実験2 旧ゾーンサーバがキャッシュ兼用(オープンリゾルバ)で上位Referral を返すケース
-- tss 2013-11-03 00:31:42
実験1と同様に委譲を切り替えた後、旧ゾーンサーバから設定を消す効果に関する実験。
実験1は旧ゾーンサーバが応答を REFUSE する最近の実装のケースだが、この実験ではキャッシュを兼用しオープンリゾルバになっていて上位 Referral を返すというケースを試す。 (BIND 9.8.4-P1)
root@server3:/ # dig www.bind.nom dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40835 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 60 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 180 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 300 IN A 172.16.17.1 ;; Query time: 7 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 04:49:15 2013 ;; MSG SIZE rcvd: 79 root@server3:/ # dig www.bind.nom @172.16.17.1 +norec ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom @172.16.17.1 +norec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20546 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; AUTHORITY SECTION: . 3600000 IN NS A.ROOT-SERVERS.NET. ;; Query time: 0 msec ;; SERVER: 172.16.17.1#53(172.16.17.1) ;; WHEN: Sat Nov 2 04:49:51 2013 ;; MSG SIZE rcvd: 61 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40522 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 17 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 137 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 257 IN A 172.16.17.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 04:49:58 2013 ;; MSG SIZE rcvd: 79 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61145 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 04:50:38 2013 ;; MSG SIZE rcvd: 30 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61980 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 1800 IN A 172.16.1.1 ;; AUTHORITY SECTION: bind.nom. 93 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 286 IN A 172.16.1.1 ;; Query time: 10 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 04:50:42 2013 ;; MSG SIZE rcvd: 79