?????? Access Control Lists error

Duan Duan via bind-users Wed, 19 Feb 2025 19:52:55 -0800

????????
1422807...@qq.com



&nbsp;




------------------ ???????? ------------------
??????:                                                                         
                                               "stuart@registry.godaddy"        
                                                                            
<stuart@registry.godaddy&gt;;
????????:&nbsp;2025??2??20??(??????) ????10:56
??????:&nbsp;"Duan 
Duan"<1422807...@qq.com&gt;;"bind-users"<bind-users@lists.isc.org&gt;;

????:&nbsp;Re: Access Control Lists error



&gt; From: bind-users <bind-users-boun...@lists.isc.org&gt; on behalf of Duan 
Duan via bind-users <bind-users@lists.isc.org&gt;
&gt; 
&gt; Hey Guys,
&gt; 
&gt; I am upgrading my bind version from 9.11.0 to 9.18.31.
&gt; 
&gt; But I have some questions about Access Control Lists(acls).
&gt; 
&gt; I am in version 9.11.0 acl file is like this
&gt; 
&gt; root@hz#cat tsg_acl
&gt; acl "tsg_acl" {
&gt;&nbsp;&nbsp; &nbsp; ecs 10.56.21.236/30;
&gt; };
&gt; 
&gt; But when I upgraded to version 9.18.31, it reported an error.
&gt; 
&gt; error :&nbsp; /home/named/acl/tsg_acl:2: missing ';' before '10.56.21.236'

Hi Duan,

It appears that the "ecs" functionality in an ACL was removed in 9.13.1 
(according to the release notes):

4952. [func] Authoritative server support in named for the
&nbsp; EDNS CLIENT-SUBNET option (which was experimental
&nbsp; and not practical to deploy) has been removed.

&nbsp; The ECS option is still supported in dig and mdig
&nbsp; via the +subnet option, and can be parsed and logged
&nbsp; when received by named, but it is no longer used
&nbsp; for ACL processing. The "geoip-use-ecs" option
&nbsp; is now obsolete; a warning will be logged if it is
&nbsp; used in named.conf. "ecs" tags in an ACL definition
&nbsp; are also obsolete and will cause the configuration
&nbsp; to fail to load. [GL #32] 

Stuart


--------------------------------------------------------------------------------


Hi, Stuart


Thank you for your reply.


But I still have a lot of doubts.


That's mean my Authoritative server can't use any acl of view to respond to dig 
+subnet?

How can I use dig +subnet=interior_ip&nbsp;to get parsing in the 
view_interior&nbsp;of my authoritative service??


And I had to use ip to distinguish views.


Do you have any ideas?? 


Kind regards
Duan

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

?????? Access Control Lists error

Reply via email to