X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 X-PMX-Cornell-Auth-Results: dkim-out=pass; X-Cornellrouted: This message has been Routed already. X-MS-Traffictypediagnostic: DM5PR04MB0572: References: <20170629200611.GA30247@jurassic> X-Microsoft-Antispam-PRVS: X-MS-Office365-Filtering-Correlation-ID: 1d8ab2ed-dbc7-4f23-926d-08d4bf2b7235 From zy33@cornell.edu Thu Jun 29 20:14:38 2017 Thread-Topic: [ISC-Bugs #45482] BIND bug report X-MS-Exchange-Crosstenant-ID: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org X-RT-Interface: Email MIME-Version: 1.0 X-MS-Exchange-Transport-Crosstenantheadersstamped: DM5PR04MB0572 X-RT-Incoming-Encryption: Not encrypted X-MS-Exchange-Crosstenant-Originalarrivaltime: 29 Jun 2017 20:14:28.6382 (UTC) X-MS-Tnef-Correlator: Spamdiagnosticoutput: 1:99 X-Org-Routeonprem: False Content-ID: <08BC139888C2A647BD721DA0894499EE@namprd04.prod.outlook.com> Subject: Re: [ISC-Bugs #45482] BIND bug report To: "bind9-confidential@isc.org" X-Org-On-Prem-Outbound: True From: "Jim Yang" X-RT-Original-Encoding: utf-8 Thread-Index: AQHS8Q9iO1lX1oxYgkSSWp/3SVVIeqI8RGKT//+/DwA= Authentication-Results: isc.org; dkim=none (message not signed) header.d=none;isc.org; dmarc=none action=none header.from=cornell.edu; X-Original-To: bind9-confidential@bugs.isc.org X-Originatororg: cornell.edu Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 2452DD78A9D for ; Thu, 29 Jun 2017 20:14:38 +0000 (UTC) Received: from limerock03.mail.cornell.edu (limerock03.mail.cornell.edu [128.84.13.243]) by mx.pao1.isc.org (Postfix) with ESMTP id 948DB3493A2 for ; Thu, 29 Jun 2017 20:14:35 +0000 (UTC) Received: from exchange.cornell.edu (sf-e2013-02.exchange.cornell.edu [10.22.40.49]) by limerock03.mail.cornell.edu (8.14.4/8.14.4_cu) with ESMTP id v5TKEUHf005012 for ; Thu, 29 Jun 2017 16:14:33 -0400 Received: from sf-e2013-05.exchange.cornell.edu (10.22.40.52) by sf-e2013-02.exchange.cornell.edu (10.22.40.49) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 29 Jun 2017 16:14:29 -0400 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (216.32.180.56) by sf-e2013-05.exchange.cornell.edu (10.22.40.52) with Microsoft SMTP Server (TLS) id 15.0.1210.3 via Frontend Transport; Thu, 29 Jun 2017 16:14:29 -0400 Received: from DM5PR04MB0571.namprd04.prod.outlook.com (10.173.170.140) by DM5PR04MB0572.namprd04.prod.outlook.com (10.173.170.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1220.11; Thu, 29 Jun 2017 20:14:28 +0000 Received: from DM5PR04MB0571.namprd04.prod.outlook.com ([10.173.170.140]) by DM5PR04MB0571.namprd04.prod.outlook.com ([10.173.170.140]) with mapi id 15.01.1220.014; Thu, 29 Jun 2017 20:14:28 +0000 User-Agent: Microsoft-MacOutlook/f.23.0.170610 X-MS-Exchange-Crosstenant-Fromentityheader: Hosted X-Org-Hybridrouting: 7a3259bdadde4da918792baaa13db753 Spamdiagnosticmetadata: NSPM X-MS-Publictraffictype: Email Date: Thu, 29 Jun 2017 20:14:28 +0000 content-type: text/plain; charset="utf-8" Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cornellprod.onmicrosoft.com; s=selector1-cornell-edu; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Np+YI+j31KZMHzvSp3wFDu1Womth3zlg/IIJOJCIqGA=; b=Kp+/aXoPNw+aIV2M2Da41gHl5riaMEbuPIAugS+8j6TF8BiPz75jPYQStzRWZrieIUmSDmlqO0PCqODxAZCYH6VkX76owc/1g9hVEb+hQfBlsIu9tPvfZ3EE715XGzSpmIVes8DODg9jtF35IjSFs4glDVw8xq90fQua2/KN4vI= X-MS-Has-Attach: X-Forefront-PRVS: 0353563E2B X-Org-Msgsource: exchange Content-Language: en-US Return-Path: Delivered-To: bind9-confidential@bugs.isc.org In-Reply-To: Message-ID: <1A3647BC-7ACD-4969-BA41-30F6D15438BC@cornell.edu> X-Originating-Ip: [2620:110:d000:1:5e2:4e43:8cde:53ac] X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:DM5PR04MB0572; Accept-Language: en-US Content-Transfer-Encoding: base64 RT-Message-ID: Content-Length: 1681 You are correct. I counted the trailing new line in the data file. Sorry for about this confusion. Thanks, Jim On 6/29/17, 4:06 PM, "Mukund Sivaraman via RT" wrote: Hi Jim On Thu, Jun 29, 2017 at 07:39:34PM +0000, Jim Yang via RT wrote: > As per Mukund Sivaraman’s suggestion, I am reporting a bug in BIND. This name “sign.encoding.information.uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp.chinaboca.com” was successfully loaded into a RPZ zone. > The label “uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp” is 64 bytes long (> label limit 63 bytes RFC 1035) > > The sample RPZ zone is listed below. > > $ORIGIN rpz.example.com. > $TTL 1H > @ SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h) > NS LOCALHOST. > > ; QNAME policy records. > ; Note: There are no periods (.) after the (relativised) owner names. > > sign.encoding.information.uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp.chinaboca.com A 10.0.0.1 ; redirect to walled garden > AAAA 2001:2::1 From the zone above: [muks@jurassic bind9]$ echo -n "uzmzudseodc2fjpyi6mjcxndiymtuzmzufazdseyi6swh58fmodc2fjqxoc2fjp" | wc -c 63 [muks@jurassic bind9]$ That label is not 64 octets long, it is 63 octets long. I have verified by adding an extra octet to this long label that it is then rejected by named-checkzone. Mukund