> On 24. 8. 2022, at 15:58, Elias Pereira <empbi...@gmail.com> wrote: > > hello Ondrej, > > Not completely wrong, because 255 is the broadcast.
No, it's not. This is ACL specification, not a interface/network configuration. > For a better understanding, then it would be Available range 10.60.0.1 to > 10.60.1.254. No, I've already provided you with a correct answer what 10.60.0.0/23 means in terms of range, why do you insist on this? > Correctly specified range (without address/host bits) does takes the whole > range. > > Like this 10.60/23; ? I think others have already answered that, I would be just repeating their answers. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On Wed, Aug 24, 2022 at 10:33 AM Ondřej Surý <ond...@isc.org > <mailto:ond...@isc.org>> wrote: > > >> On 24. 8. 2022, at 15:26, Elias Pereira <empbi...@gmail.com >> <mailto:empbi...@gmail.com>> wrote: >> >> >> Hello Greg, >> >> Why doesn't bind work with networks/subnets in the conventional way? > > It does. > >> If the private subnet is 10.60.0.0/23 <http://10.60.0.0/23>, then it means >> that the address range is 10.60.0.1 to 10.60.1.254. > > That’s wrong. 10.60.0.0/23 <http://10.60.0.0/23> means 10.60.0.0 to > 10.60.1.255 range. > >> How do I configure this ACL in named.conf.local so that it takes the whole >> range? > > Correctly specified range (without address/host bits) does takes the whole > range. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> On Wed, Aug 24, 2022 at 9:31 AM Anand Buddhdev <ana...@ripe.net >> <mailto:ana...@ripe.net>> wrote: >> On 24/08/2022 14:16, Elias Pereira wrote: >> >> Hi Elias, >> >> > Oh, sorry... :D >> > >> > here it is >> > >> > # cat named.conf.local >> > # ACL das redes internas >> > # Ultima modificação: 24/08/2022 >> > >> > acl "internal" { >> > 10.60.0.1/23 <http://10.60.0.1/23>; >> >> This is the issue. The address part of the prefix should be the lowest >> address in that prefix. If you change this to 10.60.0.0/23 >> <http://10.60.0.0/23>, it will be >> fine. The same goes for all the other prefixes in your list. Change the >> 1's to 0's. >> >> > 10.10.1.1/24 <http://10.10.1.1/24>; >> > 10.10.2.1/25 <http://10.10.2.1/25>; >> > 10.10.3.1/25 <http://10.10.3.1/25>; >> > 10.10.4.1/25 <http://10.10.4.1/25>; >> > 10.10.5.1/25 <http://10.10.5.1/25>; >> > 10.51.0.1/23 <http://10.51.0.1/23>; >> > 10.10.6.1/25 <http://10.10.6.1/25>; >> > 10.10.7.1/26 <http://10.10.7.1/26>; >> > 172.20.0.1/26 <http://172.20.0.1/26>; >> > 10.50.0.1/23 <http://10.50.0.1/23>; >> > 10.40.0.1/22 <http://10.40.0.1/22>; >> > 10.56.0.1/22 <http://10.56.0.1/22>; >> > }; >> >> >> -- >> Elias Pereira >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users >> <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this >> list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ <https://www.isc.org/contact/> >> for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> >> https://lists.isc.org/mailman/listinfo/bind-users >> <https://lists.isc.org/mailman/listinfo/bind-users> > > > -- > Elias Pereira
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
