RPZ zone load failure ran out of space

Jim Yang zy33 at cornell.edu
Wed Jun 28 22:28:58 UTC 2017

Hi Bob,

Thank you for the explanation. It makes sense to me now.



From: Bob Harold <rharolde at umich.edu>
Sent: Wednesday, June 28, 2017 4:38 PM
To: Jim Yang
Cc: bind-users at lists.isc.org
Subject: Re: RPZ zone load failure ran out of space

On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang <zy33 at cornell.edu<mailto:zy33 at cornell.edu>> wrote:

In the example below, when the length of bad.domain.com<http://bad.domain.com> reaches 241 bytes, named-checkconf reports the following error:

“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space
_default/db.rpz.zone/IN: ran out of space”

As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes.

I wonder what is the maximum length for bad.domain.com<http://bad.domain.com> in the RPZ zone?

$ORIGIN rpz.example.com<http://rpz.example.com>.
      $TTL 1H
      @               SOA LOCALHOST. named-mgr.example.com<http://named-mgr.example.com> (1 1h 15m 30d 2h)
                      NS  LOCALHOST.

      ; QNAME policy records.
      ; Note: There are no periods (.) after the (relativised) owner names.

bad.domain.com<http://bad.domain.com>      A      ; redirect to walled garden
                          AAAA    2001:2::1


I just hit the same problem (we probably use the same block list source).
The actual DNS name is the combination of the ORIGIN and the entry:
which exceeds 255 characters including the trailing dot, most likely.

Bob Harold

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170628/9e722909/attachment.html>

More information about the bind-users mailing list