[ratelimits] rpz add_nm Warnings

Sun Aug 25 12:46:26 UTC 2013

> From: Thomas Leuxner <tlx at leuxner.net>

> as of 'BIND 9.9.3-rpz2+rl.13214.22-P2' I'm getting a lot of these after zone transfers:
>
> Aug 25 10:13:22 spectre named[29760]: transfer of 'rpz.spamhaus.org/IN/internal' from 199.168.90.51#53: connected using 188.138.3.245#45302
> Aug 25 10:13:22 spectre named[29760]: rpz add_nm(micelich.biz): bits already set
> Aug 25 10:13:22 spectre named[29760]: rpz add_nm(micelich.biz): bits already set
> [...]
>
> I'm confused what the 'bits already set' message ought to tell me.

They are telling you that when BIND tried to mark the badness of
the qname or NS name micelich.biz or *.micelich.biz, it found
it already marked.  Without a lot more information and probably
a way to reproduce the problem, I can't see more.  
I've not heard of anyone else seeing that message and it is not
in my logs.

How many those messages have you seen?

Are they always for micelich.biz or do you seem them for other names?

Are there any other error messages related to those zone tarnsfers?

Are you using IXFR or AXFR?

What do you see from this:
    named-compilezone -j -f raw -F text -o-  rpz.spamhaus.org \
       rpz.spamhaus.org | grep micelich.biz
I get 
    micelich.biz.rpz.spamhaus.org.                300 IN CNAME      .
    *.micelich.biz.rpz.spamhaus.org.              300 IN CNAME      .

I wonder if the zone in your instance of BIND is corrupt.  What happens
if you stop BIND, delete the zone and journal files, and restart BIND?

thanks,
Vernon Schryver    vjs at rhyolite.com