Fwd: Facing weird issue with DNS-RPZ

Blason R blason16 at gmail.com
Wed Apr 25 05:24:45 UTC 2018 

Ok got the issue and fixed it was long zone which was causing issue.

On Wed, Apr 25, 2018 at 10:28 AM, Blason R <blason16 at gmail.com> wrote:

> Whoo..what is this all about guys? Is there any limit for zones?
>
>    Active: active (running) since Wed 2018-04-25 10:25:27 IST; 2s ago
>      Docs: man:named(8)
>   Process: 4085 ExecStop=/usr/sbin/rndc stop (code=exited,
> status=0/SUCCESS)
>  Main PID: 4091 (named)
>     Tasks: 7
>    Memory: 146.1M
>       CPU: 1.527s
>    CGroup: /system.slice/bind9.service
>            └─4091 /usr/sbin/named -f -u bind
>
> Apr 25 10:25:27 dnsfw named[4091]: managed-keys-zone: loaded serial 13
> Apr 25 10:25:27 dnsfw named[4091]: zone 0.in-addr.arpa/IN: loaded serial 1
> Apr 25 10:25:27 dnsfw named[4091]: zone localhost/IN: loaded serial 2
> Apr 25 10:25:27 dnsfw named[4091]: zone 255.in-addr.arpa/IN: loaded serial
> 1
> Apr 25 10:25:27 dnsfw named[4091]: zone 127.in-addr.arpa/IN: loaded serial
> 1
> *Apr 25 10:25:28 dnsfw named[4091]: dns_master_load:
> /etc/bind/isnlab.in.db:345703: ran out of space*
> *Apr 25 10:25:28 dnsfw named[4091]: zone isnlab.in/IN
> <http://isnlab.in/IN>: loading from master file /etc/bind/isnlab.in.db
> failed: ran out of space*
> *Apr 25 10:25:28 dnsfw named[4091]: zone isnlab.in/IN
> <http://isnlab.in/IN>: not loaded due to errors.*
>
> *I have around 300+ zones*
>
> *root at dnsfw:/etc/bind# named -v*
> *BIND 9.10.3-P4-Ubuntu <id:ebd72b3>*
>
>
> On Wed, Apr 25, 2018 at 8:52 AM, Blason R <blason16 at gmail.com> wrote:
>
>> Unfortunately neither RHEL nor CentOS gives RPM for 9.10+ and really
>> compiling and building is really pain and time consuming.
>> Hence I decided to give a try with Ubuntu 16.04 and any ways within few
>> days 18.04 is coming out with 9.11.
>>
>> BTW is 9.11 branch stable?
>>
>> On Wed, Apr 25, 2018 at 8:03 AM, Mukund Sivaraman <muks at isc.org> wrote:
>>
>>> On Tue, Apr 24, 2018 at 07:25:45PM -0700, Ray Van Dolson wrote:
>>> > On Tue, Apr 24, 2018 at 07:21:34PM -0700, Mukund Sivaraman wrote:
>>> > > On Tue, Apr 24, 2018 at 06:03:43PM +0530, Blason R wrote:
>>> > > > I am building DNS RPZ on named BIND 9.9.4-RedHat-9.9.4-51.el7_4.2
>>> > > > (Extended Support Version).
>>> > >
>>> > > RPZ in BIND 9.9 is experimental and unsupported (except for the
>>> > > subscription branch). Please use at least BIND 9.10 for RPZ.
>>> > >
>>> >
>>> > We've been using RPZ in RHEL6-provided BIND (based on BIND 9.8.2)
>>> > (based on BIND 9.8.2).
>>> >
>>> > No issues.  Unsure if Red Hat backports the "more stable" code?
>>>
>>> I doubt it. But speaking for ISC BIND, 9.10+ is the only RPZ code we
>>> bugfix and there have been a lot of bugs fixed.
>>>
>>>                 Mukund
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180425/46936542/attachment-0001.html>

More information about the bind-users mailing list