1. jp.sharp

sharp gTLD直下のドメイン: /委譲されているのに ゾーンがない。 DNS/lame_delegation

サブドメイン: CNAMEが多い。 信用するのか。DNS/RFC/1912

/delegation 返答は受け入れるのか。

https://dnscheck.ripe.net/test/15716048692273c2

https://dnsviz.net/d/jp.sharp/dnssec/

watchNS/ualsharp.hs.llnwd.net

DNSの仕組みを理解しているひとがいないのか。 /障害

参考: https://jprs.jp/tech/material/iw2012-lunch-L3-01.pdf

証明書: https://jp.sharp サーバー証明書を発行した機関はどういう確認をしたのだろう。

watchA/insecure.mufj.jp

1.1. NS なし、SOA なし

つまり、jp.sharp ゾーンが存在しない。/query

1.2. 障害

$ dig jp.sharp @ns1.sharp.co.jp

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> jp.sharp @ns1.sharp.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50815
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jp.sharp.                      IN      A

;; ANSWER SECTION:
jp.sharp.               300     IN      CNAME   ualsharp.hs.llnwd.net.

;; Query time: 26 msec
;; SERVER: 61.214.248.154#53(61.214.248.154)
;; WHEN: Tue Nov 03 10:20:48 JST 2020
;; MSG SIZE  rcvd: 72

CNAME (Answer) だけが返ってきた時点で、SOA/NSを確認してもも遅くはない。-- ToshinoriMaeno 2020-11-12 15:12:52

$ dig ualsharp.hs.llnwd.net.

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> ualsharp.hs.llnwd.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42745
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ualsharp.hs.llnwd.net.         IN      A

;; AUTHORITY SECTION:
llnwd.net.              120     IN      SOA     dns11.llnwd.net. hostmaster.llnwd.net. 210 900 300 604800 350

;; Query time: 18 msec
;; SERVER: 210.188.224.10#53(210.188.224.10)
;; WHEN: Tue Nov 03 10:20:43 JST 2020
;; MSG SIZE  rcvd: 103

復活

ualsharp.hs.llnwd.net.  60      IN      A       111.119.27.166
ualsharp.hs.llnwd.net.  60      IN      A       111.119.27.78

1.3. whois

Domain Name: JP.SHARP
Registry Domain ID: DO3709015-GMO
Registrar WHOIS Server: whois.brightsconsulting.net
Registrar URL: http://brightsconsulting.com
Updated Date: 2019-05-22T00:09:43.0Z
Creation Date: 2018-05-21T05:08:47.0Z
Registry Expiry Date: 2020-05-21T23:59:59.0Z
Registrar: GMO Brights Consulting Inc.

Name Server: NS1.SHARP.CO.JP
Name Server: TG1.SHARP.CO.JP

DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2020-10-27T23:24:33.0Z <<<

1.4. jp.sharp ゾーンがない

sharp. gTLDには jp.sharp への委譲が設定されているのに、

このような設定のドメインについて、名前解決をしなければならないのであれば、DNSリゾルバーは信用できないものとなるだろう。

ns1.sharp.co.jp は sharp. の権威サーバーではない。

1.4.1. SOA

$ dig -t soa jp.sharp @ns1.sharp.co.jp

; <<>> DiG 9.16.1-Ubuntu <<>> -t soa jp.sharp @ns1.sharp.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59882
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7d42cab9ff3cb68092baa8545f98ab75d1cb5b7b6e4daf13 (good)
;; QUESTION SECTION:
;jp.sharp.                      IN      SOA

;; ANSWER SECTION:
jp.sharp.               300     IN      CNAME   ualsharp.hs.llnwd.net.

;; Query time: 16 msec
;; SERVER: 61.214.248.154#53(61.214.248.154)
;; WHEN: 水 10月 28 08:21:25 JST 2020
;; MSG SIZE  rcvd: 100

1.5. NXDOMAIN 返答

SOA がおかしい返答が返るが、 これがどう扱われるか。(無視されるのでは)

$ dig -t any qmail.jp.sharp @ns1.sharp.co.jp

; <<>> DiG 9.16.1-Ubuntu <<>> -t any qmail.jp.sharp @ns1.sharp.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49143
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 125424ce30f46a8ae0822bdb5f9c950b8e151ccfec36f12f (good)
;; QUESTION SECTION:
;qmail.jp.sharp.                        IN      ANY

;; AUTHORITY SECTION:
sharp.                  600     IN      SOA     ns1.sharp.co.jp. postmaster.sharp.co.jp. 2020103001 3600 1800 1209600 3600

;; Query time: 11 msec
;; SERVER: 61.214.248.154#53(61.214.248.154)
;; WHEN: 土 10月 31 07:34:51 JST 2020
;; MSG SIZE  rcvd: 133

1.6. DNSSEC

なし。 (設定失敗で見えなくなっていたか)

1.7. subdomains

/corporate

/cocoromemmbers

https://cocorolife.jp.sharp/

/歴史

1.8. ところが

jp.sharp.               300     IN      CNAME   ualsharp.hs.llnwd.net.

69.28.187.147
69.28.157.216
        
Limelight Networks, Inc.
        2020-02-20 (8 months ago)       2020-10-27 (today)      8 months 

$ dig -t ns jp.sharp @a.gmoregistry.net.

; <<>> DiG 9.16.1-Ubuntu <<>> -t ns jp.sharp @a.gmoregistry.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57749
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jp.sharp.                      IN      NS

;; AUTHORITY SECTION:
jp.sharp.               86400   IN      NS      tg1.sharp.co.jp.
jp.sharp.               86400   IN      NS      ns1.sharp.co.jp.

;; Query time: 8 msec
;; SERVER: 37.209.192.4#53(37.209.192.4)
;; WHEN: 火 10月 27 14:47:39 JST 2020
;; MSG SIZE  rcvd: 84

1.9. jp.sharp

???

$ dig -t ns jp.sharp @ns1.sharp.co.jp.

; <<>> DiG 9.16.1-Ubuntu <<>> -t ns jp.sharp @ns1.sharp.co.jp.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48837
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0e4542cda66b78d5702eb6c45f97b1119b4314c8758a9cbd (good)
;; QUESTION SECTION:
;jp.sharp.                      IN      NS

;; ANSWER SECTION:
jp.sharp.               300     IN      CNAME   ualsharp.hs.llnwd.net.

;; Query time: 20 msec
;; SERVER: 61.214.248.154#53(61.214.248.154)
;; WHEN: 火 10月 27 14:33:05 JST 2020
;; MSG SIZE  rcvd: 100

1.10. history

cocorolife.jp.sharp.    301     IN      CNAME   ualsharp.hs.llnwd.net.
ualsharp.hs.llnwd.net.  59      IN      A       111.119.27.78
ualsharp.hs.llnwd.net.  59      IN      A       111.119.27.166

1.11. ???

なにさま?

$ dig -t any jp.sharp @ns1.sharp.co.jp

; <<>> DiG 9.16.1-Ubuntu <<>> -t any jp.sharp @ns1.sharp.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4197
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 82d2d238ff325a00987ad38f5f97dd5e9070e1ffb2a1eab3 (good)
;; QUESTION SECTION:
;jp.sharp.                      IN      ANY

;; ANSWER SECTION:
jp.sharp.               300     IN      CNAME   ualsharp.hs.llnwd.net.
jp.sharp.               300     IN      RRSIG   CNAME 8 2 300 20201118004422 20201019004422 26718 sharp. LsH+oUWxdZrqj61zD9MTNPpi9WEZjT5OIlpCyMxgTCT90Q8WS0oLftWO ki1nP4TNKfBAAfC4C70oiTc4t+ys0GQwnR7TEtv5VoN3kJx/89yQkCWU Kt9Oil8wr8ZjRj9/UbAgc+z+MgpuB/Qsmf9PlgtUpCGSTjtxP22klNv/ lVE=
jp.sharp.               3600    IN      NSEC    aquos-emm.jp.sharp. CNAME RRSIG NSEC
jp.sharp.               3600    IN      RRSIG   NSEC 8 2 3600 20201118004422 20201019004422 26718 sharp. lJjt52yhc08eTZgLkpRFY30bXHYh7YAZGuvPwI6acTD34tnWSrsp1Ssu dzQGIpoaNDPyp9Irr2gHIY8+mOk2lfw6ANOitYiLIxdlZ7F8LrqdMsTE NjuYoeSix0yuj1HzQkVaN7YRU1iuofOD53YiecqaxO26MV8zm1EsXo7C d+8=

;; AUTHORITY SECTION:
sharp.                  43200   IN      NS      tg1.sharp.co.jp.
sharp.                  43200   IN      NS      ns1.sharp.co.jp.

;; ADDITIONAL SECTION:
ns1.sharp.co.jp.        43200   IN      A       61.214.248.154
tg1.sharp.co.jp.        60      IN      A       61.214.248.155

;; Query time: 16 msec
;; SERVER: 61.214.248.154#53(61.214.248.154)
;; WHEN: 火 10月 27 17:42:06 JST 2020
;; MSG SIZE  rcvd: 549


CategoryDns CategoryWatch CategoryTemplate

Moin2Qmail: DNS/gTLD/sharp/jp.sharp (last edited 2021-08-01 00:24:54 by ToshinoriMaeno)