diff options
Diffstat (limited to 'contrib/bind/doc/html/address_list.html')
| -rw-r--r-- | contrib/bind/doc/html/address_list.html | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/contrib/bind/doc/html/address_list.html b/contrib/bind/doc/html/address_list.html deleted file mode 100644 index c2b2fe784fec..000000000000 --- a/contrib/bind/doc/html/address_list.html +++ /dev/null @@ -1,100 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Address Match Lists</TITLE> -</HEAD> -<BODY> - -<H2>BIND Configuration File Guide--Address Match Lists</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -<VAR>address_match_list</VAR> = <VAR>address_match_element</VAR> [ <VAR>address_match_element</VAR> ... ] - -<VAR>address_match_element</VAR> = [ "!" ] ( <VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR><A HREF="docdef.html">"key" key_id</A></VAR> / { <VAR>address_match_list</VAR> } ) ; -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>Address match lists are primarily used to determine access control for -various server operations. They are also used to define priorities -for querying other nameservers and to set the addresses on which -<CODE>named</CODE> will listen for queries. -The elements which constitute an address match list can be any -of the following:</P> - -<UL> -<LI>an IP address (in dotted-decimal notation),</LI> - -<LI>an IP prefix (in the '/'-notation),</LI> - -<LI>a key ID, as defined by the -<A HREF="key.html"><CODE>key</CODE></A> statement, or - -<LI>the name of an address match list previously defined with -the <A HREF="acl.html"><CODE>acl</CODE></A> statment, or</LI> - -<LI>another <VAR>address_match_list</VAR></LI> -</UL> - -<P>Elements can be negated with a leading exclamation mark ("!"), and -the match list names "any", "none", "localhost" and "localnets" are -predefined. More information on those names can be found in the -description of the <A HREF="acl.html"><CODE>acl</CODE></A> statement. - -<P>The addition of the <CODE>key</CODE> -clause made the name of this syntactic element something of a -misnomer, since security keys can be used to validate access without -regard to a host or network address. Nonetheless, the term "address -match list" is still used throughout the documentation.</P> - -<P>When a given IP address or prefix is compared to an address match -list, the list is traversed in order until an element matches. The -interpretation of a match depends on whether the list is being used -for access control, defining <CODE>listen-on</CODE> ports, or as a -topology, and whether the element was negated.</P> - -<P>When used as an access control list, a non-negated match allows -access and a negated match denies access. If there is no match, -access is denied. The clauses <CODE>allow-query</CODE>, -<CODE>allow-transfer</CODE>, <CODE>allow-update</CODE> and -<CODE>blackhole</CODE> all use address match lists like this. -Similarly, the <CODE>listen-on</CODE> -option will cause the server to not accept queries on any of the -machine's addresses which do not match the list. - -<P>When used with the <CODE>topology</CODE> clause, a non-negated -match returns a distance based on its position on the list (the closer -the match is to the start of the list, the shorter the distance is -between it and the server). A negated match will be assigned the -maximum distance from the server. If there is no match, the address -will get a distance which is further than any non-negated list -element, and closer than any negated element.</P> - -<P>Because of the first-match aspect of the algorithm, an element that -defines a subset of another element in the list should come before the -broader element, regardless of whether either is negated. For -example, in <CODE>1.2.3/24; ! 1.2.3.13;</CODE> the 1.2.3.13 -element is completely useless, because the algorithm will match -any lookup for 1.2.3.13 to the 1.2.3/24 element. Using -<CODE>! 1.2.3.13; 1.2.3/24</CODE> fixes that problem by -having 1.2.3.13 blocked by the negation but all other 1.2.3.* hosts -fall through. - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: address_list.html,v 1.9 1999/12/03 02:20:42 gson Exp $ -</ADDRESS> -</BODY> -</HTML> |