diff options
Diffstat (limited to 'contrib/bind/doc/html/address_list.html')
-rw-r--r-- | contrib/bind/doc/html/address_list.html | 53 |
1 files changed, 33 insertions, 20 deletions
diff --git a/contrib/bind/doc/html/address_list.html b/contrib/bind/doc/html/address_list.html index 894ef04..ec39138 100644 --- a/contrib/bind/doc/html/address_list.html +++ b/contrib/bind/doc/html/address_list.html @@ -14,14 +14,18 @@ <PRE> <VAR>address_match_list</VAR> = 1*<VAR>address_match_element</VAR> -<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR>address_match_list</VAR>) ";" +<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">address_match_list</A></VAR> / <VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR><A HREF="docdef.html">"key" key_id</A></VAR>) ";" </PRE> <HR> <A NAME="Usage"><H3>Definition and Usage</H3></A> -<P>Address match lists are lists of elements. The elements can be any +<P>Address match lists are primarily used to determine access control for +various server operations. They are also used to define priorities +for querying other nameservers and to set the addresses on which +<CODE>named</CODE> will listen for queries. +The elements which constitute an address match list can be any of the following:</P> <UL> @@ -29,34 +33,43 @@ of the following:</P> <LI>an IP prefix (in the '/'-notation),</LI> +<LI>a key ID, as defined by the +<A HREF="key.html"><CODE>key</CODE></A> statement, or + <LI>the name of an address match list previously defined with -the <A HREF="acl.html"><CODE>acl</CODE></A> statment.</LI> +the <A HREF="acl.html"><CODE>acl</CODE></A> statment, or</LI> -<LI>an IP address match list</LI> +<LI>another <VAR>address_match_list</VAR></LI> </UL> -<P>The ACLs "any", "none", "localhost" and "localnets" are -predefined. More information can be found in the description of the -<A HREF="acl.html"><CODE>acl</CODE></A> statement. +<P>Elements can be negated with a leading exclamation mark ("!"), and +the match list names "any", "none", "localhost" and "localnets" are +predefined. More information on those names can be found in the +description of the <A HREF="acl.html"><CODE>acl</CODE></A> statement. -<P>Elements can be negated with a leading "!". +<P>The addition of the <CODE>key</CODE> +clause made the name of this syntactic element something of a +misnomer, since security keys can be used to validate access without +regard to a host or network address. Nonetheless, the term "address +match list" is still used throughout the documentation.</P> <P>When a given IP address or prefix is compared to an address match -list, the list is traversed in order and the first match (regardless -of negation) is used. The interpretation of a match depends on -whether the list is being used for access control or as a -topology.</P> +list, the list is traversed in order until an element matches. The +interpretation of a match depends on whether the list is being used +for access control, defining <CODE>listen-on</CODE> ports, or as a +topology, and whether the element was negated.</P> <P>When used as an access control list, a non-negated match allows access and a negated match denies access. If there is no match, access is denied. The clauses <CODE>allow-query</CODE>, -<CODE>allow-transfer</CODE> and <CODE>allow-update</CODE> all use -address match lists like this. Similarly, the <CODE>listen-on</CODE> -clause can use negation to define local addresses which should not be -used to accept nameserver connections.</P> +<CODE>allow-transfer</CODE>, <CODE>allow-update</CODE> and +<CODE>blackhole</CODE> all use address match lists like this. +Similarly, the <CODE>listen-on</CODE> +option will cause the server to not accept queries on any of the +machine's addresses which do not match the list. <P>When used with the <CODE>topology</CODE> clause, a non-negated -match returns a distance based on its postion on the list (the closer +match returns a distance based on its position on the list (the closer the match is to the start of the list, the shorter the distance is between it and the server). A negated match will be assigned the maximum distance from the server. If there is no match, the address @@ -76,12 +89,12 @@ fall through. <HR> <CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A> -| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER> +| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> +| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> <HR> <ADDRESS> -Last Updated: $Id: address_list.html,v 1.5 1998/03/21 01:03:10 halley Exp $ +Last Updated: $Id: address_list.html,v 1.8 1999/09/15 20:28:00 cyarnell Exp $ </ADDRESS> </BODY> </HTML> |