RPZ zone load failure ran out of space
Jim Yang
zy33 at cornell.edu
Wed Jun 28 22:28:58 UTC 2017
Hi Bob,
Thank you for the explanation. It makes sense to me now.
Best,
Jim
________________________________
From: Bob Harold <rharolde at umich.edu>
Sent: Wednesday, June 28, 2017 4:38 PM
To: Jim Yang
Cc: bind-users at lists.isc.org
Subject: Re: RPZ zone load failure ran out of space
On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang <zy33 at cornell.edu<mailto:zy33 at cornell.edu>> wrote:
Hi,
In the example below, when the length of bad.domain.com<http://bad.domain.com> reaches 241 bytes, named-checkconf reports the following error:
“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space
_default/db.rpz.zone/IN: ran out of space”
As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes.
I wonder what is the maximum length for bad.domain.com<http://bad.domain.com> in the RPZ zone?
$ORIGIN rpz.example.com<http://rpz.example.com>.
$TTL 1H
@ SOA LOCALHOST. named-mgr.example.com<http://named-mgr.example.com> (1 1h 15m 30d 2h)
NS LOCALHOST.
; QNAME policy records.
; Note: There are no periods (.) after the (relativised) owner names.
bad.domain.com<http://bad.domain.com> A 10.0.0.1 ; redirect to walled garden
AAAA 2001:2::1
Thanks,
Jim
I just hit the same problem (we probably use the same block list source).
The actual DNS name is the combination of the ORIGIN and the entry:
bad.domain.com.rpz.example.com<http://bad.domain.com.rpz.example.com>.
which exceeds 255 characters including the trailing dot, most likely.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170628/9e722909/attachment.html>
More information about the bind-users
mailing list