Configuring ACL Views
The ACL module applies the specified network lists to the in the named.conf for zones inside the group and the servers that belongs to the group, when exporting the group or zone.
| Table of Contents |
|---|
| Note | ||
|---|---|---|
| ||
| If you see a view named "_6connectDefault" - DO NOT DELETE IT. |
Create an ACL View
ACL views may be created under each DNS Group, accessed from the DNS tab DNS Groups sub-tab.
Expand the Group that you want the view applied to, and then expand the section "Applied ACLs" by clicking on the expansion arrow to the right of the section name.
If ACLs already exist, they will be shown under this section.
To add a new list, click the "Add or Edit ACL" button.
If no ACLs currently exist, the dialog will only show inputs for ACL Name and ACL Networks - enter a Name and Network and click "Save Changes".
If previous ACLs exist, a "Create or Edit" selector will be be available.
Since we are creating a new ACL, just keep this at the default value ("Create New ACL"), and enter in the Name and Network(s) for the new ACL. Separating multiple CIDRs with a comma (,).
When done, save the ACL by clicking "Save changes". The new ACL will be added to the Group's "Attach ACL" list. Choose the ACL from the dropdown and click "Attach".
Edit an ACL
ACLs may be edited similarly to how they are created. Click the "Add or Edit ACL" button under the "Applied ACLs" module for the DNS Group.
Select the ACL you wish to edit from the "Create or Edit" selector. Then, edit the Name or Network fields as desired.
When done, click "Save Changes".
Detach an ACL from a Group
Detaching an ACL removes it from the Group, but the ACL will still exist for re-use in other Groups.
To detach an ACL, expand the "Applied ACLs" section under the desired Group, and click on the "Detach" button under the "Actions" column.
The ACL will be removed from under the Group, but will remain in other Groups it exists under, as well as be selectable from the "Add ACL" window and "Attach ACL" dropdown.
Delete an ACL
ACLs may be deleted through the "Edit ACL" interface. Click the "Add or Edit ACL" button under the "Applied ACLs" module for the DNS Group.
Select the ACL you wish to delete from the "Create or Edit" selector. Then, click the red "Delete" button under the Networks field.
The ACL will be permanently deleted, and will no longer show under any Groups to which it has been attached, nor show in the "Existing ACLs" list.
Add an existing ACL to another Group
Existing ACLs may be added to as many Groups as desired. If ACLs already exist, clicking the "Add or Edit ACL" button will give an additional option to "Create New".
To select a previously created ACL, select it from the "Attach ACL" dropdown and click "Attach".
Additional Information
For additional information on working in DNS, see the following sections:
- Working with DNS Servers
- Configuring ISC BIND Support
- Configuring PowerDNS Support
- Configuring Secure64 Support
- Configuring DNSSEC
- Import DNS Zones
- DNS Tab
video coming soon
To setup an ACL using Views:
Create a List in the List manager
In the Admin screen, go to the Data Import Tab and click on the "List Management" button. You will be presented with the options to Create a New List and also Manage Lists. To create a list, enter in the descriptive information and ensure that the Code dropdown is marked "IPLIST".
Press the Eye icon and you will be presented with en editing area to populate IP data including an option for the data delimeter (you can also do this from the Manage Lists section). Click on the Pencil icon to save your changes, the List will then be moved to the Manage Lists section below.
Define and Assign a View to the DNS Server
In the Admin screen, go to the DNS Admin Tab.
With a DNS server selected and Enable Views marked "Yes", you will then have the option to define a View.
Enter identifying information for the View you are creating and click the "Add New View" button.
Once the View is created, you can select the IP List that you want to assign to this View by pressing the "Add" button.
Assigning other Directives
With the IP List assigned, you can either assign additional Key/Value pairs or add another IP List to apply to the View.
| Info | ||
|---|---|---|
| ||
For example, if you wanted to allow recursion, you would simply enter "allow-recursion" as a Key, with a Value of "on". |
Assign a View to a DNS Zone Record
...