MoinQ:

DNSSECキャッシュがどういう手順でDNS RRのintegrityを検証しているのかを調べる。DNS/DNSSEC/query

root の trust anchor は正しく設定されているものと信じる。


JPサーバのNSレコードを入手する。

$ dig +dnssec jp ns @a.root-servers.net

; <<>> DiG 9.7.1-P2 <<>> +dnssec jp ns @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8225
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 10, ADDITIONAL: 14
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;jp.                            IN      NS

;; AUTHORITY SECTION:
jp.                     172800  IN      NS      a.dns.jp.
jp.                     172800  IN      NS      b.dns.jp.
jp.                     172800  IN      NS      c.dns.jp.
jp.                     172800  IN      NS      d.dns.jp.
jp.                     172800  IN      NS      e.dns.jp.
jp.                     172800  IN      NS      f.dns.jp.
jp.                     172800  IN      NS      g.dns.jp.
jp.                     86400   IN      DS      1369 8 1 59E20603E1BBA03E0A42FF5648A517FD238AE6D9
jp.                     86400   IN      DS      1369 8 2 1F3F4A66E954C27FB16DF88CA5EA0E88CA9384690BBCE3A6B7F54E9E 6BCA169B
jp.                     86400   IN      RRSIG   DS 8 1 86400 20110306000000 20110226230000 21639 . GAxRRVx+lRNwER11fGIaVhiYbRjDPF/ERL4lJ4bwrmXTnUCxPSd4Tl5a VOuu7IvCiuu7eBzz8Go1JUWEuOBuMphaa3/A0hf9ODOdEAS8ho/ErXae MRNWwoLlzJz/nENlX/ouKTe5g/0+8e7HrKCUShcfNHiYr+P7XBN9Sc+e Npg=

;; ADDITIONAL SECTION:
a.dns.jp.               86400   IN      AAAA    2001:dc4::1
a.dns.jp.               86400   IN      A       203.119.1.1
b.dns.jp.               86400   IN      AAAA    2001:dc2::1
b.dns.jp.               86400   IN      A       202.12.30.131
c.dns.jp.               86400   IN      AAAA    2001:502:ad09::5
c.dns.jp.               86400   IN      A       156.154.100.5
d.dns.jp.               86400   IN      AAAA    2001:240::53
d.dns.jp.               86400   IN      A       210.138.175.244
e.dns.jp.               86400   IN      AAAA    2001:200:c000::35
e.dns.jp.               86400   IN      A       192.50.43.53
f.dns.jp.               86400   IN      AAAA    2001:2f8:0:100::153
f.dns.jp.               86400   IN      A       150.100.2.3
g.dns.jp.               86400   IN      A       203.119.40.1

;; Query time: 99 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 28 13:55:45 2011
;; MSG SIZE  rcvd: 670