ACL

The ACL clause allows fine-grained control over what hosts or users may perform what operations on the DNSVAULT.

You can navigate to ACL:

acl's define a address_match_list e.g. IP address(es), which can then be referenced (used) in a number of statements and the clause(s). acl's MUST be defined before they are referenced in any statement or clause. For this reason they are usually defined first in the named.conf file. 'acl-name' is an arbitrary (but unique) quoted string defining the specific list. The 'acl-name' is the method used to subsequently reference the particular list. Any number of acl's may be defined.

The following special acl-name values are built into BIND:

1. "none" - matches no hosts

2. "any" - matches all hosts

3. "localhost" - matches all the IP address(es) of the server on which BIND is running e.g. if the server has a single interface with an IP address of 192.168.2.3 then localhost will match 192.168.2.3 and 127.0.0.1 (the loopback address is always present).

4. "localnets" - matches all the IP address(es) and subnetmasks of the server on which BIND is running i.e. if the server has a single interface with an IP address of 192.168.2.3 and a netmask of 255.255.255.0 (or 192.168.2.2/24) then localnets will match 192.168.2.0 to 192.168.2.255 and 127.0.0.1 (the loopback is assumed to be a single address). Some systems do not provide a way to determine the prefix lengths of local IPv6 addresses. In such a case, localnets only matches the local IPv6 addresses, just like localhost.