frequent client query errors: "rpz_rewrite_name: mismatched summary data" ?

PGNet Dev pgnet.dev at gmail.com
Thu Feb 1 18:22:49 UTC 2018


I recently updated to

	named -v
		BIND 9.12.0 <id:71a4086>

compiled locally with

	... 
	--enable-rpz-nsip
	--enable-rpz-nsdname
	--enable-querytrace
	...

Now, in logs I'm seeing many of these errors, for numerous domain queries,

	...
	Feb  1 09:58:51 dns001 named[37642]: 01-Feb-2018 09:58:51.316 client: error: query client=0x7fed700dccf0 thread=0x7fed75bbd700 (api.stacksocial.com/A): rpz_rewrite_name: mismatched summary data; continuing
	...

Per this thread

	Latest BIND: Error "rpz_rewrite_name: mismatched summary data; continuing"
	 https://lists.isc.org/pipermail/bind-users/2016-September/097550.html

suggested to 'avoid' the error by

	(1) Don't use regular BIND 9.9 for RPZ. For using RPZ, please use 9.10 and higher

and

	(2) ... if you want to just not see this log message, just recompile after removing the offending CTRACE statement from bin/named/query.c. In fact, this code is normally enabled when configured with --enable-querytrace ...

which doesn't address the problem, beyond "not seeing" the errors.

What are these errors actually DUE to, and how are they to be fixed?



More information about the bind-users mailing list