DNS Zone File Entries Limit

Mark Andrews marka at isc.org
Fri Nov 16 00:31:24 UTC 2012


In message <50A58610.8000305 at blacklistthisdomain.com>, Silas Cutler writes:
> No ACLs in place.
> 
> [SLAVE]
> Nov 15 19:13:36 [Redacted] named[21899]: zone rpz/IN: refresh:
> unexpected rcode (REFUSED) from master MASTER#53 (source 0.0.0.0#0)
> Nov 15 19:13:36 [Redacted] named[21899]: zone rpz/IN: Transfer started.
> Nov 15 19:13:36 [Redacted] named[21899]: transfer of 'rpz/IN' from
> MASTER#53: connected using SLAVE#39164
> Nov 15 19:13:36 [Redacted] named[21899]: transfer of 'rpz/IN' from
> MASTER#53: failed while receiving responses: NOTAUTH
> Nov 15 19:13:36 [Redacted] named[21899]: transfer of 'rpz/IN' from
> MASTER#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.070
> secs (0 bytes/sec)
> 
> [MASTER]
> Nov 16 00:12:51 [Redacted] named[32736]: client SLAVE#39164: bad zone
> transfer request: 'rpz/IN': non-authoritative zone (NOTAUTH)
> Nov 16 00:13:40 [Redacted] named[32736]: client SLAVE#59205: bad zone
> transfer request: 'rpz/IN': non-authoritative zone (NOTAUTH)

There is no master/slave zone called "rpz" configured in the "master" server.

> On 11/15/12 7:08 PM, Mark Andrews wrote:
> > In message <50A582D2.30303 at blacklistthisdomain.com>, Silas Cutler writes:
> >> Well, the authoritative server can handle the zone file size.  However,
> >> with the slave makes the request for the zone, I get:
> >>
> >>  refresh: unexpected rcode (REFUSED)
> > The slave is making a SOA query to the master and is getting refused as
> > as response.  I would be checking your acls.  Look at the logs on the
> > master.
> >
> >> On 11/15/12 6:59 PM, Mark Andrews wrote:
> >>> In message <50A580C1.9080900 at blacklistthisdomain.com>, Silas Cutler write
> s:
> >>>> Good Evening,
> >>>>
> >>>> I've been doing some DNS RPZ experiments and during my testing I found
> >>>> that if a DNS Zone on an Authoritative DNS Server has more then 100k
> >>>> elements, it will not replicate to a slave DNS Server. 
> >>>>
> >>>> Do you know if this is a known issue or a PEBKAC related problem?
> >>> Given named hosts zones with 10's, if not 100's, of millions of
> >>> records it isn't record count.  There are no fixed limits, just
> >>> what the machines memory can support.
> >>>
> >>>> Cheers,
> >>>> Silas Cutler
> >>>> Security Researcher
> >>>> _______________________________________________
> >>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
> cr
> >> ibe
> >>>>  from this list
> >>>>
> >>>> bind-users mailing list
> >>>> bind-users at lists.isc.org
> >>>> https://lists.isc.org/mailman/listinfo/bind-users
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list