Access control lists - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

Access control lists (ACLs) provide granular control over which hosts may perform certain operations on the name server. In particular, they're used for restricting zone transfers, notifications, and DDNS updates.

Address Manager provides comprehensive DNS ACL support by allowing you to create and manage ACLs in Address Manager. You can re-purpose ACLs across multiple DNS Views.

Note: The following DNS deployment options support DNS ACLs as part of their match statements:
  • AllowDynamicUpdates
  • AllowNotify
  • AllowQuery
  • AllowQueryCache
  • AllowRecursion
  • AllowUpdateForwarding
  • Allow Zone Transfer
  • DenyClients
  • MatchClients

Match statements determine access control for related server operations. A match statement is a list of elements that can be one or more IP addresses, IP prefixes, key IDs, and ACLs. Access is allowed if the match statement contains a match with any non-negated element. In contrast, access is denied if a match is found with any negated element. If no match is found with any element, access is denied.