Technical References
Description
The acl command is used to manage DNS ACLs which are used to
restrict dynamic DNS updates, zone transfers and queries. Once you
have created the acl object, it can be used with the update-acl,
restrict-xfer-acl and restrict-query-acl on the DNS server or
a zone object.
You can specify the match-list as a comma-separated list of
values, enclosed in quotes, or you can use the add and remove
commands to edit the match list. The add command will add elements
to the end of the list. The remove command will remove the first
matching element in the match-list.
Match list entries can consist of IP node or subnet addresses,
TSIG keys, or ACLs. A TSIG key must also be preceded by the
keyword <key>. The <!> notation can be used to negate an entry
in the list.
Examples
nrcmd> acl my-acl create "key my-key, 10.1.0.0/16"
nrcmd> acl my-acl set match-list="10.1.1.1/32, my-acl"
nrcmd> acl my-acl add "!10.2.0.0/16"
Status
See Also
key
Attributes
match-list amelist
Displays a comma-separated list of match elements, which
can consist of IP node or subnet addresses, TSIG keys,
or ACLs. You can also use the following reserved words as
elements in a match list:
any
none
localhost
localnets
To specify more than one element in the match list, enclose
the list in quotation marks; for example:
"192.168.2.1, localhost"
Use the object name to reference another ACL or TSIG key. A TSIG
key must also be preceded by the keyword <>key<>;
for example,
key mykey.
You must specify subnet addresses in address/mask format.
Use an exclamation point (!)to negate an entry in the
list; for example,
"!192.168.3.0/24, !youracl"
Note: You can define the name reference to an ACL in the