[ratelimits] rpz add_nm Warnings

[Thomas Leuxner]

* Vernon Schryver <vjs at rhyolite.com> 2013.08.25 14:46:

> They are telling you that when BIND tried to mark the badness of
> the qname or NS name micelich.biz or *.micelich.biz, it found
> it already marked.  Without a lot more information and probably
> a way to reproduce the problem, I can't see more.  
> I've not heard of anyone else seeing that message and it is not
> in my logs.
> 
> How many those messages have you seen?

Usually a couple in the light of a new transfer:

Aug 25 11:37:58 spectre named[29760]: zone rpz.spamhaus.org/IN/internal: Transfer started.
Aug 25 11:37:58 spectre named[29760]: transfer of 'rpz.spamhaus.org/IN/internal' from 199.168.90.51#53: connected using 188.138.3.245#42919
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(corporate-events-team-building.com): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(corporate-events-team-building.com): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(qgzq7.com): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(qgzq7.com): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(smart-workathome-blog.com): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(smart-workathome-blog.com): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(advancett.net): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(advancett.net): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(fcacebook.pl): bits already set
Aug 25 11:37:58 spectre named[29760]: rpz add_nm(fcacebook.pl): bits already set
Aug 25 11:37:58 spectre named[29760]: zone rpz.spamhaus.org/IN/internal: transferred serial 1377423363
Aug 25 11:37:58 spectre named[29760]: transfer of 'rpz.spamhaus.org/IN/internal' from 199.168.90.51#53: Transfer completed: 1 messages, 104 records, 2386 bytes, 0.298 secs (8006 bytes/sec)

> Are they always for micelich.biz or do you seem them for other names?

They appear to be random. Sometimes 2 sometimes more.

> Are there any other error messages related to those zone tarnsfers?

None at all. Transfers always complete successfully as illustrated above.

> Are you using IXFR or AXFR?

For the Spamhaus zone they are incremental.

>     micelich.biz.rpz.spamhaus.org.                300 IN CNAME      .
>     *.micelich.biz.rpz.spamhaus.org.              300 IN CNAME      .

$ named-compilezone -j -f raw -F text -o- rpz.spamhaus.org /var/named/s/db.rpz.spamhaus.org | grep micelich.biz
zone rpz.spamhaus.org/IN: loaded serial 1377439743
micelich.biz.rpz.spamhaus.org.		      300 IN CNAME	.
*.micelich.biz.rpz.spamhaus.org.	      300 IN CNAME	.
OK

> I wonder if the zone in your instance of BIND is corrupt.  What happens
> if you stop BIND, delete the zone and journal files, and restart BIND?

Can do. Server experienced no crashed whatsover though...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130825/97be6491/attachment.pgp>