DNS/実装/KnotDNSresolver/yamato.ac.jpについて、ここに記述してください。
yamato.ac.jp ns2.dns.ne.jp 210.224.172.13 yamato.ac.jp ns1.dns.ne.jp 210.188.224.9
$ dig -t a yamato.ac.jp @127.0.0.3
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> -t a yamato.ac.jp @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34434 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1452 ;; QUESTION SECTION: ;yamato.ac.jp. IN A ;; ANSWER SECTION: yamato.ac.jp. 2610 IN A 49.212.180.17 ;; Query time: 0 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: Wed Oct 07 21:38:11 JST 2015 ;; MSG SIZE rcvd: 57
Knot Resolver がJPからのAレコードをどう扱うか。
- さくらNSのAレコードを確認しているようには見えない。
- 「モドキ」を受け入れると毒かもしれないのに。 (エントロピーを増やしているから、よしとするか)
ただ、「委譲・委任」毒を受け入れても、
- ほかのさくらサービス利用ドメインを参照したら、本来のレコードで書き戻されてしまう。
- そうなる前にAレコードを注入できるかが、鍵となる。
現状では実害は大きくないと言える。 --> やはり委譲がキャッシュされることのないドメイン名を狙う方が効果的だろう。 -- ToshinoriMaeno 2015-10-07 15:18:59
[plan] plan 'yamato.ac.jp.' type 'A' [resl] => querying: '2001:502:ad09::5' score: 10 zone cut: 'jp.' m12n: 'ac.JP.' type: 'NS' [resl] optional: '156.154.100.5' score: 10 zone cut: 'jp.' m12n: 'ac.JP.' type: 'NS' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:502:ad09::5' score: 10 zone cut: 'jp.' m12n: 'aC.jP.' type: 'NS' [resl] optional: '156.154.100.5' score: 10 zone cut: 'jp.' m12n: 'aC.jP.' type: 'NS' [resl] => querying: '2001:2f8:0:100::153' score: 10 zone cut: 'jp.' m12n: 'AC.jP.' type: 'NS' [resl] optional: '150.100.6.8' score: 10 zone cut: 'jp.' m12n: 'AC.jP.' type: 'NS' [plan] plan 'yamato.ac.jp.' type 'A' [resl] => querying: '156.154.100.5' score: 10 zone cut: 'jp.' m12n: 'Ac.jP.' type: 'NS' [iter] <= rcode: NOERROR [iter] <= found cut, retrying with non-minimized name [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'yamatO.aC.jp.' type: 'A' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'yamatO.aC.jp.' type: 'A' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:2f8:0:100::153' score: 10 zone cut: 'jp.' m12n: 'Ac.jp.' type: 'NS' [resl] optional: '150.100.6.8' score: 10 zone cut: 'jp.' m12n: 'Ac.jp.' type: 'NS' [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'Ac.Jp.' type: 'NS' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'Ac.Jp.' type: 'NS' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'YaMatO.aC.jp.' type: 'A' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'YaMatO.aC.jp.' type: 'A' [resl] => querying: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'YAmatO.Ac.jP.' type: 'A' [iter] <= referral response, follow [resl] => querying: '210.188.224.9' score: 10 zone cut: 'yamato.ac.jp.' m12n: 'YaMatO.ac.JP.' type: 'A' [iter] <= rcode: NOERROR [resl] finished: 4, queries: 1, mempool: 32784 B [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'ac.Jp.' type: 'NS' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'ac.Jp.' type: 'NS' [resl] => querying: '150.100.6.8' score: 10 zone cut: 'jp.' m12n: 'ac.JP.' type: 'NS' [iter] <= rcode: NOERROR [iter] <= found cut, retrying with non-minimized name [resl] => querying: '2001:200:c000::35' score: 10 zone cut: 'jp.' m12n: 'YAMAto.aC.jP.' type: 'A' [resl] optional: '192.50.43.53' score: 10 zone cut: 'jp.' m12n: 'YAMAto.aC.jP.' type: 'A' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:200:c000::35' score: 10 zone cut: 'jp.' m12n: 'yAMATo.Ac.jp.' type: 'A' [resl] optional: '192.50.43.53' score: 10 zone cut: 'jp.' m12n: 'yAMATo.Ac.jp.' type: 'A' [resl] => querying: '203.119.40.1' score: 10 zone cut: 'jp.' m12n: 'YAmATO.ac.Jp.' type: 'A' [iter] <= referral response, follow [resl] => querying: '210.224.172.13' score: 10 zone cut: 'yamato.ac.jp.' m12n: 'yAmaTO.ac.JP.' type: 'A' [iter] <= rcode: NOERROR [resl] finished: 4, queries: 1, mempool: 16392 B
$ dig -t ns yamato.ac.jp @127.0.0.3
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> -t ns yamato.ac.jp @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27490 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1452 ;; QUESTION SECTION: ;yamato.ac.jp. IN NS ;; ANSWER SECTION: yamato.ac.jp. 85553 IN NS ns1.dns.ne.jp. yamato.ac.jp. 85553 IN NS ns2.dns.ne.jp. ;; Query time: 0 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: Wed Oct 07 21:35:48 JST 2015 ;; MSG SIZE rcvd: 84
[plan] plan 'yamato.ac.jp.' type 'A' [resl] => querying: '2001:502:ad09::5' score: 10 zone cut: 'jp.' m12n: 'ac.JP.' type: 'NS' [resl] optional: '156.154.100.5' score: 10 zone cut: 'jp.' m12n: 'ac.JP.' type: 'NS' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:502:ad09::5' score: 10 zone cut: 'jp.' m12n: 'aC.jP.' type: 'NS' [resl] optional: '156.154.100.5' score: 10 zone cut: 'jp.' m12n: 'aC.jP.' type: 'NS' [resl] => querying: '2001:2f8:0:100::153' score: 10 zone cut: 'jp.' m12n: 'AC.jP.' type: 'NS' [resl] optional: '150.100.6.8' score: 10 zone cut: 'jp.' m12n: 'AC.jP.' type: 'NS' [plan] plan 'yamato.ac.jp.' type 'A' [resl] => querying: '156.154.100.5' score: 10 zone cut: 'jp.' m12n: 'Ac.jP.' type: 'NS' [iter] <= rcode: NOERROR [iter] <= found cut, retrying with non-minimized name [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'yamatO.aC.jp.' type: 'A' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'yamatO.aC.jp.' type: 'A' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:2f8:0:100::153' score: 10 zone cut: 'jp.' m12n: 'Ac.jp.' type: 'NS' [resl] optional: '150.100.6.8' score: 10 zone cut: 'jp.' m12n: 'Ac.jp.' type: 'NS' [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'Ac.Jp.' type: 'NS' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'Ac.Jp.' type: 'NS' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'YaMatO.aC.jp.' type: 'A' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'YaMatO.aC.jp.' type: 'A' [resl] => querying: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'YAmatO.Ac.jP.' type: 'A' [iter] <= referral response, follow [resl] => querying: '210.188.224.9' score: 10 zone cut: 'yamato.ac.jp.' m12n: 'YaMatO.ac.JP.' type: 'A' [iter] <= rcode: NOERROR [resl] finished: 4, queries: 1, mempool: 32784 B [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:240::53' score: 10 zone cut: 'jp.' m12n: 'ac.Jp.' type: 'NS' [resl] optional: '210.138.175.244' score: 10 zone cut: 'jp.' m12n: 'ac.Jp.' type: 'NS' [resl] => querying: '150.100.6.8' score: 10 zone cut: 'jp.' m12n: 'ac.JP.' type: 'NS' [iter] <= rcode: NOERROR [iter] <= found cut, retrying with non-minimized name [resl] => querying: '2001:200:c000::35' score: 10 zone cut: 'jp.' m12n: 'YAMAto.aC.jP.' type: 'A' [resl] optional: '192.50.43.53' score: 10 zone cut: 'jp.' m12n: 'YAMAto.aC.jP.' type: 'A' [resl] => NS unreachable, retrying over TCP [resl] => querying: '2001:200:c000::35' score: 10 zone cut: 'jp.' m12n: 'yAMATo.Ac.jp.' type: 'A' [resl] optional: '192.50.43.53' score: 10 zone cut: 'jp.' m12n: 'yAMATo.Ac.jp.' type: 'A' [resl] => querying: '203.119.40.1' score: 10 zone cut: 'jp.' m12n: 'YAmATO.ac.Jp.' type: 'A' [iter] <= referral response, follow [resl] => querying: '210.224.172.13' score: 10 zone cut: 'yamato.ac.jp.' m12n: 'yAmaTO.ac.JP.' type: 'A' [iter] <= rcode: NOERROR [resl] finished: 4, queries: 1, mempool: 16392 B [plan] plan 'yamato.ac.jp.' type 'NS' [ rc ] => satisfied from cache [iter] <= rcode: NOERROR [resl] finished: 4, queries: 1, mempool: 16392 B