind-users 
>> <bind-users at lists.isc.org> wrote:
>>
>> OK, I have found something strange.
>>
>> In my named.conf.local file I have:
>>
>> acl bogusnets {
>>     0.0.0.0/8;  192.0.2.0/24; 224.0.0.0/3;
>>     10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
>> };
>>
>>
>> and in my named.conf.options file I have:
>>
>>     blackhole { bogusnets; };
>>
>>
>> and in this case I cannot query from my local net.
>>
>> If I comment the 'blackhole' line in named.conf.options everything works.
>>
>>
>> I don't understand why I cannot query from my local net event if it 
>> is not in the 'bogusnets' ACL.
>>
>> Even if I add '!192.168.10.0/24;' in the 'blackhole' or in the 
>> 'bogusnets' ACL I cannot query from my local net.
>>
>>
>> If anyone has a clue, let me know
>>
>>
>> -- 
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260505/a691ffa5/attachment-0001.htm>