BIND Refusing to Resolve for External Hosts
Chris Maness
chris at chrismaness.com
Sat Jul 3 19:28:29 UTC 2010
On Thu, Jul 1, 2010 at 7:33 AM, Matthew Seaman
<m.seaman at infracaninophile.co.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/07/2010 15:05:37, Chris Maness wrote:
>> Can a sub block of IP address space be used, and if so, what is the
>> wild card?
>
> Yes. You can use lists of IPs or address-and-mask in BIND ACLs. See:
>
> http://www.isc.org/files/arm96.html#address_match_lists
>
> and
>
> http://www.isc.org/files/arm96.html#id2553419
>
> So, for example, I use this in my own BIND configuration:
>
> acl public-nets {
> 127.0.0.1;
> ::1;
> 81.187.76.160/29;
> 81.187.220.164;
> 2001:8b0:151:1::/64;
> };
>
> Cheers,
>
> Matthew
>
>
> - --
Including the line:
acl public-nets { 127.0.0.1; ::1; }
for testing resulted in a failure to launch with the following error code:
/etc/namedb/named.conf:23: unknown option 'acl'
/etc/rc.d/named: ERROR: named-checkconf for $named_conf failed
It seems as though BIND did not recognize this option. Is there
something that I need to enable in order to use this option?
Thanks,
Chris Maness
More information about the freebsd-questions
mailing list