Assistance Needed: "Too Many Records" Error When Reloading Zone `example.com`, BIND: 9.18.29
Lars Kollstedt
lk at man-da.de
Mon Sep 23 08:23:23 UTC 2024
On 23.09.24 08:07, Peter Davies wrote:
>--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From: *"Nagesh Thati" <tcpnagesh at gmail.com>
> *To: *"bind-users" <bind-users at lists.isc.org>
> *Sent: *Monday, 23 September, 2024 07:48:32
> *Subject: *Assistance Needed: "Too Many Records" Error When Reloading Zone `example.com`, BIND: 9.18.29
>
> Hi BIND Community,
[...]
>
> *`general.log` Output:*
> 23-Sep-2024 10:33:48.625 general: info: received control channel command 'reload example.com <http://example.com>'
> 23-Sep-2024 10:33:48.625 general: debug 1: zone_startload: zone example.com/IN <http://example.com/IN>: enter
> 23-Sep-2024 10:33:48.629 general: error: dns_master_load: /var/named/zones/db.example.com:995 <http://db.example.com:995>: text.example.com <http://text.example.com>: too many records
>
> *Zone File Excerpt (Line 995):*
> 990 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 209 for us-lcm-01.example.com <http://us-lcm-01.example.com>. created on 2024-05-28"
> 991 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 211 for us-vra.example.com <http://us-vra.example.com>. created on 2024-05-28"
> 992 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 212 for us-vdm.example.com <http://us-vdm.example.com>. created on 2024-05-28"
> 993 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 217 for us-twlcm-01.example.com <http://us-twlcm-01.example.com>. created on 2024-05-28"
> 994 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 220 for us-lcm-02.example.com <http://us-lcm-02.example.com>. created on 2024-05-29"
> *995 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 225 for us-dev-remote-50.example.com <http://us-dev-remote-50.example.com>. created on 2024-05-29"*
> 996 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 228 for us-vdm-02.example.com <http://us-vdm-02.example.com>. created on 2024-05-29"
> 997 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 230 for us-lcm-03.example.com <http://us-lcm-03.example.com>. created on 2024-05-29"
> 998 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 235 for us-dev-remote-51.example.com <http://us-dev-remote-51.example.com>. created on 2024-05-29"
> 999 text.example.com <http://text.example.com>. 5000 IN TXT "Example Infrastructure Asset ID: 240 for us-twlcm-02.example.com <http://us-twlcm-02.example.com>. created on 2024-05-29"
>
On 23.09.24 09:30, Petr Špaček wrote:
>> *Request for Assistance:*
>> 1. _Understanding the Limit:_ Is there a configurable limit in BIND that restricts the number of records per zone? If so, how can we adjust this limit to accommodate our current zone size?
>
> Albeit you can adjust configuration to allow more records in one place it is not recommended. Doing so opens possibility of DoS attacks.
Hi Nagesh,
I think a better option would be to convert the RRs
text.example.com. 5000 IN TXT "Example Infrastructure Asset ID: 209 for us-lcm-01.example.com. created on 2024-05-28"
to something like
us-lcm-01.text.example.com. 5000 IN TXT "Example Infrastructure Asset ID: 209 for us-lcm-01.example.com. created on 2024-05-28"
since the discovery of the real name of text.example.com (if this is requestable from unvalidated source IP addresses - almost any source IP address in
the "internet" has to be considered unvalidated - since there is no applicable way to validate foreign source addresses on autonomous system interconnects,
yet) will make it possible to abuse this RRs for a DoS amplification attack against third parties (the real owners of the forged source IPs).
The attacker just needs to send requests for text.example.com IN TXT with the forged IP of the victim, and the victim will get your hundreds of TXT records
under this name from your server for each of them.
But depending of the origin or use of this records this might be difficult. ;-)
Kind regards,
Lars
--
Lars Kollstedt
Telefon: +49 6151 16-71027
E-Mail: lk at man-da.de
man-da.de GmbH
Dolivostraße 11
64293 Darmstadt
Sitz der Gesellschaft: Darmstadt
Registergericht: Amtsgericht Darmstadt
Handelsregisternummer: HRB 9484
Geschäftsführer: Andreas Ebert
More information about the bind-users
mailing list