[RPZ] RPZ / bind load bug?

Andrew Fried afried at isc.org
Wed May 29 02:07:07 UTC 2013


How much ram does that DNS server have?  Is it running anything else? 
What's the size of the zone file?

On 5/28/13 9:42 PM, Francis Turner wrote:
>
> I'm not positive that this is a bug -- or if it is that it is an RPZ
> bug per se -- but we're seeing bind load errors when we try to create
> RPZ zones with certain domains in them. I'd appreciate anyone ideas on
> what we can to do stop this (beyond not loading these kinds of domain
> -- which is possible but does kind of defeat the object of the
> exercise...)
>
>  
>
> The domains look like this (they are phishing domians)
>
>  
>
> paypal.com.uk.cmd.cgi-bin.4c6da88992553d0d43ff7d8dbe19c1133279c9a98f445fff9e2de3dd9a35cd.535125ee83828ec61a1888291c588fd9dc096297a1e972d037a14b15663498.806a02ea02f2846dd2aee0300a20dfe587e5ed4f8d3fdc281cb36a171f0178.umedial.de
>
>  
>
> And the error we get when loading them is
>
> May 27 01:04:14 rpz named[29830]: general: error: dns_master_load:
> /srv/www/bind/rpz/includes/desktop.rpz.threatstop.local.include.txt:4787:
> ran out of space
>
>  
>
> The actual FQDN including the RPZ header is 253 bytes long (it's the
> above plus desktop.rpz.threatstop.local) and so far as I can tell this
> is an entirely legit FQDN (less that 255 total, max 63 chars per
> section). Moreover the error 'out of space' isn't one that implies an
> illegal name.
>
>  
>
> We're running Bind version: 9.8.4-P1 (version.bind/txt/ch disabled)
>
> compiled with the following options:
>
> --prefix=/usr/local --sysconfdir=/etc/bind
> --localstatedir=/var/run/bind --enable-threads --enable-largefile
> --with-libtool --enable-shared --enable-static --with-gnu-ld
> --with-openssl=/usr --with-gssapi=/usr --enable-ipv6
> --enable-fixed-rrset --enable-rpz-nsip --enable-rpz-nsdname --with-libxml
>
>  
>
> I believe this is almost up to date but not the absolute latest. I'll
> happily submit a bind bug and/or use a newer version of bind if
> someone thinks that will fix the issue but before I do so I'd like to
> be sure that this the right thing to do
>
>  
>
> Regards
>
>  
>
> Francis
>
>  
>
> Francis J.M. Turner
>
> VP Product Management & OEM - http://www.threatstop.com/
>
> ThreatSTOP^(TM) Inc, "Stop Botnets Stealing from You!"
>
> email: francis at threatstop.com skype: francis.turner.threatstop
>
> fixed: +1-760-542-1550    cell:  +1-760-402-7676
>
>  
>
> That knowledge which stops at what it does not know, is the
>
> highest knowledge.           -- Chuang Tzu, 4th c. B.C.
>
>  
>
>
>
> _______________________________________________
> dnsrpz-interest mailing list
> dnsrpz-interest at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dnsrpz-interest


-- 
Andrew Fried
Internet Systems Consortium, Inc.
afried at isc.org
+1.650.423.1343

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20130528/da9ff49b/attachment.htm>


More information about the DNSfirewalls mailing list