<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">How much ram does that DNS server
      have?  Is it running anything else?  What's the size of the zone
      file?<br>
      <br>
      On 5/28/13 9:42 PM, Francis Turner wrote:<br>
    </div>
    <blockquote
cite="mid:479F9FCA7AB0AC4C81A9B2CB4E6F6D2974847C@mbx030-w1-co-10.exch030.domain.local"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
        {font-family:"MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:"Calibri","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">I’m not positive that this is a
              bug – or if it is that it is an RPZ bug per se – but we’re
              seeing bind load errors when we try to create RPZ zones
              with certain domains in them. I’d appreciate anyone ideas
              on what we can to do stop this (beyond not loading these
              kinds of domain – which is possible but does kind of
              defeat the object of the exercise…)<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">The domains look like this (they
              are phishing domians)<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font color="black" face="Calibri" size="2"><span
              style="font-size:10.5pt;color:black">paypal.com.uk.cmd.cgi-bin.4c6da88992553d0d43ff7d8dbe19c1133279c9a98f445fff9e2de3dd9a35cd.535125ee83828ec61a1888291c588fd9dc096297a1e972d037a14b15663498.806a02ea02f2846dd2aee0300a20dfe587e5ed4f8d3fdc281cb36a171f0178.umedial.de<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font color="black" face="Calibri" size="2"><span
              style="font-size:10.5pt;color:black"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font color="black" face="Calibri" size="2"><span
              style="font-size:10.5pt;color:black">And the error we get
              when loading them is
              <o:p></o:p></span></font></p>
        <p class="MsoPlainText"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">May 27 01:04:14 rpz named[29830]:
              general: error: dns_master_load:
              /srv/www/bind/rpz/includes/desktop.rpz.threatstop.local.include.txt:4787:
              ran out of space<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">The actual FQDN including the RPZ
              header is 253 bytes long (it’s the above plus
              desktop.rpz.threatstop.local) and so far as I can tell
              this is an entirely legit FQDN (less that 255 total, max
              63 chars per section). Moreover the error ‘out of space’
              isn’t one that implies an illegal name.<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">We’re running Bind version:
              9.8.4-P1 (version.bind/txt/ch disabled)
              <o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">compiled with the following
              options:<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">--prefix=/usr/local
              --sysconfdir=/etc/bind --localstatedir=/var/run/bind
              --enable-threads --enable-largefile --with-libtool
              --enable-shared --enable-static --with-gnu-ld
              --with-openssl=/usr --with-gssapi=/usr --enable-ipv6
              --enable-fixed-rrset --enable-rpz-nsip
              --enable-rpz-nsdname --with-libxml
              <o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">I believe this is almost up to
              date but not the absolute latest. I’ll happily submit a
              bind bug and/or use a newer version of bind if someone
              thinks that will fix the issue but before I do so I’d like
              to be sure that this the right thing to do<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">Regards<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt">Francis<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">Francis J.M. Turner
              <o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">VP Product Management & OEM -
              <a moz-do-not-send="true"
                href="http://www.threatstop.com/"><font color="blue"><span
                    style="color:blue">http://www.threatstop.com/</span></font></a><br>
              <br>
              <o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">ThreatSTOP™ Inc, "Stop Botnets
              Stealing from You!"
              <o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">email: <a class="moz-txt-link-abbreviated" href="mailto:francis@threatstop.com">francis@threatstop.com</a>
              skype: francis.turner.threatstop<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">fixed: +1-760-542-1550    cell: 
              +1-760-402-7676<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US"><o:p> </o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">That knowledge which stops at what
              it does not know, is the<o:p></o:p></span></font></p>
        <p class="MsoNormal"><font face="Courier New" size="2"><span
              style="font-size:10.0pt;font-family:"Courier
              New"" lang="EN-US">highest knowledge.           --
              Chuang Tzu, 4th c. B.C.</span></font><o:p></o:p></p>
        <p class="MsoNormal"><font face="Calibri" size="2"><span
              style="font-size:11.0pt"><o:p> </o:p></span></font></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
dnsrpz-interest mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dnsrpz-interest@lists.isc.org">dnsrpz-interest@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dnsrpz-interest">https://lists.isc.org/mailman/listinfo/dnsrpz-interest</a>
</pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Andrew Fried
Internet Systems Consortium, Inc.
<a class="moz-txt-link-abbreviated" href="mailto:afried@isc.org">afried@isc.org</a>
+1.650.423.1343
</pre>
  </body>
</html>