Name
forwarders
Syntax
forwarders {
<address-match-element>;
[<address-match-element>;...]
};
Blocks
Default value(s)
There are no default acls defined
Introduced
- Date: 1997-05-06
- BIND version: 8.1.1
Deprecated
Still current as of 2025-11-24
Description
The forwarders statement allows users to define lists of address. Each list is named and can be referenced by this name in many other configration elements where one of more addresses are needed as arguments. If the same set of addresses would be used in many places it can be easier to group them together in an acl and use the acl name instead. That way, if the set changes it only needs to be edited in one place.
The following ACLs are built-in:
| name | description |
|---|---|
| any | Allows all hosts. |
| none | Denies all hosts. |
| localhost | Allows the IP addresses of all interfaces on the system. |
| localnets | Allows any host on a network for which the system has an interface. |
An example of user-defined acls might be these:
acl mytest {
192.0.2.16/28;
192.0.2.128/25;
};
acl myothertest {
192.0.2.64/26;
mytest;
};
Note the above example, which shows two user-defined ACLs; the second including the first. This illustrates that one ACL can include in its definition other ACLs that have already been defined. This can be useful for organising sets of addresses together in, say, functional or geographical groups and then combining those groups into supersets.
ACLs do nothing on their own, they are just a way to collect addresses together and assign a label to that collection. It is only when they are referred to by some other statement(s) that the addresses defined in them are used.
It is theoretically possible to define an unlimited number of ACLs. But as all configuration consumes memory, the number and content of ACLs should be kept to a level that is useful in this server.
ARM reference
This statement is defined in the Administrator Reference manual (ARM) here