With this in one of my views in named.conf: match-clients { !192.168.0.0/24; !66.92.74.180; !127.0.0.0/24; any; }; queries from 192.168.3.2 are rejected: client 192.168.3.2#1061: no matching view in class 'IN' If I remove the !192.168.0.0/24; the problem goes away. I hope it's obvious that 192.168.3.2 is not in the CIDR block "192.168.0.0/24" :-). This broke when I upgraded to bind-9.5.0-17.a7.fc9. I'm marking this urgent because I imagine that if address match lists aren't working here, they're probably not working elsewhere as well, and this is a security issue. jik
I tried to reproduce this issue but I wasn't successful. Could you please attach configuration files and log? Thanks, Adam
Created attachment 268751 [details] named configuration file
Created attachment 268761 [details] named.run file showing errors at the bottom about no matching view
Upstream doesn't think this is security issue. They fixed it today in CVS and I will wait to 9.5.0b1. You should have only any; acl in external view (please see example on http://www.isc.org/sw/bind/arm95/Bv9ARM.ch06.html#view_statement_grammar) Thanks for your report
bind-9.5.0-19.b1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bind'
bind-9.5.0-20.b1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.