summaryrefslogtreecommitdiffstats
path: root/contrib/bind/doc/html/address_list.html
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind/doc/html/address_list.html')
-rw-r--r--contrib/bind/doc/html/address_list.html53
1 files changed, 33 insertions, 20 deletions
diff --git a/contrib/bind/doc/html/address_list.html b/contrib/bind/doc/html/address_list.html
index 894ef04..ec39138 100644
--- a/contrib/bind/doc/html/address_list.html
+++ b/contrib/bind/doc/html/address_list.html
@@ -14,14 +14,18 @@
<PRE>
<VAR>address_match_list</VAR> = 1*<VAR>address_match_element</VAR>
-<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR>address_match_list</VAR>) ";"
+<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">address_match_list</A></VAR> / <VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR><A HREF="docdef.html">"key" key_id</A></VAR>) ";"
</PRE>
<HR>
<A NAME="Usage"><H3>Definition and Usage</H3></A>
-<P>Address match lists are lists of elements. The elements can be any
+<P>Address match lists are primarily used to determine access control for
+various server operations. They are also used to define priorities
+for querying other nameservers and to set the addresses on which
+<CODE>named</CODE> will listen for queries.
+The elements which constitute an address match list can be any
of the following:</P>
<UL>
@@ -29,34 +33,43 @@ of the following:</P>
<LI>an IP prefix (in the '/'-notation),</LI>
+<LI>a key ID, as defined by the
+<A HREF="key.html"><CODE>key</CODE></A> statement, or
+
<LI>the name of an address match list previously defined with
-the <A HREF="acl.html"><CODE>acl</CODE></A> statment.</LI>
+the <A HREF="acl.html"><CODE>acl</CODE></A> statment, or</LI>
-<LI>an IP address match list</LI>
+<LI>another <VAR>address_match_list</VAR></LI>
</UL>
-<P>The ACLs "any", "none", "localhost" and "localnets" are
-predefined. More information can be found in the description of the
-<A HREF="acl.html"><CODE>acl</CODE></A> statement.
+<P>Elements can be negated with a leading exclamation mark ("!"), and
+the match list names "any", "none", "localhost" and "localnets" are
+predefined. More information on those names can be found in the
+description of the <A HREF="acl.html"><CODE>acl</CODE></A> statement.
-<P>Elements can be negated with a leading "!".
+<P>The addition of the <CODE>key</CODE>
+clause made the name of this syntactic element something of a
+misnomer, since security keys can be used to validate access without
+regard to a host or network address. Nonetheless, the term "address
+match list" is still used throughout the documentation.</P>
<P>When a given IP address or prefix is compared to an address match
-list, the list is traversed in order and the first match (regardless
-of negation) is used. The interpretation of a match depends on
-whether the list is being used for access control or as a
-topology.</P>
+list, the list is traversed in order until an element matches. The
+interpretation of a match depends on whether the list is being used
+for access control, defining <CODE>listen-on</CODE> ports, or as a
+topology, and whether the element was negated.</P>
<P>When used as an access control list, a non-negated match allows
access and a negated match denies access. If there is no match,
access is denied. The clauses <CODE>allow-query</CODE>,
-<CODE>allow-transfer</CODE> and <CODE>allow-update</CODE> all use
-address match lists like this. Similarly, the <CODE>listen-on</CODE>
-clause can use negation to define local addresses which should not be
-used to accept nameserver connections.</P>
+<CODE>allow-transfer</CODE>, <CODE>allow-update</CODE> and
+<CODE>blackhole</CODE> all use address match lists like this.
+Similarly, the <CODE>listen-on</CODE>
+option will cause the server to not accept queries on any of the
+machine's addresses which do not match the list.
<P>When used with the <CODE>topology</CODE> clause, a non-negated
-match returns a distance based on its postion on the list (the closer
+match returns a distance based on its position on the list (the closer
the match is to the start of the list, the shorter the distance is
between it and the server). A negated match will be assigned the
maximum distance from the server. If there is no match, the address
@@ -76,12 +89,12 @@ fall through.
<HR>
<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
-| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
+| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
<HR>
<ADDRESS>
-Last Updated: $Id: address_list.html,v 1.5 1998/03/21 01:03:10 halley Exp $
+Last Updated: $Id: address_list.html,v 1.8 1999/09/15 20:28:00 cyarnell Exp $
</ADDRESS>
</BODY>
</HTML>
OpenPOWER on IntegriCloud