Ubuntu/bind-9.12/AA.NSについて、ここに記述してください。
Contents
1. 目的
Authoritative Answer としてのNSレコードをキャッシュしていても、
- Authoritative Answer付属のAuthority SectionにあるNSでキャッシュが置き換えられることの検証
キャッシュにはflip.e-ontap.com NSは存在しないはず。
2. AA NSをキャッシュに
tmaeno@u16:/etc/namedb$ dig @192.168.10.7 -t ns flip.e-ontap.com ; <<>> DiG 9.12.0 <<>> @192.168.10.7 -t ns flip.e-ontap.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13994 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 92f446f86ebbd00ec34a11255acafabd7ac7f254ed264409 (good) ;; QUESTION SECTION: ;flip.e-ontap.com. IN NS ;; ANSWER SECTION: flip.e-ontap.com. 3600 IN NS ns.flip.e-ontap.com. ;; ADDITIONAL SECTION: ns.flip.e-ontap.com. 3600 IN A 150.42.6.1 ;; Query time: 23 msec ;; SERVER: 192.168.10.7#53(192.168.10.7) ;; WHEN: Mon Apr 09 14:31:41 JST 2018 ;; MSG SIZE rcvd: 106
3. flip下の名前を問い合わせる
tmaeno@u16:/etc/namedb$ dig @192.168.10.7 -t a d1.flip.e-ontap.com ; <<>> DiG 9.12.0 <<>> @192.168.10.7 -t a d1.flip.e-ontap.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52199 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: ba476490e8d96d194c54c69f5acafb0210dfa9b3f7cd91c9 (good) ;; QUESTION SECTION: ;d1.flip.e-ontap.com. IN A ;; ANSWER SECTION: d1.flip.e-ontap.com. 60 IN A 150.42.6.1 ;; Query time: 284 msec ;; SERVER: 192.168.10.7#53(192.168.10.7) ;; WHEN: Mon Apr 09 14:32:49 JST 2018 ;; MSG SIZE rcvd: 92
tmaeno@u16:/etc/namedb$ dig @192.168.10.7 -t a d2.flip.e-ontap.com ; <<>> DiG 9.12.0 <<>> @192.168.10.7 -t a d2.flip.e-ontap.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17113 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c29139c77b79916846a129845acafb987779ca4c9d08b217 (good) ;; QUESTION SECTION: ;d2.flip.e-ontap.com. IN A ;; ANSWER SECTION: d2.flip.e-ontap.com. 60 IN A 150.42.6.1 ;; Query time: 12 msec ;; SERVER: 192.168.10.7#53(192.168.10.7) ;; WHEN: Mon Apr 09 14:35:20 JST 2018 ;; MSG SIZE rcvd: 92 tmaeno@u16:/etc/namedb$ dig @150.42.6.1 -t a d2.flip.e-ontap.com ; <<>> DiG 9.12.0 <<>> @150.42.6.1 -t a d2.flip.e-ontap.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6510 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;d2.flip.e-ontap.com. IN A ;; ANSWER SECTION: d2.flip.e-ontap.com. 60 IN A 150.42.6.1 ;; AUTHORITY SECTION: flip.e-ontap.com. 3600 IN NS ns.flip.internot.jp. ;; Query time: 11 msec ;; SERVER: 150.42.6.1#53(150.42.6.1) ;; WHEN: Mon Apr 09 14:35:43 JST 2018 ;; MSG SIZE rcvd: 86
4. NS 確認
tmaeno@u16:/etc/namedb$ dig @192.168.10.7 -t ns flip.e-ontap.com ; <<>> DiG 9.12.0 <<>> @192.168.10.7 -t ns flip.e-ontap.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22125 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 7d35a4a7c9e770b76eac1f085acafbbb3c42536b8ffc6d3c (good) ;; QUESTION SECTION: ;flip.e-ontap.com. IN NS ;; ANSWER SECTION: flip.e-ontap.com. 3347 IN NS ns.flip.internot.jp. ;; ADDITIONAL SECTION: ns.flip.internot.jp. 81284 IN A 150.42.6.5 ;; Query time: 0 msec ;; SERVER: 192.168.10.7#53(192.168.10.7) ;; WHEN: Mon Apr 09 14:35:55 JST 2018 ;; MSG SIZE rcvd: 122
間が開いてしまったが、これでも毒盛を確認できるだろう -- ToshinoriMaeno 2018-04-09 05:50:19
$ dig @192.168.10.7 -t a e.flip.e-ontap.com ; <<>> DiG 9.12.0 <<>> @192.168.10.7 -t a e.flip.e-ontap.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 82d5099121889efac75594705acafe76f8f90552a37a8cf0 (good) ;; QUESTION SECTION: ;e.flip.e-ontap.com. IN A ;; ANSWER SECTION: e.flip.e-ontap.com. 60 IN A 150.42.6.5 ;; Query time: 15 msec ;; SERVER: 192.168.10.7#53(192.168.10.7) ;; WHEN: Mon Apr 09 14:47:34 JST 2018 ;; MSG SIZE rcvd: 91