On Nov 16, 2008, at 5:22 PM, Jonathan Petersson wrote:
allow-update { !{!10/8;any;}; key update-key; };
Wouldn't this still permit any client on the 10/8 subnet to update
the zones?
No. It says:
1. Deny anyone who isn't in 10/8.
2. Allow anyone using this key.
The first item in the list never says to allow 10/8, it just says to
deny everyone else. The processing therefore continues to the second
item; any request not matched by either rule is denied.
In other words, in ACL processing, "not no" != "yes".
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
