<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang <span dir="ltr"><<a href="mailto:zy33@cornell.edu" target="_blank">zy33@cornell.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">







<div bgcolor="white" link="#0563C1" vlink="#954F72" lang="EN-US">
<div class="m_-5593470400172404571WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">Hi,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">In the example below, when the length of <a href="http://bad.domain.com" target="_blank">bad.domain.com</a> reaches 241 bytes, named-checkconf reports the following error:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">“zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">_default/db.rpz.zone/IN: ran out of space”<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">I wonder what is the maximum length for <a href="http://bad.domain.com" target="_blank">bad.domain.com</a> in the RPZ zone?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">$ORIGIN <a href="http://rpz.example.com" target="_blank">rpz.example.com</a>.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">      $TTL 1H<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">      @               SOA LOCALHOST. <a href="http://named-mgr.example.com" target="_blank">named-mgr.example.com</a> (1 1h 15m 30d 2h)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">                      NS  LOCALHOST.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">      ; QNAME policy records.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">      ; Note: There are no periods (.) after the (relativised) owner names.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><a href="http://bad.domain.com" target="_blank">bad.domain.com</a>      A       10.0.0.1      ; redirect to walled garden<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">                          AAAA    2001:2::1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Verdana",sans-serif">Jim<u></u><u></u></span></p>
</div>
</div></blockquote><div><br></div><div>I just hit the same problem (we probably use the same block list source).<br></div><div>The actual DNS name is the combination of the ORIGIN and the entry:<br><a href="http://bad.domain.com.rpz.example.com">bad.domain.com.rpz.example.com</a>.<br>which exceeds 255 characters including the trailing dot, most likely.<br><br>-- <br></div><div>Bob Harold<br><br></div></div><br></div></div>