Acl's are "first match".
What you had devolves to
match-clients { any; };
Try.
match-clients { !192.168.0.0/22; !127.0.0.1; any; };
Adjust all the other acls
Ok so these are similar to Cisco IOS Acl's now I get it :-)
Unfortunately the reverse zone is still not transferring??
This is what I have now after re-jig:
named.conf:
view "external" {
match-clients { !192.168.0.0/22; !127.0.0.1; any; };
allow-recursion {
127.0.0.1;
};
include "/etc/opt/csw/bind/named.conf.external";
};
named.conf.external:
zone "2.178.81.in-addr.arpa" {
type slave;
file "/var/named/81.178.2.rev";
masters { 192.168.1.100; };
allow-notify { 192.168.1.100; };
allow-query { 192.168.1.100; !192.168.0.0/22; any; };
};
Of course this is the slave, however the master is quite similar with
allow-notify and query being 192.168.1.101 instead......
Still no go though :-(
# ls /var/named
192.168.1.rev birim-it-external.db
birimgrup.db birimguvenlik-net-external.db
optiplex-networks.db
benimadimfs-external.db birim-it.db
birimguvenlik-com-external.db birimguvenlik-net.db
benimadimfs.db birimgrup-external.db
birimguvenlik-com.db optiplex-networks-external.db
??
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
