Re: RPZ zone load failure ran out of space

[Jim Yang]

Hi Bob,


Thank you for the explanation. It makes sense to me now.


Best,

Jim


From: Bob Harold <rharo...@umich.edu>
Sent: Wednesday, June 28, 2017 4:38 PM
To: Jim Yang
Cc: bind-users@lists.isc.org
Subject: Re: RPZ zone load failure ran out of space


On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang 
<z...@cornell.edu<mailto:z...@cornell.edu>> wrote:
Hi,

In the example below, when the length of bad.domain.com<http://bad.domain.com> 
reaches 241 bytes, named-checkconf reports the following error:

“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of 
space
_default/db.rpz.zone/IN: ran out of space”

As per RFC1035, the DNS name maximum length is 255 bytes and each label length 
limit is 63 bytes.

I wonder what is the maximum length for bad.domain.com<http://bad.domain.com> 
in the RPZ zone?

$ORIGIN rpz.example.com<http://rpz.example.com>.
  $TTL 1H
  @   SOA LOCALHOST. 
named-mgr.example.com<http://named-mgr.example.com> (1 1h 15m 30d 2h)
  NS  LOCALHOST.

  ; QNAME policy records.
  ; Note: There are no periods (.) after the (relativised) owner names.

bad.domain.com<http://bad.domain.com>  A   10.0.0.1  ; redirect to 
walled garden
  2001:2::1

Thanks,
Jim

I just hit the same problem (we probably use the same block list source).
The actual DNS name is the combination of the ORIGIN and the entry:
bad.domain.com.rpz.example.com<http://bad.domain.com.rpz.example.com>.
which exceeds 255 characters including the trailing dot, most likely.

--
Bob Harold


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: RPZ zone load failure ran out of space

[Bob Harold]

On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang  wrote:

> Hi,
>
>
>
> In the example below, when the length of bad.domain.com reaches 241
> bytes, named-checkconf reports the following error:
>
>
>
> “zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out
> of space
>
> _default/db.rpz.zone/IN: ran out of space”
>
>
>
> As per RFC1035, the DNS name maximum length is 255 bytes and each label
> length limit is 63 bytes.
>
>
>
> I wonder what is the maximum length for bad.domain.com in the RPZ zone?
>
>
>
> $ORIGIN rpz.example.com.
>
>   $TTL 1H
>
>   @   SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d
> 2h)
>
>   NS  LOCALHOST.
>
>
>
>   ; QNAME policy records.
>
>   ; Note: There are no periods (.) after the (relativised) owner names.
>
>
>
> bad.domain.com  A   10.0.0.1  ; redirect to walled garden
>
>   2001:2::1
>
>
>
> Thanks,
>
> Jim
>

I just hit the same problem (we probably use the same block list source).
The actual DNS name is the combination of the ORIGIN and the entry:
bad.domain.com.rpz.example.com.
which exceeds 255 characters including the trailing dot, most likely.

-- 
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RPZ zone load failure ran out of space

[Jim Yang]

Hi,

In the example below, when the length of bad.domain.com reaches 241 bytes, 
named-checkconf reports the following error:

“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of 
space
_default/db.rpz.zone/IN: ran out of space”

As per RFC1035, the DNS name maximum length is 255 bytes and each label length 
limit is 63 bytes.

I wonder what is the maximum length for bad.domain.com in the RPZ zone?

$ORIGIN rpz.example.com.
  $TTL 1H
  @   SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
  NS  LOCALHOST.

  ; QNAME policy records.
  ; Note: There are no periods (.) after the (relativised) owner names.

bad.domain.com  A   10.0.0.1  ; redirect to walled garden
  2001:2::1

Thanks,
Jim
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users