[bind10-dev] ACL Syntax proposal

Michal 'vorner' Vaner michal.vaner at nic.cz
Sat Jun 4 10:39:21 UTC 2011


Hello

On Fri, Jun 03, 2011 at 12:46:11PM -0700, JINMEI Tatuya / 神明達哉 wrote:
> Using BIND 9's analogy (not to mean we should definitely follow it in
> BIND 10), we'd actually separate these rules in places where they are
> applied.

Surely, I meant it mostly for the sake of the example. If we were to build such
sequential ACL, I guess it would look bad.

But then, I see many people don't like it, and, as you say, even if this would
be slightly better, users will be people too and we can guess they would react
very similar way. So, let's concentrate on how we replace it.

If boolean logic with optional first-match is not good, could it work the other
way around? Have first-match logic, with optional boolean operators or something
like that? Because we'll still need to specify complex things.

Would someone want to have a look at how to encode it in JSON in the least
awkward way? I'd be probably too influenced by the proposal I wrote (despite the
effort and knowledge it would be best, it's hard to discard some ideas). Or,
should I try it anyway?

With regards

-- 
This email has been checked by an automatic damage possibility check system.
It can contain harmful instructions if read backwards.
Internal checker ID: lacol.cr/cte/ << tlah ohce

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20110604/fc2fce48/attachment.bin>


More information about the bind10-dev mailing list