As I initially thought that bind worked with the normal notation of a
subnet, I did the configuration as I initially posted.
Now with your explanations I see that it is as Greg commented. This is just
pattern matching.
Thank you all!!!
On Wed, Aug 24, 2022 at 1:23 PM Ondřej Surý wrote:
> The o
The original problem was that BIND 9.16 now requires use of CIDR blocks rather
than using IP addresses in CIDR notation. Using arbitrary IP address to specify
CIDR block doesn’t make much sense and is prone to errors - when you see
10.10.1.0/23 it’s quite hard to tell what was the original inten
> On 24 Aug 2022, at 16.52, Greg Choules
> wrote:
>
> Hi Sten.
> That is absolutely what you do *not* want to do.
>
> Writing it out in binary might help. /23 means the following:
> 1110
>
> '1' bits mean, test an incoming address against the corresponding bit
Hi Sten.
That is absolutely what you do *not* want to do.
Writing it out in binary might help. /23 means the following:
1110
'1' bits mean, test an incoming address against the corresponding bit from
the address in the mask.
'0' bits mean, don't test an incoming add
I think you want something like this:
(!10.60.0.0; !10.60.0.255; 10.60.0.0/24)
First deny the two addresses you want not to be part of the ACL and then accept
the whole network.
First match is used, so 10.60.0.0 would match !10.60.0.0 and be rejected before
the next are tested.
Thanks
Sten
>
> No, it's not. This is ACL specification, not a interface/network
> configuration.
Ok.
> No, I've already provided you with a correct answer what 10.60.0.0/23 means
> in terms of range, why do you insist on this?
ok.
> I think others have already answered that, I would be just repeating the
> On 24. 8. 2022, at 15:58, Elias Pereira wrote:
>
> hello Ondrej,
>
> Not completely wrong, because 255 is the broadcast.
No, it's not. This is ACL specification, not a interface/network configuration.
> For a better understanding, then it would be Available range 10.60.0.1 to
> 10.60.1.254
hello Ondrej,
Not completely wrong, because 255 is the broadcast.
For a better understanding, then it would be Available range 10.60.0.1 to
10.60.1.254.
Correctly specified range (without address/host bits) does takes the whole
> range.
Like this 10.60/23; ?
On Wed, Aug 24, 2022 at 10:33 AM O
> On 24. 8. 2022, at 15:26, Elias Pereira wrote:
>
>
> Hello Greg,
>
> Why doesn't bind work with networks/subnets in the conventional way?
It does.
> If the private subnet is 10.60.0.0/23, then it means that the address range
> is 10.60.0.1 to 10.60.1.254.
That’s wrong. 10.60.0.0/23 mea
Hello Greg,
Why doesn't bind work with networks/subnets in the conventional way?
If the private subnet is 10.60.0.0/23, then it means that the address range
is 10.60.0.1 to 10.60.1.254.
How do I configure this ACL in named.conf.local so that it takes the whole
range?
On Wed, Aug 24, 2022 at 9:3
On 24/08/2022 14:16, Elias Pereira wrote:
Hi Elias,
Oh, sorry... :D
here it is
# cat named.conf.local
# ACL das redes internas
# Ultima modificação: 24/08/2022
acl "internal" {
10.60.0.1/23;
This is the issue. The address part of the prefix should be the lowest
address in that prefix. If
te:
>
>> On 24/08/2022 14:08, Elias Pereira wrote:
>>
>> Hi Elias,
>>
>> > I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
>> >
>> > Now I get the address/prefix length mismatch error in name.conf.local.
>> >
>
n Wed, Aug 24, 2022 at 9:14 AM Anand Buddhdev wrote:
>
>> On 24/08/2022 14:08, Elias Pereira wrote:
>>
>> Hi Elias,
>>
>> > I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
>> >
>> > Now I get the address/prefix length misma
.40.0.1/22;
10.56.0.1/22;
};
On Wed, Aug 24, 2022 at 9:14 AM Anand Buddhdev wrote:
> On 24/08/2022 14:08, Elias Pereira wrote:
>
> Hi Elias,
>
> > I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
> >
> > Now I get the address/prefix length misma
On 24/08/2022 14:08, Elias Pereira wrote:
Hi Elias,
I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
Now I get the address/prefix length mismatch error in name.conf.local.
In my first AD that I have not upgraded yet, it is working correctly with
the same settings in
Hello,
I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
Now I get the address/prefix length mismatch error in name.conf.local.
In my first AD that I have not upgraded yet, it is working correctly with
the same settings in version 9.11.x.
What is the problem with version
16 matches
Mail list logo
