<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">I’m not positive that this is a bug – or if it is that it is an RPZ bug per se – but we’re seeing bind load errors when we try to create RPZ zones with certain domains in them.
I’d appreciate anyone ideas on what we can to do stop this (beyond not loading these kinds of domain – which is possible but does kind of defeat the object of the exercise…)<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">The domains look like this (they are phishing domians)<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="black" face="Calibri"><span style="font-size:10.5pt;color:black">paypal.com.uk.cmd.cgi-bin.4c6da88992553d0d43ff7d8dbe19c1133279c9a98f445fff9e2de3dd9a35cd.535125ee83828ec61a1888291c588fd9dc096297a1e972d037a14b15663498.806a02ea02f2846dd2aee0300a20dfe587e5ed4f8d3fdc281cb36a171f0178.umedial.de<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="black" face="Calibri"><span style="font-size:10.5pt;color:black"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="black" face="Calibri"><span style="font-size:10.5pt;color:black">And the error we get when loading them is
<o:p></o:p></span></font></p>
<p class="MsoPlainText"><font size="2" face="Calibri"><span style="font-size:11.0pt">May 27 01:04:14 rpz named[29830]: general: error: dns_master_load: /srv/www/bind/rpz/includes/desktop.rpz.threatstop.local.include.txt:4787: ran out of space<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">The actual FQDN including the RPZ header is 253 bytes long (it’s the above plus desktop.rpz.threatstop.local) and so far as I can tell this is an entirely legit FQDN (less that
255 total, max 63 chars per section). Moreover the error ‘out of space’ isn’t one that implies an illegal name.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">We’re running Bind version: 9.8.4-P1 (version.bind/txt/ch disabled)
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">compiled with the following options:<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">--prefix=/usr/local --sysconfdir=/etc/bind --localstatedir=/var/run/bind --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-gnu-ld --with-openssl=/usr
--with-gssapi=/usr --enable-ipv6 --enable-fixed-rrset --enable-rpz-nsip --enable-rpz-nsdname --with-libxml
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">I believe this is almost up to date but not the absolute latest. I’ll happily submit a bind bug and/or use a newer version of bind if someone thinks that will fix the issue but
before I do so I’d like to be sure that this the right thing to do<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">Regards<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt">Francis<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Francis J.M. Turner
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">VP Product Management & OEM -
<a href="http://www.threatstop.com/"><font color="blue"><span style="color:blue">http://www.threatstop.com/</span></font></a><br>
<br>
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">ThreatSTOP™ Inc, "Stop Botnets Stealing from You!"
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">email: francis@threatstop.com skype: francis.turner.threatstop<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">fixed: +1-760-542-1550 cell: +1-760-402-7676<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">That knowledge which stops at what it does not know, is the<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">highest knowledge. -- Chuang Tzu, 4th c. B.C.</span></font><o:p></o:p></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11.0pt"><o:p> </o:p></span></font></p>
</div>
</body>
</html>