Date: Sat, 3 Jul 2010 12:28:27 -0700 From: Chris Maness <chris@chrismaness.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: BIND Refusing to Resolve for External Hosts Message-ID: <AANLkTilcO5uZnUceNyqBf3rLv1KoJXNfI9df3xtNcKIu@mail.gmail.com> In-Reply-To: <4C2CA73E.9010700@infracaninophile.co.uk> References: <AANLkTimgwvEhu9gt-L9_apH_rnwsv3NHSBARpHJepsvy@mail.gmail.com> <AANLkTimWrBi3wxvkKR0tLabbI1nz7fU_7xu0QZFeJ8ep@mail.gmail.com> <AANLkTinhx0LuivXNQNQKz3g57OSWTScWIIyZlP_ngrdk@mail.gmail.com> <AANLkTikp3KxZ3hwo5o5Zv2jS7Q9unVvXmXSVB0HBgkdZ@mail.gmail.com> <4C2CA73E.9010700@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 1, 2010 at 7:33 AM, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/07/2010 15:05:37, Chris Maness wrote: >> Can a sub block of IP address space be used, and if so, what is the >> wild card? > > Yes. =A0You can use lists of IPs or address-and-mask in BIND ACLs. =A0See= : > > http://www.isc.org/files/arm96.html#address_match_lists > > and > > http://www.isc.org/files/arm96.html#id2553419 > > So, for example, I use this in my own BIND configuration: > > acl public-nets { > =A0 =A0127.0.0.1; > =A0 =A0::1; > =A0 =A081.187.76.160/29; > =A0 =A081.187.220.164; > =A0 =A02001:8b0:151:1::/64; > }; > > =A0 =A0 =A0 =A0Cheers, > > =A0 =A0 =A0 =A0Matthew > > > - -- Including the line: acl public-nets { 127.0.0.1; ::1; } for testing resulted in a failure to launch with the following error code: /etc/namedb/named.conf:23: unknown option 'acl' /etc/rc.d/named: ERROR: named-checkconf for $named_conf failed It seems as though BIND did not recognize this option. Is there something that I need to enable in order to use this option? Thanks, Chris Maness
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilcO5uZnUceNyqBf3rLv1KoJXNfI9df3xtNcKIu>