watchNS/web.fc2.comについて、ここに記述してください。
web.fc2.com (zone)のNSはmdns1.fc2.comなどである。
- fc2.com のNSはawsdns上にある。
ところが、... -- ToshinoriMaeno 2018-02-13 00:20:51
- なんと、!!!
NSレコードに注目
%dig -t ns web.fc2.com @a.gtld-servers.net ~/dnsq/0205 ; <<>> DiG 9.11.2 <<>> -t ns web.fc2.com @a.gtld-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43034 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.fc2.com. IN NS ;; AUTHORITY SECTION: fc2.com. 172800 IN NS ns-214.awsdns-26.com. fc2.com. 172800 IN NS ns-616.awsdns-13.net. fc2.com. 172800 IN NS ns-1834.awsdns-37.co.uk. fc2.com. 172800 IN NS ns-1489.awsdns-58.org. ;; ADDITIONAL SECTION: ns-214.awsdns-26.com. 172800 IN A 205.251.192.214 ns-616.awsdns-13.net. 172800 IN A 205.251.194.104 ;; Query time: 122 msec ;; SERVER: 192.5.6.30#53(192.5.6.30) ;; WHEN: Tue Feb 13 09:06:59 JST 2018 ;; MSG SIZE rcvd: 209
%dig -t ns web.fc2.com @ns-214.awsdns-26.com. ~/dnsq/0205 ; <<>> DiG 9.11.2 <<>> -t ns web.fc2.com @ns-214.awsdns-26.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12679 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.fc2.com. IN NS ;; AUTHORITY SECTION: web.fc2.com. 86400 IN NS mdns1.fc2.com. web.fc2.com. 86400 IN NS mdns2.fc2.com. web.fc2.com. 86400 IN NS mdns3.fc2.com. ;; ADDITIONAL SECTION: mdns1.fc2.com. 300 IN A 54.218.49.223 mdns2.fc2.com. 300 IN A 54.244.4.177 mdns3.fc2.com. 300 IN A 54.213.109.64 ;; Query time: 88 msec ;; SERVER: 205.251.192.214#53(205.251.192.214) ;; WHEN: Tue Feb 13 09:07:42 JST 2018 ;; MSG SIZE rcvd: 148
1. 最終返答
Unbound harden-referral-path はこれをどう処理しているのか。-- ToshinoriMaeno 2018-02-13 00:09:52
%dig -t ns web.fc2.com @mdns1.fc2.com. ~/dnsq/0205 ; <<>> DiG 9.11.2 <<>> -t ns web.fc2.com @mdns1.fc2.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48289 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;web.fc2.com. IN NS ;; AUTHORITY SECTION: web.fc2.com. 86400 IN SOA mdns1.fc2.com.web.fc2.com. info.smartcgi.com. 172 28800 7200 604480 600 ;; Query time: 139 msec ;; SERVER: 54.218.49.223#53(54.218.49.223) ;; WHEN: Tue Feb 13 09:08:23 JST 2018 ;; MSG SIZE rcvd: 93
2. 親子同居だが
本当の親 fc2.comへの委譲はaws上のホストなのだ。
%dig -t ns fc2.com @mdns1.fc2.com. ~/dnsq/0205 ; <<>> DiG 9.11.2 <<>> -t ns fc2.com @mdns1.fc2.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47364 ;; flags: qr aa rd ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;fc2.com. IN NS ;; ANSWER SECTION: fc2.com. 86400 IN NS mdns1.fc2.com. fc2.com. 86400 IN NS mdns2.fc2.com. fc2.com. 86400 IN NS mdns3.fc2.com. ;; ADDITIONAL SECTION: mdns1.fc2.com. 86400 IN A 208.71.107.72 mdns2.fc2.com. 86400 IN A 208.71.107.73 mdns3.fc2.com. 86400 IN A 208.71.107.74 ;; Query time: 138 msec ;; SERVER: 54.218.49.223#53(54.218.49.223) ;; WHEN: Tue Feb 13 09:10:00 JST 2018 ;; MSG SIZE rcvd: 133
3. rootからの委譲はこっち
%dig -t ns fc2.com @ns-214.awsdns-26.com. ~/dnsq/0205 ; <<>> DiG 9.11.2 <<>> -t ns fc2.com @ns-214.awsdns-26.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20961 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;fc2.com. IN NS ;; ANSWER SECTION: fc2.com. 86400 IN NS ns-1489.awsdns-58.org. fc2.com. 86400 IN NS ns-1834.awsdns-37.co.uk. fc2.com. 86400 IN NS ns-214.awsdns-26.com. fc2.com. 86400 IN NS ns-616.awsdns-13.net. ;; Query time: 97 msec ;; SERVER: 205.251.192.214#53(205.251.192.214) ;; WHEN: Tue Feb 13 09:12:36 JST 2018 ;; MSG SIZE rcvd: 173
4. そして
子が親を乗っ取ることにならないか。(ならない。w) まともなリゾルバーであれば。-- ToshinoriMaeno 2018-02-13 00:45:39
$ dig -t ns av-photograph.com @mdns1.fc2.com ; <<>> DiG 9.12.0 <<>> -t ns av-photograph.com @mdns1.fc2.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26770 ;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;av-photograph.com. IN NS ;; ANSWER SECTION: av-photograph.com. 86400 IN CNAME happysmile0418.blog.fc2.com. ;; AUTHORITY SECTION: fc2.com. 86400 IN NS mdns1.fc2.com. fc2.com. 86400 IN NS mdns2.fc2.com. fc2.com. 86400 IN NS mdns3.fc2.com. ;; ADDITIONAL SECTION: happysmile0418.blog.fc2.com. 86400 IN CNAME blog-cach-ElasticL-HJNP94VKMIH2-1363093325.ap-northeast-1.elb.amazonaws.com. mdns1.fc2.com. 86400 IN A 208.71.107.72 mdns2.fc2.com. 86400 IN A 208.71.107.73 mdns3.fc2.com. 86400 IN A 208.71.107.74 ;; Query time: 140 msec ;; SERVER: 54.218.49.223#53(54.218.49.223) ;; WHEN: Tue Feb 13 09:42:42 JST 2018 ;; MSG SIZE rcvd: 267