1. DNS/1/EDNS/KnotResolver

について、ここに記述してください。

EDNS flag dayを告知するページに誤り(嘘?)が目立つので、なにが問題なのか、調べてみる。

Contents

  1. DNS/1/EDNS/KnotResolver
  2. knot
  3. 調査
  4. qmail.jp query

2. knot

https://en.blog.nic.cz/2018/03/14/together-for-better-stability-speed-and-further-extensibility-of-the-dns-ecosystem/ 

Knot Resolver by CZ.NIC has been standard-compliant from the beginning and its default configuration
does not try to work around incompatibilities caused by not complying with these standards.

However, it is very important to check your servers to ensure compatibility with software
by other standard-complying developers.

defaultコンフィグではもともと標準動作をしている。(ワークアラウンド動作しない)

3. 調査

4. qmail.jp query

UDP ではEDNSに返事をしない設定で運用中 

[    0][plan] plan 'qmail.jp.' type 'NS'
[54318][iter]   'qmail.jp.' type 'NS' id was assigned, parent id 0
[54318][cach]   => trying zone: .
[54318][cach]   => NSEC sname: range search found inconsistent entry
[54318][zcut]   found cut: . (return codes: DS -2, DNSKEY -2)
[54318][resl]   => querying: '199.7.83.42' score: 10 zone cut: '.' qname: 'jP.' qtype: 'NS' proto: 'udp'
[54318][iter]   <= loaded 8 glue addresses
[54318][iter]   <= referral response, follow
[54318][cach]   => stashed rank: 002, NS jp. (111 B total, incl. 0 RRSIGs)
[54318][cach]   => stashed also 15 nonauth RRsets
[54318][resl]   <= server: '199.7.83.42' rtt: 113 ms
[  626][iter]   'qmail.jp.' type 'NS' id was assigned, parent id 0
[  626][resl]   => querying: '65.22.40.25' score: 10 zone cut: 'jp.' qname: 'QmAiL.JP.' qtype: 'NS' proto: 'udp'
[  626][iter]   <= loaded 1 glue addresses
[  626][iter]   <= referral response, follow
[  626][cach]   => stashed rank: 002, NS qmail.jp. (32 B total, incl. 0 RRSIGs)
[  626][cach]   => stashed also 1 nonauth RRsets
[  626][resl]   <= server: '65.22.40.25' rtt: 165 ms
[32178][iter]   'qmail.jp.' type 'NS' id was assigned, parent id 0
[32178][resl]   => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp'
[32178][resl]   => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp'
[32178][resl]   => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp'
[32178][resl]   => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp'
[32178][wrkr]   => server: '14.192.44.5' flagged as 'bad'


[ 8443][iter]   'qmail.jp.' type 'NS' id was assigned, parent id 0
[ 8443][wrkr]   => connecting to: '14.192.44.5'
[ 8443][wrkr]   => connected to '14.192.44.5'
[ 8443][resl]   => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qmaIL.Jp.' qtype: 'NS' proto: 'tcp'
[ 8443][iter]   <= rcode: NOERROR
[ 8443][cach]   => stashed rank: 020, NS qmail.jp. (32 B total, incl. 0 RRSIGs)
[ 8443][resl]   <= server: '14.192.44.5' rtt: 24 ms
[    0][resl] AD: secure (start)
[    0][resl] AD: secure (between ANS and AUTH)
[ 8443][resl]   finished: 0, queries: 1, mempool: 98352 B