v9.12.1 RPZ 'map' format returns fatal error: incompatible masterfile-format or database for a response policy zone

aclion at yepmail.net aclion at yepmail.net
Mon Apr 23 00:26:13 UTC 2018


I run

named -v
 BIND 9.12.1 <id:b2307b2>

I use RPZ.  For a long time , I've used 'text' format zone files.

I want to switch to 'map' format.

these are my (testing) zonefiles, text format

	cat rpz.whitelist.local.zone 
		$TTL 300
		$ORIGIN rpz.whitelist.local.
		@    IN SOA localhost. soa.example.com. (
		        1524440808 ;
		        2H ;
		        1800 ;
		        7D ;
		        5 ;
		        )
		IN NS localhost.
		goodexample.net          CNAME .
		*.goodexample.net        CNAME .

	cat rpz.blacklist.local.zone 
		$TTL 300
		$ORIGIN rpz.whitelist.local.
		@    IN SOA localhost. soa.example.com. (
		        1524440808 ;
		        2H ;
		        1800 ;
		        7D ;
		        5 ;
		        )
		IN NS localhost.
		badexample.net          CNAME .
		*.badexample.net        CNAME .

I convert (no errors) the text zone files to map format with

	named-compilezone -f text -F map \
	  -o rpz.whitelist.local.map rpz.whitelist.local rpz.whitelist.local.zone 

	named-compilezone -f text -F map \
	  -o rpz.blacklist.local.map rpz.blacklist.local rpz.blacklist.local.zone 


In my bind conf,
	named.conf

		view "internal" {
			...
			response-policy {
			    zone "rpz.whitelist.local" policy PASSTHRU;
			    zone "rpz.blacklist.local";
			};

			zone "rpz.whitelist.local" IN {
				type master;
				file "/namedb/master/rpz.whitelist.local.map";
				masterfile-format map;
				allow-query { localhost; };
				allow-transfer { none; };
				allow-update { none; };
			};

			zone "rpz.blacklist.local" IN {
				type master;
				file "/namedb/master/rpz.blacklist.local.map";
				masterfile-format map;
				allow-query { localhost; };
				allow-transfer { none; };
				allow-update { none; };
			};
			...

When I restart my server, for each of the 2 rpz 'map' zones, I see in log

	Apr 22 16:45:06 katana named[42520]: 22-Apr-2018 16:45:06.504 general: error: zone 'rpz.blacklist.perm.local': incompatible masterfile-format or database for a response policy zone
	Apr 22 16:45:06 katana named[42520]: 22-Apr-2018 16:45:06.505 general: error: reloading configuration failed: not implemented

which is, apparently, fatal to server start.

Switch back to 'text' file & format, and all's good.

Searching, I'm finding nothing on the error.

Any help with figuring out the problem and a fix would be appreciated!

AC





More information about the bind-users mailing list