DNS/実装/unbound/1.8.3について、ここに記述してください。
qname minimisation で気になること。なぜAをqueryなのか。 /log
- AとNSは共存できる。(delegationでなければだが。親子同居を意味するのか)
どういう扱いをしているのだろう。-- ToshinoriMaeno 2019-01-04 01:16:00
NSをqueryでもdelegationなら同様の返事だ。同居だと、NS answerが返るのか。
NS返答がキャッシュに入ると移転の妨げになるだろうか。そうは考えられない。-- ToshinoriMaeno 2019-01-04 03:27:39
$ unbound-control flush_zone brau.jp ok removed 6 rrsets, 5 messages and 0 key entries tmaeno@u16:~$ dig -t a x.s1.brau.jp ; <<>> DiG 9.12.3 <<>> -t a x.s1.brau.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19922 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;x.s1.brau.jp. IN A ;; ANSWER SECTION: x.s1.brau.jp. 600 IN A 127.0.1.1 ;; Query time: 26 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 木 1月 03 16:30:40 JST 2019 ;; MSG SIZE rcvd: 57
x.s1.brau.jp A の前に、s1.brau.jp A を問合せている。
minimisationならNSを問い合わせるのがいいだろうに。-- ToshinoriMaeno 2019-01-03 07:42:50
そして、ns.brau.jp ゾーンを確認にいくことになる。
2019-01-03 16:30:40.083800500 276e870c:14f9:6360 + S0001 s1.brau.jp 2019-01-03 16:30:40.089095500 276e870c:5025:40a3 + S0001 ns.brau.jp 2019-01-03 16:30:40.089097500 276e870c:812b:2b4b + S0002 brau.jp 2019-01-03 16:30:40.093347500 276e870c:419b:4299 + S0001 x.s1.brau.jp 2019-01-03 16:30:40.099074500 276e870c:3bff:67c7 + S0001 a.ns.brau.jp
$ dig -t a s1.brau.jp @14.192.44.29 ; <<>> DiG 9.12.3 <<>> -t a s1.brau.jp @14.192.44.29 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21151 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;s1.brau.jp. IN A ;; ANSWER SECTION: s1.brau.jp. 3600 IN A 127.0.0.5 ;; AUTHORITY SECTION: s1.brau.jp. 300 IN NS a.ns.brau.jp. ;; ADDITIONAL SECTION: a.ns.brau.jp. 3600 IN A 14.192.44.29 ;; Query time: 11 msec ;; SERVER: 14.192.44.29#53(14.192.44.29) ;; WHEN: 木 1月 03 16:37:16 JST 2019 ;; MSG SIZE rcvd: 79
こんな返事が返るから、NSの存在も判明するのだが。
1. log
[1546501253] unbound[1553:0] info: control cmd: flush_zone brau.jp [1546501267] unbound[1553:0] info: resolving x.s1.brau.jp. A IN [1546501267] unbound[1553:0] info: response for x.s1.brau.jp. A IN [1546501267] unbound[1553:0] info: reply from <jp.> 203.119.40.1#53 [1546501267] unbound[1553:0] info: query response was REFERRAL [1546501267] unbound[1553:0] info: resolving brau.jp. NS IN [1546501267] unbound[1553:0] info: response for brau.jp. NS IN [1546501267] unbound[1553:0] info: reply from <jp.> 156.154.100.5#53 [1546501267] unbound[1553:0] info: query response was REFERRAL [1546501267] unbound[1553:0] info: resolving a.ns.brau.jp. A IN [1546501267] unbound[1553:0] info: response for x.s1.brau.jp. A IN [1546501267] unbound[1553:0] info: reply from <brau.jp.> 14.192.44.29#53 [1546501267] unbound[1553:0] info: query response was ANSWER [1546501267] unbound[1553:0] info: response for a.ns.brau.jp. A IN [1546501267] unbound[1553:0] info: reply from <brau.jp.> 14.192.44.29#53 [1546501267] unbound[1553:0] info: query response was ANSWER [1546501267] unbound[1553:0] info: response for brau.jp. NS IN [1546501267] unbound[1553:0] info: reply from <brau.jp.> 14.192.44.29#53 [1546501267] unbound[1553:0] info: query response was ANSWER [1546501267] unbound[1553:0] info: response for x.s1.brau.jp. A IN [1546501267] unbound[1553:0] info: reply from <brau.jp.> 14.192.44.29#53 [1546501267] unbound[1553:0] info: query response was ANSWER [1546501267] unbound[1553:0] info: response for a.ns.brau.jp. A IN [1546501267] unbound[1553:0] info: reply from <brau.jp.> 14.192.44.29#53 [1546501267] unbound[1553:0] info: query response was ANSWER