DNS/毒盛/Additionalについて、ここに記述してください。

UnboundがAdditionalをどう扱っているかを調べる。

/referral毒

$ unbound-control flush_zone jp
ok removed 202 rrsets, 19 messages and 0 key entries

$ dig -t a xxxxx.00a.jp
$ dig -t a zzz.003.jp

1. unbound log

[1543884179] unbound[1587:0] info: control cmd:  flush_zone jp

[1543884193] unbound[1587:0] info: resolving xxxxx.00a.jp. A IN
[1543884194] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884194] unbound[1587:0] info: reply from <.> 198.97.190.53#53
[1543884194] unbound[1587:0] info: query response was REFERRAL
[1543884194] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884194] unbound[1587:0] info: reply from <jp.> 210.138.175.244#53
[1543884194] unbound[1587:0] info: query response was REFERRAL
[1543884194] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884194] unbound[1587:0] info: reply from <00a.jp.> 219.94.200.246#53
[1543884194] unbound[1587:0] info: query response was ANSWER

[1543884232] unbound[1587:0] info: resolving zzz.003.jp. A IN
[1543884232] unbound[1587:0] info: response for zzz.003.jp. A IN
[1543884232] unbound[1587:0] info: reply from <jp.> 150.100.6.8#53
[1543884232] unbound[1587:0] info: query response was REFERRAL
[1543884232] unbound[1587:0] info: response for zzz.003.jp. A IN
[1543884232] unbound[1587:0] info: reply from <003.jp.> 219.94.203.247#53
[1543884232] unbound[1587:0] info: query response was ANSWER

はっきりしているのは、JPサーバーから返るAdditional (真のglueではない)を 使って問合せているということだ。

$ unbound-control get_option harden-glue
no
$unbound-control get_option harden-referral-path
no

-- ToshinoriMaeno 2018-12-04 00:54:27

2. harden glue yes

[1543884680] unbound[1587:0] info: control cmd:  get_option harden-glue
[1543884714] unbound[1587:0] info: control cmd:  set_option harden-glue yes
[1543884719] unbound[1587:0] info: control cmd:  flush_zone jp

[1543884734] unbound[1587:0] info: resolving xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: reply from <.> 198.97.190.53#53
[1543884734] unbound[1587:0] info: query response was REFERRAL
[1543884734] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: reply from <jp.> 203.119.40.1#53
[1543884734] unbound[1587:0] info: query response was REFERRAL
[1543884734] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: reply from <00a.jp.> 183.90.224.226#53
[1543884734] unbound[1587:0] info: query response was ANSWER

[1543884754] unbound[1587:0] info: resolving zzz.003.jp. A IN
[1543884754] unbound[1587:0] info: response for zzz.003.jp. A IN
[1543884754] unbound[1587:0] info: reply from <jp.> 65.22.40.25#53
[1543884754] unbound[1587:0] info: query response was REFERRAL
[1543884754] unbound[1587:0] info: response for zzz.003.jp. A IN
[1543884754] unbound[1587:0] info: reply from <003.jp.> 219.94.200.164#53
[1543884754] unbound[1587:0] info: query response was ANSWER

== harden-referral-path yes ==
{{{
$ unbound-control set_option harden-referral-path yes
ok
tmaeno@u16:~$ unbound-control get_option harden-referral-path
yes

/harden-referral-path.log