Hi Jim

On Thu, Jun 29, 2017 at 07:39:34PM +0000, Jim Yang via RT wrote:
> As per Mukund Sivaraman’s suggestion, I am reporting a bug in BIND. This name “sign.encoding.information.uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp.chinaboca.com” was successfully loaded into a RPZ zone. 
> The label “uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp” is 64 bytes long (> label limit 63 bytes RFC 1035)
> 
> The sample RPZ zone is listed below.
> 
> $ORIGIN rpz.example.com.
>       $TTL 1H
>       @               SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
>                       NS  LOCALHOST.
>  
>       ; QNAME policy records.
>       ; Note: There are no periods (.) after the (relativised) owner names.
>  
> sign.encoding.information.uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp.chinaboca.com      A       10.0.0.1      ; redirect to walled garden
>                           AAAA    2001:2::1

From the zone above:

[muks@jurassic bind9]$ echo -n "uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp" | wc -c
63
[muks@jurassic bind9]$ 

That label is not 64 octets long, it is 63 octets long.

I have verified by adding an extra octet to this long label that it is
then rejected by named-checkzone.

		Mukund