Hi Bob,
Thank you for the explanation. It makes sense to me now. Best, Jim ________________________________ From: Bob Harold <rharo...@umich.edu> Sent: Wednesday, June 28, 2017 4:38 PM To: Jim Yang Cc: bind-users@lists.isc.org Subject: Re: RPZ zone load failure ran out of space On Wed, Jun 28, 2017 at 3:44 PM, Jim Yang <z...@cornell.edu<mailto:z...@cornell.edu>> wrote: Hi, In the example below, when the length of bad.domain.com<http://bad.domain.com> reaches 241 bytes, named-checkconf reports the following error: “zone db.rpz.zone/IN: loading from master file db.rpz.zone failed: ran out of space _default/db.rpz.zone/IN: ran out of space” As per RFC1035, the DNS name maximum length is 255 bytes and each label length limit is 63 bytes. I wonder what is the maximum length for bad.domain.com<http://bad.domain.com> in the RPZ zone? $ORIGIN rpz.example.com<http://rpz.example.com>. $TTL 1H @ SOA LOCALHOST. named-mgr.example.com<http://named-mgr.example.com> (1 1h 15m 30d 2h) NS LOCALHOST. ; QNAME policy records. ; Note: There are no periods (.) after the (relativised) owner names. bad.domain.com<http://bad.domain.com> A 10.0.0.1 ; redirect to walled garden AAAA 2001:2::1 Thanks, Jim I just hit the same problem (we probably use the same block list source). The actual DNS name is the combination of the ORIGIN and the entry: bad.domain.com.rpz.example.com<http://bad.domain.com.rpz.example.com>. which exceeds 255 characters including the trailing dot, most likely. -- Bob Harold
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
