ACL Question

Spain, Dr. Jeffry A. spainj at countryday.net
Sat Mar 9 16:47:30 UTC 2013


> can I set an acl on an auth server instance? If yes how and where? Reading the admin guide I found examples on how to set ACLs for the resolver but not for the auth server. Chapter 9 talks about config set somewhere/acl but I don't know what somewhere is for my purposes. 

> Also can I create a construct similar to views in bind 9?

I know you can do at least the following with access control:

Restrict outgoing zone transfers from a master:
config set tsig_keys/keys ["mymaster-myslave:<my TSIG Key>:hmac-sha256"]
config set Xfrout/transfer_acl[0] {"action": "REJECT"}
config add Xfrout/zone_config
config set Xfrout/zone_config[0]/origin "mydomain.com"
config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "<IP address of slave>", "key": "mymaster-myslave"}]

Restrict incoming zone transfers to a slave:
config set tsig_keys/keys ["mymaster-myslave: <my TSIG Key>:hmac-sha256"]
config add Xfrin/zones
config set Xfrin/zones[0]/name "mydomain.com"
config set Xfrin/zones[0]/master_addr "<IP address of master>"
config set Xfrin/zones[0]/tsig_key "mymaster-myslave:<my TSIG Key>:hmac-sha256"

There may be other ACL functionality that I haven't discovered. I don't have any information about views. Jeff.

Jeffry A. Spain, Network Administrator
Cincinnati Country Day School



More information about the bind10-users mailing list