DNS/unbound/logについて、ここに記述してください。
togetter.com の A レコードを検索したときのログを添付しました。-- ToshinoriMaeno 2011-06-05 03:36:22
$ dnsqr a togetter.com
1 togetter.com: 115 bytes, 1+2+0+0 records, response, noerror query: 1 togetter.com answer: togetter.com 147 CNAME togetter-outer-1482106848.ap-northeast-1.elb.amazonaws.com answer: togetter-outer-1482106848.ap-northeast-1.elb.amazonaws.com 60 A 46.51.255.100
$ dnsqr ns togetter.com
2 togetter.com: 127 bytes, 1+2+0+0 records, response, noerror query: 2 togetter.com answer: togetter.com 129 CNAME togetter-outer-1482106848.ap-northeast-1.elb.amazonaws.com answer: togetter-outer-1482106848.ap-northeast-1.elb.amazonaws.com 600 NS ns-927.amazon.com
togetter.com の NSレコードは無視されるようだ。CNAME優先?
- でもそのCNAMEはどこから得たかは忘れていないか。現実的対応を続けていると、いずれ破綻する。 dnscache/djbdns も同様の振る舞いをしているようだ。
-- ToshinoriMaeno 2011-06-06 23:49:59
1. potential poison
google, twitter くらいしかアクセスしていない状態で、unbound のログから拾ったもの。
- キャッシュすると危ないAレコードがついた名前です。
87 . NS IN>
15 A2.NSTLD.COM. A IN>
15 A2.NSTLD.COM. AAAA IN>
15 C2.NSTLD.COM. A IN>
15 C2.NSTLD.COM. AAAA IN>
1 C3.NSTLD.COM. A IN>
15 D2.NSTLD.COM. A IN>
1 D3.NSTLD.COM. A IN>
15 E2.NSTLD.COM. A IN>
15 F2.NSTLD.COM. A IN>
15 G2.NSTLD.COM. A IN>
5 HP4S1ID975CLR0QISV0SU53ASH5LRCLA.verisign.net. NSEC3 IN>
15 L2.NSTLD.COM. A IN>
1 M3.NSTLD.COM. A IN>
1 c3.nstld.com. A IN>
1 d3.nstld.com. A IN>
3 dns01.asahi-np.co.jp. A IN>
1 dns01.em-net.ne.jp. A IN>
1 dns01.muumuu-domain.com. A IN>
3 dns02.asahi-np.co.jp. A IN>
1 dns02.em-net.ne.jp. A IN>
1 dns02.muumuu-domain.com. A IN>
3 dns04.excite.co.jp. A IN>
3 dns05.excite.co.jp. A IN>
2 dns1.name-services.com. A IN>
3 dns2.easydns.net. A IN>
2 dns2.name-services.com. A IN>
2 dns20.ops.bbt.yahoo.co.jp. A IN>
2 dns3.easydns.org. A IN>
2 dns3.easydns.org. AAAA IN>
2 dns3.name-services.com. A IN>
2 dns37.ops.ogk.yahoo.co.jp. A IN>
2 dns4.easydns.info. A IN>
2 dns4.easydns.info. AAAA IN>
2 dns4.name-services.com. A IN>
2 dns5.name-services.com. A IN>
1 iraqbodycount.org. SOA IN>
1 m3.nstld.com. A IN>
2 ns.spin.ad.jp. A IN>
2 ns.tokyo.spin.ad.jp. A IN>
5 ns0.comododns.com. A IN>
9 ns0.comododns.net. A IN>
6 ns0.cpi.ad.jp. A IN>
2 ns01.ameba.jp. A IN>
2 ns02.ameba.jp. A IN>
1 ns1.apnic.net. A IN>
1 ns1.apnic.net. AAAA IN>
5 ns1.comododns.com. A IN>
9 ns1.comododns.net. A IN>
6 ns1.cpi.ad.jp. A IN>
4 ns1.dynamicnetworkservices.net. A IN>
4 ns1.dynamicnetworkservices.net. AAAA IN>
1 ns1.easydns.com. A IN>
1 ns1.p34.dynect.net. A IN>
4 ns13.nstld.net. A IN>
4 ns14.nstld.net. A IN>
4 ns15.nstld.net. A IN>
4 ns16.nstld.net. A IN>
4 ns17.nstld.net. A IN>
4 ns2.dynamicnetworkservices.net. A IN>
1 ns2.easydns.com. A IN>
1 ns2.p34.dynect.net. A IN>
1 ns3.apnic.net. A IN>
1 ns3.apnic.net. AAAA IN>
4 ns3.dynamicnetworkservices.net. A IN>
4 ns3.dynamicnetworkservices.net. AAAA IN>
1 ns3.p34.dynect.net. A IN>
2 ns4.apnic.com. A IN>
1 ns4.apnic.net. A IN>
1 ns4.apnic.net. AAAA IN>
4 ns4.dynamicnetworkservices.net. A IN>
1 ns4.p34.dynect.net. A IN>
3 odns1.ryukoku.ac.jp. A IN>
3 odns2.ryukoku.ac.jp. A IN>
1 remote1.easydns.com. A IN>
1 remote2.easydns.com. A IN>
1 sec1.apnic.net. A IN>
1 sec1.apnic.net. AAAA IN>
1 sec1.authdns.ripe.net. A IN>
1 sec3.apnic.net. A IN>
1 sec3.apnic.net. AAAA IN>
1 slave.gbg.netnod.se. A IN>
1 slave.sth.netnod.se. A IN>
1 slave.sth.netnod.se. AAAA IN>
2 sv.madame.jp. A IN>