From owner-freebsd-questions@FreeBSD.ORG Sat Jul 3 19:28:29 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D2CB106566C for ; Sat, 3 Jul 2010 19:28:29 +0000 (UTC) (envelope-from christopher.maness@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id E1A988FC0C for ; Sat, 3 Jul 2010 19:28:28 +0000 (UTC) Received: by iwn35 with SMTP id 35so2473812iwn.13 for ; Sat, 03 Jul 2010 12:28:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=77NKYTeosIMKEqKSCvkTjDuPxvE2cIXtZxzsXnikWbg=; b=e8cV44lJmBGqu4mLAyl31F06HErnNovcleGSpxQHeEZ1S5iSvxYcxuF2HwlxQndpnG 7iPIdnun0TbJvt8b8gu54/zT/37QFIbi7WFMsGAPMLTaQrnW57ohVX/nsqPJe+XyaO7N LrdLJFgQZrWisj/dg5PkcCloWWfNtvnCJRBEU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=UMzECZRyK+4AKUjdSzn1oYytiWn/AZ6padPakq571w+mwKlfiLHtNnIzltGfHXofff VKE6DMVxveS/FpGsuhPwyUzpboXK5bO809two6vvsWxteauXKIFgQZgfFn6byvixBJ4l dmW71Mp6CiCeeCTVNwyUwso1SKpXGp0R7Sf3c= MIME-Version: 1.0 Received: by 10.231.148.131 with SMTP id p3mr846216ibv.18.1278185307773; Sat, 03 Jul 2010 12:28:27 -0700 (PDT) Sender: christopher.maness@gmail.com Received: by 10.231.158.195 with HTTP; Sat, 3 Jul 2010 12:28:27 -0700 (PDT) In-Reply-To: <4C2CA73E.9010700@infracaninophile.co.uk> References: <4C2CA73E.9010700@infracaninophile.co.uk> Date: Sat, 3 Jul 2010 12:28:27 -0700 X-Google-Sender-Auth: ZIs5fnHQ69zGsbHJYkJuxgJUzGk Message-ID: From: Chris Maness To: Matthew Seaman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: BIND Refusing to Resolve for External Hosts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jul 2010 19:28:29 -0000 On Thu, Jul 1, 2010 at 7:33 AM, Matthew Seaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/07/2010 15:05:37, Chris Maness wrote: >> Can a sub block of IP address space be used, and if so, what is the >> wild card? > > Yes. =A0You can use lists of IPs or address-and-mask in BIND ACLs. =A0See= : > > http://www.isc.org/files/arm96.html#address_match_lists > > and > > http://www.isc.org/files/arm96.html#id2553419 > > So, for example, I use this in my own BIND configuration: > > acl public-nets { > =A0 =A0127.0.0.1; > =A0 =A0::1; > =A0 =A081.187.76.160/29; > =A0 =A081.187.220.164; > =A0 =A02001:8b0:151:1::/64; > }; > > =A0 =A0 =A0 =A0Cheers, > > =A0 =A0 =A0 =A0Matthew > > > - -- Including the line: acl public-nets { 127.0.0.1; ::1; } for testing resulted in a failure to launch with the following error code: /etc/namedb/named.conf:23: unknown option 'acl' /etc/rc.d/named: ERROR: named-checkconf for $named_conf failed It seems as though BIND did not recognize this option. Is there something that I need to enable in order to use this option? Thanks, Chris Maness