DNS/実装/unbound/harden-referral-path/動作確認/2について、ここに記述してください。

こんな形では毒は入らない。(NXDOMAINが返るだけ) -- ToshinoriMaeno 2018-12-05 05:06:57

$ unbound-control set_option harden-referral-path no
ok
tmaeno@u16:~$ unbound-control flush_zone brau.jp
ok removed 4 rrsets, 5 messages and 0 key entries
tmaeno@u16:~$ dig poison.brau.jp @127.0.0.3

; <<>> DiG 9.12.3 <<>> poison.brau.jp @127.0.0.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62851
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;poison.brau.jp.                        IN      A

;; AUTHORITY SECTION:
brau.jp.                2560    IN      SOA     a.ns.brau.jp. hostmaster.brau.jp. 1543968754 16384 2048 1048576 2560

;; Query time: 396 msec
;; SERVER: 127.0.0.3#53(127.0.0.3)
;; WHEN: 水 12月 05 14:03:31 JST 2018
;; MSG SIZE  rcvd: 95

tmaeno@u16:~$ dig poison2.brau.jp @127.0.0.3

; <<>> DiG 9.12.3 <<>> poison2.brau.jp @127.0.0.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40099
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;poison2.brau.jp.               IN      A

;; AUTHORITY SECTION:
brau.jp.                2553    IN      SOA     a.ns.brau.jp. hostmaster.brau.jp. 1543968754 16384 2048 1048576 2560

;; Query time: 11 msec
;; SERVER: 127.0.0.3#53(127.0.0.3)
;; WHEN: 水 12月 05 14:03:38 JST 2018
;; MSG SIZE  rcvd: 96

[1543986192] unbound[7346:0] info: control cmd:  set_option harden-referral-path no

[1543986203] unbound[7346:0] info: control cmd:  flush_zone brau.jp

[1543986210] unbound[7346:0] info: resolving poison.brau.jp. A IN
[1543986211] unbound[7346:0] info: response for poison.brau.jp. A IN
[1543986211] unbound[7346:0] info: reply from <jp.> 202.12.30.131#53
[1543986211] unbound[7346:0] info: query response was REFERRAL
[1543986211] unbound[7346:0] info: response for poison.brau.jp. A IN
[1543986211] unbound[7346:0] info: reply from <brau.jp.> 14.192.44.29#53
[1543986211] unbound[7346:0] info: query response was NXDOMAIN ANSWER
[1543986218] unbound[7346:0] info: resolving poison2.brau.jp. A IN
[1543986218] unbound[7346:0] info: response for poison2.brau.jp. A IN
[1543986218] unbound[7346:0] info: reply from <brau.jp.> 14.192.44.29#53
[1543986218] unbound[7346:0] info: query response was NXDOMAIN ANSWER