1. watchA/www.ana.co.jp.edgekey.net.globalredir.akadns.net

wildcard 設定を見かけた。と思ったが、どうも違うらしい。

-- ToshinoriMaeno 2017-06-03 06:33:42

watchWWW/redhat.com

https://www.buddyns.com/delegation-lab/www.ana.co.jp.edgekey.net.globalredir.akadns.net

Bigger response packets. Some DNS implementations of these servers may cause
TrunCation (TC) of DNS responses, based on how they build the Additional section.
This causes major slowdowns, and in some cases entire resolution errors.

2. 始まり

watchWWW/ana.co.jp

%dnsq a www.ana.co.jp.edgekey.net.globalredir.akadns.net a.gtld-servers.net
1 www.ana.co.jp.edgekey.net.globalredir.akadns.net:
371 bytes, 1+0+10+5 records, response, noerror
query: 1 www.ana.co.jp.edgekey.net.globalredir.akadns.net
authority: akadns.net 172800 NS a3-129.akadns.net
authority: akadns.net 172800 NS a7-131.akadns.net
authority: akadns.net 172800 NS a11-129.akadns.net
authority: akadns.net 172800 NS a1-128.akadns.net
authority: akadns.net 172800 NS a9-128.akadns.net
authority: akadns.net 172800 NS a5-130.akadns.org
authority: akadns.net 172800 NS a13-130.akadns.org
authority: akadns.net 172800 NS a28-129.akadns.org
authority: akadns.net 172800 NS a12-131.akadns.org
authority: akadns.net 172800 NS a18-128.akadns.org
...

%dnsq a www.ana.co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net 
1 www.ana.co.jp.edgekey.net.globalredir.akadns.net:
99 bytes, 1+1+0+0 records, response, noerror
query: 1 www.ana.co.jp.edgekey.net.globalredir.akadns.net
answer: www.ana.co.jp.edgekey.net.globalredir.akadns.net 3600 CNAME e1883.b.akamaiedge.net


%dnsq a ana.co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net 
1 ana.co.jp.edgekey.net.globalredir.akadns.net:
89 bytes, 1+1+0+0 records, response, noerror
query: 1 ana.co.jp.edgekey.net.globalredir.akadns.net
answer: ana.co.jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

これはいいとしても、


これらの目的はなにか。-- ToshinoriMaeno 2017-06-03 02:53:57

%dnsq ns co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net
2 co.jp.edgekey.net.globalredir.akadns.net:
85 bytes, 1+1+0+0 records, response, noerror
query: 2 co.jp.edgekey.net.globalredir.akadns.net
answer: co.jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

%dnsq ns jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net 
2 jp.edgekey.net.globalredir.akadns.net:
82 bytes, 1+1+0+0 records, response, noerror
query: 2 jp.edgekey.net.globalredir.akadns.net
answer: jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

$ dnsq ns edgekey.net.globalredir.akadns.net a1-128.akadns.net

2 edgekey.net.globalredir.akadns.net:
79 bytes, 1+1+0+0 records, response, noerror
query: 2 edgekey.net.globalredir.akadns.net
answer: edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

$ dnsq ns net.globalredir.akadns.net a1-128.akadns.net 
2 net.globalredir.akadns.net:
71 bytes, 1+1+0+0 records, response, noerror
query: 2 net.globalredir.akadns.net
answer: net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

3. CNAME 設定

$ dnsq ns globalredir.akadns.net a1-128.akadns.net 
2 globalredir.akadns.net:
67 bytes, 1+1+0+0 records, response, noerror
query: 2 globalredir.akadns.net
answer: globalredir.akadns.net 300 CNAME a23.g.akamai.net

4. wildcard CNAME

$ dnsq ns \*.globalredir.akadns.net a1-128.akadns.net

2 \052.globalredir.akadns.net:
69 bytes, 1+1+0+0 records, response, noerror
query: 2 \052.globalredir.akadns.net
answer: \052.globalredir.akadns.net 300 CNAME a23.g.akamai.net

example

$ dnsq ns xxx.qmail.globalredir.akadns.net a1-128.akadns.net 
2 xxx.qmail.globalredir.akadns.net:
77 bytes, 1+1+0+0 records, response, noerror
query: 2 xxx.qmail.globalredir.akadns.net
answer: xxx.qmail.globalredir.akadns.net 300 CNAME a23.g.akamai.net

== ??? === www.ana.co.jp.edgekey.net.globalredir.akadns.net ノードは存在するので、 以下の返事はおかしいような気もする。-- ToshinoriMaeno 2017-06-03 06:27:38

%dnsq a xxx.www.ana.co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net

1 xxx.www.ana.co.jp.edgekey.net.globalredir.akadns.net:
97 bytes, 1+1+0+0 records, response, noerror
query: 1 xxx.www.ana.co.jp.edgekey.net.globalredir.akadns.net
answer: xxx.www.ana.co.jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

5. wildcard ?

%dnsq a \*.www.ana.co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net

1 \052.www.ana.co.jp.edgekey.net.globalredir.akadns.net:
95 bytes, 1+1+0+0 records, response, noerror
query: 1 \052.www.ana.co.jp.edgekey.net.globalredir.akadns.net
answer: \052.www.ana.co.jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

== ??? === %dnsq a \*.\*.ana.co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net

1 \052.\052.ana.co.jp.edgekey.net.globalredir.akadns.net:
93 bytes, 1+1+0+0 records, response, noerror
query: 1 \052.\052.ana.co.jp.edgekey.net.globalredir.akadns.net
answer: \052.\052.ana.co.jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

== wildcard ??? ではない== NXDOMAINを返すべきときに、このCNAMEを返しているような気がする。

%dnsq a \*.\*.\*.ana.co.jp.edgekey.net.globalredir.akadns.net a1-128.akadns.net

1 \052.\052.\052.ana.co.jp.edgekey.net.globalredir.akadns.net:
95 bytes, 1+1+0+0 records, response, noerror
query: 1 \052.\052.\052.ana.co.jp.edgekey.net.globalredir.akadns.net
answer: \052.\052.\052.ana.co.jp.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net