RPZ Errors
Crist Clark
cjc+bind-users at pumpky.net
Thu Nov 14 04:10:32 UTC 2013
On Tue, Nov 12, 2013 at 09:14:24AM -0500, Alan Clegg wrote:
>
> On Nov 12, 2013, at 12:13 AM, Crist Clark <cjc+bind-users at pumpky.net> wrote:
>
> > From the initial mail: "This is BIND 9.9.2 (Infoblox 6.7.3)."
> >
> > No huge increase in resource usage noted.
>
> Has the vendor in question provided a response?
>
> Having worked on Frankenstein versions of BIND in the past (Hi, Redhat!), I?d be leery of answering this question as an ?outsider?. Certainly not with an authoritative answer.
I have an open ticket with their support. I only came to the list after
not getting a lot of help. My tech seems to think the db_find() messages
mean the server cannot resolve the names in question like there is a
firewall or something blocking queries. But I can resolve the names when
I query directly and the firewall is not blocking any DNS from the servers
in question.
I vaguely remember seeing something about the RPZ checks only using cached
data for checks and not doing active lookups for things like NS records for
performance reasons. I think it was on an ISC blog or something, not in
any official manual. That's my suspicion of what db_find() failures mean.
It couldn't find info in the cache.
What I'd actually really like here is someone to give me a RTFM post with
a pointer to the FM for RPZ error messages and algorthms if one exists.
More information about the bind-users
mailing list