> From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Duan Duan
> via bind-users <bind-users@lists.isc.org>
>
> Hey Guys,
>
> I am upgrading my bind version from 9.11.0 to 9.18.31.
>
> But I have some questions about Access Control Lists(acls).
>
> I am in version 9.11.0 acl file is like this
>
> root@hz#cat tsg_acl
> acl "tsg_acl" {
> ecs 10.56.21.236/30;
> };
>
> But when I upgraded to version 9.18.31, it reported an error.
>
> error : /home/named/acl/tsg_acl:2: missing ';' before '10.56.21.236'
Hi Duan,
It appears that the "ecs" functionality in an ACL was removed in 9.13.1
(according to the release notes):
4952. [func] Authoritative server support in named for the
EDNS CLIENT-SUBNET option (which was experimental
and not practical to deploy) has been removed.
The ECS option is still supported in dig and mdig
via the +subnet option, and can be parsed and logged
when received by named, but it is no longer used
for ACL processing. The "geoip-use-ecs" option
is now obsolete; a warning will be logged if it is
used in named.conf. "ecs" tags in an ACL definition
are also obsolete and will cause the configuration
to fail to load. [GL #32]
Stuart
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
