No, there is no need to redefine localhost acl. It is built-in and already specifies localhost IPv4 and IPv6 address. similar to localnets (networks directly connected to the server), any or none names. Read a great ARM documentation about BIND [1], it has section about ACLs describing build-in names.
Just use localhost, whatever should not be served to outside network. The best way to protect your service is to listen only to localhost address however. Cheers, Petr 1. https://bind9.readthedocs.io/ On 6/25/21 1:04 PM, Alessandro Vesely wrote: > Ooops, sorry. Please forget that. > > On Fri 25/Jun/2021 12:50:55 +0200 Alessandro Vesely wrote: >> However, named-checkconf doesn't complain. I could fix that by >> defining an acl named localhost. But do I need to? > > > Now I tried to redefine and got: > > /etc/bind/named.conf.options:37: attempt to redefine builtin acl > 'localhost' > > > >> >> Best >> Ale -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users