DNSSEC/dns.jpについて、ここに記述してください。
jpゾーンはDNSSEC
dns.jpゾーンはDNSSECを使っていない。
1. JPゾーン
$ dig +dnssec -t ns jp @a.dns.jp ; <<>> DiG 9.11.2 <<>> +dnssec -t ns jp @a.dns.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7007 ;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;jp. IN NS ;; ANSWER SECTION: jp. 86400 IN NS g.dns.jp. jp. 86400 IN NS a.dns.jp. jp. 86400 IN NS h.dns.jp. jp. 86400 IN NS c.dns.jp. jp. 86400 IN NS f.dns.jp. jp. 86400 IN NS e.dns.jp. jp. 86400 IN NS b.dns.jp. jp. 86400 IN NS d.dns.jp. jp. 86400 IN RRSIG NS 8 1 86400 20180212174502 20180113174502 56598 jp. FOirET2OaPdRNYW5uEUTwd4gidC9hChJBgiXXYv4yZJ0GYJm1K/oNUKI yNw1FYOLIRqfnlIUFrLg9vEcB2pYeUTJIeNYu+rGuHAb+KjV657/eN+1 /Pc/WQc4OEILMi4KKMmLKPMik2EQ2OPn+95GRJVFB42tb4YcI2gR7VcS 4uo= ;; Query time: 4 msec ;; SERVER: 203.119.1.1#53(203.119.1.1) ;; WHEN: Thu Jan 18 21:06:36 JST 2018 ;; MSG SIZE rcvd: 325
2. dns.jp ゾーン
$ dig +dnssec -t ns dns.jp @a.dns.jp
; <<>> DiG 9.11.2 <<>> +dnssec -t ns dns.jp @a.dns.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58482 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 10, ADDITIONAL: 12 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;dns.jp. IN NS ;; AUTHORITY SECTION: dns.jp. 86400 IN NS nsd.dns.jp. dns.jp. 86400 IN NS nse.dns.jp. dns.jp. 86400 IN NS nsa.dns.jp. dns.jp. 86400 IN NS nsf.dns.jp. dns.jp. 86400 IN NS nsg.dns.jp. dns.jp. 86400 IN NS nsb.dns.jp. OI574M80MO30F4GCAHMOT4FS0E6SJ44E.jp. 900 IN NSEC3 1 1 8 1C8F91D450 OICC361LSFV1KGCPKH7J7GJBG9P07LFE NS SOA RRSIG DNSKEY NSEC3PARAM OI574M80MO30F4GCAHMOT4FS0E6SJ44E.jp. 900 IN RRSIG NSEC3 8 2 900 20180212174502 20180113174502 56598 jp. XzR65icwM3vmssp5/1+jkAL4iVapBOBFzqTYAToc0mMUXZ1PLuKSO3a4 pWZV8a0gfwgIhfabGzgJ32NSRMfMULGk96xGPjtpd37WBi5NL5tHEabT TQC7gJS4xgjgI+5b4irLR4vr5tSRKGZ5eBV/vrFgFHPa5ZiwhEk4aUml fEo= QUPNT38365AF1GEKGRU6PGPL074V482I.jp. 900 IN NSEC3 1 1 8 1C8F91D450 QUU65HQ89PIM6C2EG2H8A6O4ERFJNGL4 TXT RRSIG QUPNT38365AF1GEKGRU6PGPL074V482I.jp. 900 IN RRSIG NSEC3 8 2 900 20180212174502 20180113174502 56598 jp. Ta/+scXnCj88O0yYafAQ35dAQ9v6maxFWwF4q4Pxn3La3JQfXPFTLzZV yysJcL6k9+chYN9zcXBvI49J8Ug9Aj3PDcS9eAi7V3TkMlZRaLrH6dRd BXcZEzRA8rXXjXvhQUQDBOs6ads/mCPCaCb8Idux5PE9KBtOZ7Nx7sk2 Cm0= ;; ADDITIONAL SECTION: nsa.dns.jp. 86400 IN A 203.119.1.4 nsb.dns.jp. 86400 IN A 202.12.30.134 nsd.dns.jp. 86400 IN A 210.138.175.245 nse.dns.jp. 86400 IN A 192.50.43.153 nsf.dns.jp. 86400 IN A 150.100.6.12 nsg.dns.jp. 86400 IN A 203.119.40.4 nsa.dns.jp. 86400 IN AAAA 2001:dc4::4 nsb.dns.jp. 86400 IN AAAA 2001:dc2::2 nsd.dns.jp. 86400 IN AAAA 2001:240::54 nse.dns.jp. 86400 IN AAAA 2001:200:c000::99 nsf.dns.jp. 86400 IN AAAA 2001:2f8:0:100::163 ;; Query time: 5 msec ;; SERVER: 203.119.1.1#53(203.119.1.1) ;; WHEN: Thu Jan 18 21:05:45 JST 2018 ;; MSG SIZE rcvd: 872
ここにあるNSEC3がどういう意味をもつのか、分かっていない。
- DNSSECありのdelegationならDSがあるはずだから、DSがないことを示しているのか。 そういうことをする意味があるのかどうかは不明。(まったくないわけではないことは分かる。)
-- ToshinoriMaeno 2018-01-18 12:11:31