<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">How much ram does that DNS server
have? Is it running anything else? What's the size of the zone
file?<br>
<br>
On 5/28/13 9:42 PM, Francis Turner wrote:<br>
</div>
<blockquote
cite="mid:479F9FCA7AB0AC4C81A9B2CB4E6F6D2974847C@mbx030-w1-co-10.exch030.domain.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">I’m not positive that this is a
bug – or if it is that it is an RPZ bug per se – but we’re
seeing bind load errors when we try to create RPZ zones
with certain domains in them. I’d appreciate anyone ideas
on what we can to do stop this (beyond not loading these
kinds of domain – which is possible but does kind of
defeat the object of the exercise…)<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">The domains look like this (they
are phishing domians)<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="black" face="Calibri" size="2"><span
style="font-size:10.5pt;color:black">paypal.com.uk.cmd.cgi-bin.4c6da88992553d0d43ff7d8dbe19c1133279c9a98f445fff9e2de3dd9a35cd.535125ee83828ec61a1888291c588fd9dc096297a1e972d037a14b15663498.806a02ea02f2846dd2aee0300a20dfe587e5ed4f8d3fdc281cb36a171f0178.umedial.de<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="black" face="Calibri" size="2"><span
style="font-size:10.5pt;color:black"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="black" face="Calibri" size="2"><span
style="font-size:10.5pt;color:black">And the error we get
when loading them is
<o:p></o:p></span></font></p>
<p class="MsoPlainText"><font face="Calibri" size="2"><span
style="font-size:11.0pt">May 27 01:04:14 rpz named[29830]:
general: error: dns_master_load:
/srv/www/bind/rpz/includes/desktop.rpz.threatstop.local.include.txt:4787:
ran out of space<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">The actual FQDN including the RPZ
header is 253 bytes long (it’s the above plus
desktop.rpz.threatstop.local) and so far as I can tell
this is an entirely legit FQDN (less that 255 total, max
63 chars per section). Moreover the error ‘out of space’
isn’t one that implies an illegal name.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">We’re running Bind version:
9.8.4-P1 (version.bind/txt/ch disabled)
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">compiled with the following
options:<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">--prefix=/usr/local
--sysconfdir=/etc/bind --localstatedir=/var/run/bind
--enable-threads --enable-largefile --with-libtool
--enable-shared --enable-static --with-gnu-ld
--with-openssl=/usr --with-gssapi=/usr --enable-ipv6
--enable-fixed-rrset --enable-rpz-nsip
--enable-rpz-nsdname --with-libxml
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">I believe this is almost up to
date but not the absolute latest. I’ll happily submit a
bind bug and/or use a newer version of bind if someone
thinks that will fix the issue but before I do so I’d like
to be sure that this the right thing to do<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">Regards<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt">Francis<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">Francis J.M. Turner
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">VP Product Management & OEM -
<a moz-do-not-send="true"
href="http://www.threatstop.com/"><font color="blue"><span
style="color:blue">http://www.threatstop.com/</span></font></a><br>
<br>
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">ThreatSTOP™ Inc, "Stop Botnets
Stealing from You!"
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">email: <a class="moz-txt-link-abbreviated" href="mailto:francis@threatstop.com">francis@threatstop.com</a>
skype: francis.turner.threatstop<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">fixed: +1-760-542-1550 cell:
+1-760-402-7676<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">That knowledge which stops at what
it does not know, is the<o:p></o:p></span></font></p>
<p class="MsoNormal"><font face="Courier New" size="2"><span
style="font-size:10.0pt;font-family:"Courier
New"" lang="EN-US">highest knowledge. --
Chuang Tzu, 4th c. B.C.</span></font><o:p></o:p></p>
<p class="MsoNormal"><font face="Calibri" size="2"><span
style="font-size:11.0pt"><o:p> </o:p></span></font></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dnsrpz-interest mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dnsrpz-interest@lists.isc.org">dnsrpz-interest@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dnsrpz-interest">https://lists.isc.org/mailman/listinfo/dnsrpz-interest</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Andrew Fried
Internet Systems Consortium, Inc.
<a class="moz-txt-link-abbreviated" href="mailto:afried@isc.org">afried@isc.org</a>
+1.650.423.1343
</pre>
</body>
</html>