Creating or editing access control lists - BlueCat Integrity - 26.1.0

How to create or edit access control lists (ACLs) in Address Manager.

1. Select the DNS tab in the sidebar, then select ACLs.
2. To create a DNS ACL, select New. To edit a DNS ACL, select the row containing the DNS ACL in the Access control lists table, then select Edit in the expanded details section.
3. Under General, configure the following parameters:
   • Name—enter a name for the access control list to be added.
4. Under ACLs, configure the following parameters:
   • Type—select a type of match list from the drop-down menu:
     • IP address/Network—select this match type to create a DNS ACL using single or multiple IPv4 and IPv6 addresses, and CIDR addresses. If you select this option, the Data field is displayed, where you must enter the IPv4 or IPv6 address/network and then select the add icon (+).
     • ACL—select this match type to create a nested ACL. Instead of creating a new ACL with all the information, you can also create an ACL that references the other ACLs already created and in use. When you select ACL as the type, the following four pre-defined ACLs will be populated:
       • All—creates a new ACL list that matches all hosts.
       • None—creates a new ACL list that doesn't match any hosts.
       • Localhost—creates a new ACL that matches all the IP addresses of your active DNS server.
       • Localnets—creates a new ACL that matches all the IP address and subnet masks of your active DNS server.

       Select one or more ACLs from the drop-down menu, then select the add icon (+).

     • TSIG key—select this match type to create a TSIG-based ACL. For example, you can restrict zone transfer access to a set of remote non-BlueCat servers that will be acting as secondary servers.

     Select one or more TSIG keys from the drop-down menu, then select the add icon (+).

   • Exclude—select the checkbox to add an exclusion to the DNS ACL. For example, if an exclusion is added for a specific client’s IP address, the client will be excluded from the ACL.
   To adjust the position of the match statements in the list, drag and drop a match statement to move it up or down in the list.
5. In the Change control section, add comments if required.
6. If creating a DNS ACL, select Create to create the ACL and return to the Access control lists table, or Create and add another to create the ACL and re-open the Create access control list window. If editing a DNS ACL, select Save.