RPZ zone load failure ran out of space

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RPZ zone load failure ran out of space

Jim Yang

Hi,

 

In the example below, when the length of bad.domain.com reaches 241 bytes, named-checkconf reports the following error:

 

“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space

_default/db.rpz.zone/IN: ran out of space”

 

As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes.

 

I wonder what is the maximum length for bad.domain.com in the RPZ zone?

 

$ORIGIN rpz.example.com.

      $TTL 1H

      @               SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)

                      NS  LOCALHOST.

 

      ; QNAME policy records.

      ; Note: There are no periods (.) after the (relativised) owner names.

 

bad.domain.com      A       10.0.0.1      ; redirect to walled garden

                          AAAA    2001:2::1

 

Thanks,

Jim


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RPZ zone load failure ran out of space

Bob Harold

On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang <[hidden email]> wrote:

Hi,

 

In the example below, when the length of bad.domain.com reaches 241 bytes, named-checkconf reports the following error:

 

“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space

_default/db.rpz.zone/IN: ran out of space”

 

As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes.

 

I wonder what is the maximum length for bad.domain.com in the RPZ zone?

 

$ORIGIN rpz.example.com.

      $TTL 1H

      @               SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)

                      NS  LOCALHOST.

 

      ; QNAME policy records.

      ; Note: There are no periods (.) after the (relativised) owner names.

 

bad.domain.com      A       10.0.0.1      ; redirect to walled garden

                          AAAA    2001:2::1

 

Thanks,

Jim


I just hit the same problem (we probably use the same block list source).
The actual DNS name is the combination of the ORIGIN and the entry:
bad.domain.com.rpz.example.com.
which exceeds 255 characters including the trailing dot, most likely.

--
Bob Harold



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RPZ zone load failure ran out of space

Jim Yang

Hi Bob,


Thank you for the explanation. It makes sense to me now.


Best,

Jim



From: Bob Harold <[hidden email]>
Sent: Wednesday, June 28, 2017 4:38 PM
To: Jim Yang
Cc: [hidden email]
Subject: Re: RPZ zone load failure ran out of space
 

On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang <[hidden email]> wrote:

Hi,

 

In the example below, when the length of bad.domain.com reaches 241 bytes, named-checkconf reports the following error:

 

“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space

_default/db.rpz.zone/IN: ran out of space”

 

As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes.

 

I wonder what is the maximum length for bad.domain.com in the RPZ zone?

 

$ORIGIN rpz.example.com.

      $TTL 1H

      @               SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)

                      NS  LOCALHOST.

 

      ; QNAME policy records.

      ; Note: There are no periods (.) after the (relativised) owner names.

 

bad.domain.com      A       10.0.0.1      ; redirect to walled garden

                          AAAA    2001:2::1

 

Thanks,

Jim


I just hit the same problem (we probably use the same block list source).
The actual DNS name is the combination of the ORIGIN and the entry:
bad.domain.com.rpz.example.com.
which exceeds 255 characters including the trailing dot, most likely.

--
Bob Harold



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...