On Fri, Nov 05, 2004 at 12:16:13AM -0500, Barry Margolin wrote: > In article , Phil Dibowitz > wrote: > > > Thanks. That'll work (well, I'm going to try it, anyway). But more > > fundamentally I'm wondering _why_ acls don't work there. Should they? Is this > > a bug/feature? > > > > Cause that's kinda what the acls are there for, no? > > No. ACLs are like wildcards -- they can be used to match against. You > can put networks in ACLs, but it's unlikely that you would want to > notify all the machines on a network. But you can do stuff like: acl foo { 1.2.3.4; 1.2.3.5; }; ... allow-query { foo; }; So what's the difference between that and: acl foo { 1.2.3.4; 1.2.3.5; }; ... also-notify { foo; }; ? They seem the same to me, yet the first one works and the second one doesn't. -- Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 -- Attached file included as plaintext by Ecartis -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBizx57lkZ1Iyv898RArftAKCezEgIsNqgp2bTwxa2IIpE0ESXCgCfYZvp B0LphwWTmPzpsGw5zRAa3n8= =rXM1 -----END PGP SIGNATURE-----