Re: RPZ Errors
On Tue, Nov 12, 2013 at 09:14:24AM -0500, Alan Clegg wrote: On Nov 12, 2013, at 12:13 AM, Crist Clark cjc+bind-us...@pumpky.net wrote: From the initial mail: This is BIND 9.9.2 (Infoblox 6.7.3). No huge increase in resource usage noted. Has the vendor in question provided a response? Having worked on Frankenstein versions of BIND in the past (Hi, Redhat!), I?d be leery of answering this question as an ?outsider?. Certainly not with an authoritative answer. I have an open ticket with their support. I only came to the list after not getting a lot of help. My tech seems to think the db_find() messages mean the server cannot resolve the names in question like there is a firewall or something blocking queries. But I can resolve the names when I query directly and the firewall is not blocking any DNS from the servers in question. I vaguely remember seeing something about the RPZ checks only using cached data for checks and not doing active lookups for things like NS records for performance reasons. I think it was on an ISC blog or something, not in any official manual. That's my suspicion of what db_find() failures mean. It couldn't find info in the cache. What I'd actually really like here is someone to give me a RTFM post with a pointer to the FM for RPZ error messages and algorthms if one exists. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ Errors
On Nov 12, 2013, at 12:13 AM, Crist Clark cjc+bind-us...@pumpky.net wrote: From the initial mail: This is BIND 9.9.2 (Infoblox 6.7.3). No huge increase in resource usage noted. Has the vendor in question provided a response? Having worked on Frankenstein versions of BIND in the past (Hi, Redhat!), I’d be leery of answering this question as an “outsider”. Certainly not with an authoritative answer. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ Errors
On 08/11/13 23:52, Crist Clark wrote: I've just set up an RPZ using a third party feed. I am getting lots and lots of info and warning messages in the logs. However, I am not sure whether they actually are indicative of a problem I that may be impacting operations or just a nice to know about something over which I have no control anyway (like lame server whining). What version of bind / RPZ patchlevel are you running, and what's your exact RPZ config? Does the server look busier to an unusual degree since you enabled RPZ? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ Errors
From the initial mail: This is BIND 9.9.2 (Infoblox 6.7.3). No huge increase in resource usage noted. On Mon, Nov 11, 2013 at 1:47 AM, Phil Mayers p.may...@imperial.ac.ukwrote: On 08/11/13 23:52, Crist Clark wrote: I've just set up an RPZ using a third party feed. I am getting lots and lots of info and warning messages in the logs. However, I am not sure whether they actually are indicative of a problem I that may be impacting operations or just a nice to know about something over which I have no control anyway (like lame server whining). What version of bind / RPZ patchlevel are you running, and what's your exact RPZ config? Does the server look busier to an unusual degree since you enabled RPZ? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RPZ Errors
I've just set up an RPZ using a third party feed. I am getting lots and lots of info and warning messages in the logs. However, I am not sure whether they actually are indicative of a problem I that may be impacting operations or just a nice to know about something over which I have no control anyway (like lame server whining). I see several types of messages, time outs, 2013-11-08 15:06:53 PST,daemon,WARNING,named[32015],client 172.26.216.139#58010 (ads1.msads.net): rpz NSIP rewrite 2-04-0073-0006.cdx.hwcdnlb.net via cdx.hwcdnlb.net NS db_find() failed: timed out And duplicate queries, 2013-11-08 15:06:50 PST,daemon,INFO,named[32015],client 172.26.216.139#58010 (ads1.msads.net): rpz NSIP rewrite 2-04-0073-0006.cdx.hwcdnlb.net via cdx.hwcdnlb.net unrecognized NS db_find() failed: duplicate query And a generic failed failure, 2013-11-08 15:06:34 PST,daemon,WARNING,named[32015],client 10.10.10.215#4390 ( 0.0.295.0.0.3.0.0.59.aa.2b.0.0.0.60.08.03.efbbd39f722e543fbb8d70c34c27c90d6bcf8725fa7f13247036090d8761e70.f.08.s.sophosxl.net): rpz NSIP rewrite 0.0.295.0.0.3.0.0.59.aa.2b.0.0.0.60.08.03.efbbd39f722e543fbb8d70c34c27c90d6bcf8725fa7f13247036090d8761e70.f.08.s.sophosxl.netvia f.08.s.sophosxl.net NS db_find() failed: failure And my favorite reason, which I won't bother to include a log entry since they're all on internal zones other readers couldn't troubleshoot anyway, glue. I can't find any documentation of what these mean and if they are cause for concern. This is BIND 9.9.2 (Infoblox 6.7.3). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
