MoinQ:

DNS/FCP/kresdについて、ここに記述してください。

Knot Resolver strict mode での動作

$dig x.s2.brau.jp @127.0.0.4

; <<>> DiG 9.12.3 <<>> x.s2.brau.jp @127.0.0.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48535
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;x.s2.brau.jp.                  IN      A

;; Query time: 21 msec
;; SERVER: 127.0.0.4#53(127.0.0.4)
;; WHEN: 水 12月 19 09:31:14 JST 2018
;; MSG SIZE  rcvd: 41

jp, brau.jp NSを得たあとの動作

[00000.00][plan] plan 'x.s2.brau.jp.' type 'A' uid [54372.00]
[54372.00][iter]   'x.s2.brau.jp.' type 'A' new uid was assigned .01, parent uid .00
[54372.01][cach]   => skipping exact RR: rank 020 (min. 020), new TTL -79500
[54372.01][cach]   => no NSEC* cached for zone: s2.brau.jp.
[54372.01][cach]   => skipping zone: s2.brau.jp., NSEC, hash 0;new TTL -123456789, ret -2
[54372.01][cach]   => skipping zone: s2.brau.jp., NSEC, hash 0;new TTL -123456789, ret -2
[54372.01][resl]   => going insecure because there's no covering TA
[54372.01][zcut]   found cut: s2.brau.jp. (rank 002 return codes: DS -2, DNSKEY -2)

[54372.01][plan]   plan 'a.ns.brau.jp.' type 'A' uid [54372.02]
[54372.02][iter]     'a.ns.brau.jp.' type 'A' new uid was assigned .03, parent uid .01
[54372.03][cach]     => satisfied by exact RRset: rank 001, new TTL 86372
[54372.03][iter]     <= rcode: NOERROR
[54372.01][iter]   'x.s2.brau.jp.' type 'A' new uid was assigned .04, parent uid .00
[54372.04][resl]   => id: '61614' querying: '14.192.44.29#00053' score: 11 zone cut: 's2.brau.jp.' qname: 'X.s2.bRAU.JP.' qtype: 'A' proto: 'udp'
[54372.04][iter]   <= rcode: NOERROR
[54372.04][iter]   <= lame response: non-auth sent negative response
[54372.04][iter]   'x.s2.brau.jp.' type 'A' new uid was assigned .05, parent uid .00
[54372.05][resl]   => unresolvable NS address, bailing out
[54372.05][resl]   => no NS with an address
[54372.05][iter]   'x.s2.brau.jp.' type 'A' new uid was assigned .06, parent uid .00
[54372.06][resl]   => no NS with an address
[54372.06][resl]   AD: request NOT classified as SECURE
[54372.06][resl]   finished: 0, queries: 2, mempool: 32800 B
tmaeno@u16:~/kresd-run$