When you apply access control to NIOS operations, you can use anonymous ACEs or a named ACL. You cannot combine ACEs and named ACLs for access control. Depending on the access control types each operation supports, you may or may not be able to apply a named ACL to a specific operation. For information about which access control types each operation supports, see Table 8.1.
If you disable access control or select None or Any for an operation, the appliance removes the previously applied named ACL or the configured anonymous ACEs. To avoid losing your ACE configuration, Infoblox recommends that you convert the ACEs to a named ACL.
For information about how to apply access control to each supported operation, see the following:
- DNS zone transfers, as described in Enabling Zone Transfers
- DNS queries, as described in Controlling DNS Queries
- Recursive queries, as described in Enabling Recursive Queries
- Dynamic DNS updates, as described in Configuring DNS Servers for DDNS
- AAAA filtering, as described in Controlling AAAA Records for IPv4 Clients
- Blackhole list, as described in Configuring a DNS Blackhole List
- Match clients list for DNS views, as described in Defining Match Clients Lists
- Match destinations for DNS views, as described in Defining a Match Destinations List
- DNS64 clients, DNS64 mapped IPv4 addresses, and DNS64 excluded IPv6 addresses, as described in Setting DNS64 Group Properties
- File distribution services, as described in Configuring Access Control for File Distribution
- Grid Manager and API access, as described in Configuring Security Features
- NTP access control, as described in Defining NTP Access Control
- Syslog proxy access, as described in Configuring Syslog for Grid Members