Describe DNS/wiki/キャッシュの動作/CNAME/別の例 here.

%dnsq a www.securebits.org ns2.mhost111.net

1 www.securebits.org:
146 bytes, 1+2+2+2 records, response, authoritative, noerror
query: 1 www.securebits.org
answer: www.securebits.org 5000 CNAME securebits.org
answer: securebits.org 5000 A 209.59.173.201
authority: securebits.org 5000 NS ns1.mhost111.net
authority: securebits.org 5000 NS ns2.mhost111.net
additional: ns1.mhost111.net 14400 A 209.59.172.6
additional: ns2.mhost111.net 14400 A 209.59.172.7

これに対して、dnscacheで問い合わせると

%dnsqr a www.securebits.org

1 www.securebits.org:
66 bytes, 1+2+0+0 records, response, noerror
query: 1 www.securebits.org
answer: www.securebits.org 5000 CNAME securebits.org
answer: securebits.org 5000 A 209.59.173.201

そして、ログは

@400000004a89060916d9b17c query 41912 7f000001:fb5b:6aa8 1 www.securebits.org.
@400000004a89060916d9e05c cached ns org. d0.org.afilias-nst.org.
@400000004a89060916d9f7cc cached ns org. b2.org.afilias-nst.org.
@400000004a89060916d9ff9c cached ns org. a2.org.afilias-nst.info.
@400000004a89060916da0b54 cached ns org. b0.org.afilias-nst.org.
@400000004a89060916da1324 cached ns org. c0.org.afilias-nst.info.
@400000004a89060916da558c cached ns org. a0.org.afilias-nst.info.
@400000004a89060916da5d5c cached 1 d0.org.afilias-nst.org.
@400000004a89060916da652c cached 1 b2.org.afilias-nst.org.
@400000004a89060916da6cfc cached 1 a2.org.afilias-nst.info.
@400000004a89060916da74cc cached 1 b0.org.afilias-nst.org.
@400000004a89060916da7c9c cached 1 c0.org.afilias-nst.info.
@400000004a89060916da8c3c cached 1 a0.org.afilias-nst.info.
@400000004a89060916da940c tx 0 1 www.securebits.org. org. c7133901 c7133601 c7f97001 c7133501 c7133801 c7f97801
@400000004a89060926f891f4 rr c7133901 86400 ns securebits.org. ns1.mhost111.net.
@400000004a89060926f89dac rr c7133901 86400 ns securebits.org. ns2.mhost111.net.
@400000004a89060926f8c8a4 stats 41912 5741060 1 0
@400000004a89060926f8d074 cached 1 ns1.mhost111.net.
@400000004a89060926f8d844 cached 1 ns2.mhost111.net.
@400000004a89060926f8e3fc tx 0 1 www.securebits.org. securebits.org. d13bac07 d13bac06
@400000004a89060934563b44 rr d13bac07 5000 1 securebits.org. d13badc9
@400000004a89060934566a24 rr d13bac07 5000 ns securebits.org. ns1.mhost111.net.
@400000004a890609345671f4 rr d13bac07 5000 ns securebits.org. ns2.mhost111.net.
@400000004a89060934568194 rr d13bac07 5000 cname www.securebits.org. securebits.org.
@400000004a89060934569134 cached 1 securebits.org.
@400000004a8906093456c3fc sent 41912 66

再帰検索の部分を除外すると、問い合わせは一回だけで、CNAME 返答を受け取っています。

-- ToshinoriMaeno 2009-08-17 07:33:54


bind-9.5.1-P3 のキャッシュサーバに対して以下のように2つの問い合わせを送ってみました。 securebits.org.のAレコードは上書きされていません。

> dig @210.161.57.124 a www.securebits.org

; <<>> DiG 9.3.2 <<>> @210.161.57.124 a www.securebits.org
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64309
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.securebits.org.            IN      A

;; ANSWER SECTION:
www.securebits.org.     5000    IN      CNAME   securebits.org.
securebits.org.         5000    IN      A       209.59.173.201

;; AUTHORITY SECTION:
securebits.org.         5000    IN      NS      ns2.mhost111.net.
securebits.org.         5000    IN      NS      ns1.mhost111.net.

;; ADDITIONAL SECTION:
ns1.mhost111.net.       172800  IN      A       209.59.172.6
ns2.mhost111.net.       172800  IN      A       209.59.172.7

;; Query time: 1052 msec
;; SERVER: 210.161.57.124#53(210.161.57.124)
;; WHEN: Thu Aug 20 10:24:12 2009
;; MSG SIZE  rcvd: 146

> dig @210.161.57.124 a mail.securebits.org

; <<>> DiG 9.3.2 <<>> @210.161.57.124 a mail.securebits.org
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3323
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mail.securebits.org.           IN      A

;; ANSWER SECTION:
mail.securebits.org.    5000    IN      CNAME   securebits.org.
securebits.org.         4988    IN      A       209.59.173.201

;; AUTHORITY SECTION:
securebits.org.         4988    IN      NS      ns1.mhost111.net.
securebits.org.         4988    IN      NS      ns2.mhost111.net.

;; ADDITIONAL SECTION:
ns1.mhost111.net.       172788  IN      A       209.59.172.6
ns2.mhost111.net.       172788  IN      A       209.59.172.7

;; Query time: 221 msec
;; SERVER: 210.161.57.124#53(210.161.57.124)
;; WHEN: Thu Aug 20 10:24:24 2009
;; MSG SIZE  rcvd: 147

追記 9.1.3 でも同様に上書きはされない。(Kaminsky以降に手が加えられたわけではなさそう)

-- tss 2009-08-20 01:27:55