Unbound/dnskey - moin.qmail.jp

Unbound/dnskeyについて、ここに記述してください。

reload しなおして、 root zone の nsを問い合わせたあと、

$ dig b.root-servers.net +dnssec

; <<>> DiG 9.11.1 <<>> b.root-servers.net +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28515
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1220
;; QUESTION SECTION:
;b.root-servers.net.            IN      A

;; ANSWER SECTION:
b.root-servers.net.     3599957 IN      A       192.228.79.201

;; Query time: 0 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Wed Jul 26 21:37:17 JST 2017
;; MSG SIZE  rcvd: 63

1. DNSKEY をquery

$ dig -t dnskey . +dnssec 
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.11.1 <<>> -t dnskey . +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25168
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1220
;; QUESTION SECTION:
;.                              IN      DNSKEY

;; ANSWER SECTION:
.                       172800  IN      DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
...

2. log

DNSKEYを問い合わせしなおしているようにみえる。

[1501072648] unbound[1553:0] info: resolving . DNSKEY IN
[1501072648] unbound[1553:0] info: response for . DNSKEY IN
[1501072648] unbound[1553:0] info: reply from <.> 192.5.5.241#53
[1501072648] unbound[1553:0] info: query response was ANSWER

MoinQ: Unbound/dnskey

1. DNSKEY をquery

2. log