I tried to use the acl statement in my named.conf file, but I have a hard time making it work. In my named.conf file, I've put these acl statements in these formats (made up IP addresses mind you):-
---------- // Individual ACL list acl addr1 { 11.22.33.44; 12.23.34.45; }; acl addr2 { 22.33.44.55; 5.4.3.2; 99.0.0.0; }; acl addr3 { 111.3.4.5; 2001:3000::1; 122.3.4.5; 2001:3000::2; }; // Nested ACLs list acl alladdr { addr1; addr2; addr3; }; ------------ Then when I put the 'alladdr' thing in my 'allow-transfer' and 'also-notify' arguments, as shown below, BIND will fail to start:- ----------- zone "example.net" { type master; file "examplenet.conf"; allow-transfer { "alladdr"; }; also-notify { "alladdr"; }; key-directory "keys/examplenet/"; inline-signing yes; auto-dnssec maintain; }; ------- Here is the log:- ------ ---------------------------------------------------- BIND 9 is maintained by Internet Systems Consortium, Inc. (ISC), a non-profit 501(c)(3) public-benefit corporation. Support and training for BIND 9 are available at https://www.isc.org/support ---------------------------------------------------- adjusted limit on open files from 1024 to 1048576 found 1 CPU, using 1 worker thread using 1 UDP listener per interface using up to 4096 sockets loading configuration from '/etc/named.conf' reading built-in trusted keys from file '/etc/named.iscdlv.key' using default UDP/IPv4 port range: [1024, 65535] using default UDP/IPv6 port range: [1024, 65535] listening on IPv4 interface lo, 127.0.0.1#53 listening on IPv4 interface venet0:0, <redacted>#53 listening on IPv6 interface lo, ::1#53 listening on IPv6 interface venet0, <redacted>#53 generating session key for dynamic DNS sizing zone task pool based on 10 zones /etc/named.conf:111: masters "alladdr" not found loading configuration: not found exiting (due to fatal error) ----- >From examples I read from the Internet, I don;t think I have done anything wrong. If I put all the IP addresses from addr1, addr2 and addr3 into the allow-transfer and also-notify statements, BIND will start normally without problems. Thanks for reading. -- Bryan S.G. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users