<meta http-equiv="Content-Type" content="text/html; charset=GB18030"><div><br></div><div><br></div><div><hr align="left" style="margin: 0 0 10px 0;border: 0;border-bottom:1px solid #E4E5E6;height:0;line-height:0;font-size:0;padding: 20px 0 0 0;width: 50px;"><div style="font-size:14px;font-family:Verdana;color:#000;"><a class="xm_write_card" id="in_alias" style="white-space: normal; display: inline-block; text-decoration: none !important;font-family: -apple-system,BlinkMacSystemFont,PingFang SC,Microsoft YaHei;" href="https://wx.mail.qq.com/home/index?t=readmail_businesscard_midpage&nocheck=true&name=%E4%BB%8E%E4%BB%8A%E4%BB%A5%E5%90%8E&icon=http%3A%2F%2Fthirdqq.qlogo.cn%2Fg%3Fb%3Doidb%26k%3DjFVgKQWtgsLlD7mw4vmHyQ%26kti%3DZUHJhAAAAAA%26s%3D640%26t%3D1557174854&mail=1422807819%40qq.com&code=0xvGiq3GHMKk6CXySX9HjDeLFZy_0LvinoU7BCGaMtH02Bc96KTEnS_b3sR-8tYU8ZoZE624zgJ8DfHrqGBiBA" target="_blank"><table style="white-space: normal;table-layout: fixed; padding-right: 20px;" contenteditable="false" cellpadding="0" cellspacing="0"><tbody><tr valign="top"><td style="width: 40px;min-width: 40px; padding-top:10px"><div style="width: 38px; height: 38px; border: 1px #FFF solid; border-radius:50%; margin: 0;vertical-align: top;box-shadow: 0 0 10px 0 rgba(127,152,178,0.14);"><img src="http://thirdqq.qlogo.cn/g?b=oidb&k=jFVgKQWtgsLlD7mw4vmHyQ&kti=ZUHJhAAAAAA&s=640&t=1557174854" style="width:100%;border-radius:50%;pointer-events: none;"></div></td><td style="padding: 10px 0 8px 10px;"><div class="businessCard_name" style="font-size: 14px;color: #33312E;line-height: 20px; padding-bottom: 2px; margin:0;font-weight: 500;">从今以后</div><div class="businessCard_mail" style="font-size: 12px;color: #999896;line-height: 18px; margin:0;">1422807819@qq.com</div></td></tr></tbody></table></a></div></div><div> </div><div style="position: relative;"><div><br></div><div><br></div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------ 原始邮件 ------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div><b>发件人:</b>                                                                                                                        "stuart@registry.godaddy"                                                                                    <stuart@registry.godaddy>;</div><div><b>发送时间:</b> 2025年2月20日(星期四) 上午10:56</div><div><b>收件人:</b> "Duan Duan"<1422807819@qq.com>;"bind-users"<bind-users@lists.isc.org>;<wbr></div><div></div><div><b>主题:</b> Re: Access Control Lists error</div></div><div><br></div>> From: bind-users <bind-users-bounces@lists.isc.org> on behalf of Duan Duan via bind-users <bind-users@lists.isc.org><br>> <br>> Hey Guys,<br>> <br>> I am upgrading my bind version from 9.11.0 to 9.18.31.<br>> <br>> But I have some questions about Access Control Lists(acls).<br>> <br>> I am in version 9.11.0 acl file is like this<br>> <br>> root@hz#cat tsg_acl<br>> acl "tsg_acl" {<br>>     ecs 10.56.21.236/30;<br>> };<br>> <br>> But when I upgraded to version 9.18.31, it reported an error.<br>> <br>> error :  /home/named/acl/tsg_acl:2: missing ';' before '10.56.21.236'<br><br>Hi Duan,<br><br>It appears that the "ecs" functionality in an ACL was removed in 9.13.1 (according to the release notes):<br><br>4952. [func] Authoritative server support in named for the<br>  EDNS CLIENT-SUBNET option (which was experimental<br>  and not practical to deploy) has been removed.<br><br>  The ECS option is still supported in dig and mdig<br>  via the +subnet option, and can be parsed and logged<br>  when received by named, but it is no longer used<br>  for ACL processing. The "geoip-use-ecs" option<br>  is now obsolete; a warning will be logged if it is<br>  used in named.conf. "ecs" tags in an ACL definition<br>  are also obsolete and will cause the configuration<br>  to fail to load. [GL #32] <br><br>Stuart</div><div style="position: relative;"><br></div><div style="position: relative;">--------------------------------------------------------------------------------</div><div style="position: relative;"><br></div><div style="position: relative;">Hi, Stuart</div><div style="position: relative;"><br></div><div style="position: relative;">Thank you for your reply.</div><div style="position: relative;"><br></div><div style="position: relative;">But I still have a lot of doubts.</div><div style="position: relative;"><br></div><div style="position: relative;">That's mean my Authoritative server can't use any acl of view to respond to dig +subnet?</div><div style="position: relative;"><br><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; ">How can I use dig +subnet=</span>interior_ip to get parsing in the view_interior of my authoritative service？</div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; "><br></span></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; ">And I had to use ip to distinguish views.</span></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; "><br></span></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; ">Do you have any ideas？ </span></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; "><br></span></div><div style="position: relative;"><div style="font-family: "lucida Grande", Verdana;">Kind regards</div><div style="font-family: "lucida Grande", Verdana;">Duan</div></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; "><br></span></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; "></span></div><div style="position: relative;"><span style="  ; ; ; ; ; ; ; ; ; ; ; ; ; "><br></span></div>