View match-clients works only with subnet, not with single IP address

Question 1

I’m running Bind on OpenWrt 15.05.1 as DNS server. I wanted to set up multiple view, with different zones.

acl "trusted" {
        10.0.1.0/24;
        localhost;
        localnets;
};

acl "blacklisted" {
        10.0.1.10;
};

options {
        directory "/tmp";
        recursion yes;
        allow-recursion { trusted; };
        allow-transfer { none; };
        dnssec-validation auto;
        forwarders {
                8.8.8.8;
        };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

view "blacklist" {
        match-clients { blacklisted; };
        zone "example.com" { type master; file "/etc/bind/zones/db.example"; };
};

view "normal" {
        match-clients { any; };
        zone "." {
                type hint;
                file "/etc/bind/db.root";
        };
};

And it works well, but only if the IP address in “blacklisted” acl has a subnet at its end (like that: 10.0.1.10/28). But I’m trying to target only one IP, which is not working for some reason.

Thanks for replies.

Question 2

update { any; } sections with

{ !blacklisted; any; } in your normal view

View match-clients works only with subnet, not with single IP address

Answer

Related

Leave a Comment Cancel reply

Full Server Backup procedure [closed]

phpmyadmin port change? [closed]

is it possible to have Web server and NAS on the same hardware microsever? [closed]

How to time how long it takes to compile Red Hat from source? [closed]

Is there another database server software for PHP other than MySQL? [closed]