MoinQ:

1. TLD/net

rootゾーンには [a-m].gtld-servers.net が登録されている。


2. glue には「権威」はない

glueはglueにすぎず、Aレコードとして扱ってはならない。(RFC xxx)

*.gtld-servers.netの権威あるAレコードは入手可能か。/gtld-servers.net

つまり、gtld-servers.netゾーンに正しくアクセスできるか、という問題である。

3. TLD/net

net zone の構造が見える. /net

そのgtld-servers.netゾーンがTLD/com/nstld.com内の名前をもつサーバを使っているという問題が発生した。(2016-01)

-- ToshinoriMaeno 2016-01-18 05:28:24

3.1. rootサーバーからの返答

delegation 返答である。

%dnsq ns net a.root-servers.net

2 net:
506 bytes, 1+0+13+15 records, response, noerror
query: 2 net
authority: net 172800 NS m.gtld-servers.net
authority: net 172800 NS l.gtld-servers.net
authority: net 172800 NS k.gtld-servers.net
authority: net 172800 NS j.gtld-servers.net
authority: net 172800 NS i.gtld-servers.net
authority: net 172800 NS h.gtld-servers.net
authority: net 172800 NS g.gtld-servers.net
authority: net 172800 NS f.gtld-servers.net
authority: net 172800 NS e.gtld-servers.net
authority: net 172800 NS d.gtld-servers.net
authority: net 172800 NS c.gtld-servers.net
authority: net 172800 NS b.gtld-servers.net
authority: net 172800 NS a.gtld-servers.net
additional: m.gtld-servers.net 172800 A 192.55.83.30
additional: l.gtld-servers.net 172800 A 192.41.162.30
additional: k.gtld-servers.net 172800 A 192.52.178.30
additional: j.gtld-servers.net 172800 A 192.48.79.30
additional: i.gtld-servers.net 172800 A 192.43.172.30
additional: h.gtld-servers.net 172800 A 192.54.112.30
additional: g.gtld-servers.net 172800 A 192.42.93.30
additional: f.gtld-servers.net 172800 A 192.35.51.30
additional: e.gtld-servers.net 172800 A 192.12.94.30
additional: d.gtld-servers.net 172800 A 192.31.80.30
additional: c.gtld-servers.net 172800 A 192.26.92.30
additional: b.gtld-servers.net 172800 A 192.33.14.30
additional: b.gtld-servers.net 172800 28 ----
additional: a.gtld-servers.net 172800 A 192.5.6.30
additional: a.gtld-servers.net 172800 28 ----

ここのadditionalはglueとして、「権威のないレコード」として受け入れられる。

/gtld-servers.net /gtld-servers.net/new

4. 寄り道

権威のある返答のはずだが、おかしなものが混じっているのに気づくか。

%dnsq ns net 192.55.83.30

2 net:
506 bytes, 1+13+0+15 records, response, authoritative, noerror
query: 2 net
answer: net 172800 NS i.gtld-servers.net
answer: net 172800 NS b.gtld-servers.net
answer: net 172800 NS a.gtld-servers.net
answer: net 172800 NS k.gtld-servers.net
answer: net 172800 NS l.gtld-servers.net
answer: net 172800 NS j.gtld-servers.net
answer: net 172800 NS f.gtld-servers.net
answer: net 172800 NS h.gtld-servers.net
answer: net 172800 NS e.gtld-servers.net
answer: net 172800 NS g.gtld-servers.net
answer: net 172800 NS m.gtld-servers.net
answer: net 172800 NS c.gtld-servers.net
answer: net 172800 NS d.gtld-servers.net
additional: i.gtld-servers.net 172800 A 192.43.172.30
additional: b.gtld-servers.net 172800 A 192.33.14.30
additional: b.gtld-servers.net 172800 28 \040\001\005\003#\035\000\000\000\000\000\000\000\002\0000
additional: a.gtld-servers.net 172800 A 192.5.6.30
additional: a.gtld-servers.net 172800 28 \040\001\005\003\250>\000\000\000\000\000\000\000\002\0000
additional: k.gtld-servers.net 172800 A 192.52.178.30
additional: l.gtld-servers.net 172800 A 192.41.162.30
additional: j.gtld-servers.net 172800 A 192.48.79.30
additional: f.gtld-servers.net 172800 A 192.35.51.30
additional: h.gtld-servers.net 172800 A 192.54.112.30
additional: e.gtld-servers.net 172800 A 192.12.94.30
additional: g.gtld-servers.net 172800 A 192.42.93.30
additional: m.gtld-servers.net 172800 A 192.55.83.30
additional: c.gtld-servers.net 172800 A 192.26.92.30
additional: d.gtld-servers.net 172800 A 192.31.80.30

ここのadditionalは捨てるのがより安全な動作なのだが、実装依存。


5. 余談

この返答はなにを信じるか。

%dnsq a a.root-servers.net a.gtld-servers.net

1 a.root-servers.net:
510 bytes, 1+0+13+13 records, response, noerror
query: 1 a.root-servers.net
authority: root-servers.net 172800 NS a.root-servers.net
authority: root-servers.net 172800 NS h.root-servers.net
authority: root-servers.net 172800 NS c.root-servers.net
authority: root-servers.net 172800 NS g.root-servers.net
authority: root-servers.net 172800 NS f.root-servers.net
authority: root-servers.net 172800 NS b.root-servers.net
authority: root-servers.net 172800 NS j.root-servers.net
authority: root-servers.net 172800 NS k.root-servers.net
authority: root-servers.net 172800 NS l.root-servers.net
authority: root-servers.net 172800 NS m.root-servers.net
authority: root-servers.net 172800 NS i.root-servers.net
authority: root-servers.net 172800 NS e.root-servers.net
authority: root-servers.net 172800 NS d.root-servers.net
additional: a.root-servers.net 172800 A 198.41.0.4
additional: a.root-servers.net 172800 28 ----
additional: h.root-servers.net 172800 A 128.63.2.53
additional: h.root-servers.net 172800 28 ----
additional: c.root-servers.net 172800 A 192.33.4.12
additional: c.root-servers.net 172800 28 ----
additional: g.root-servers.net 172800 A 192.112.36.4
additional: f.root-servers.net 172800 A 192.5.5.241
additional: f.root-servers.net 172800 28 ----
additional: b.root-servers.net 172800 A 192.228.79.201
additional: b.root-servers.net 172800 28 ----
additional: j.root-servers.net 172800 A 192.58.128.30
additional: k.root-servers.net 172800 A 193.0.14.129

%dnsq a a.root-servers.net a.root-servers.net

1 a.root-servers.net:
506 bytes, 1+1+13+14 records, response, authoritative, noerror
query: 1 a.root-servers.net
answer: a.root-servers.net 3600000 A 198.41.0.4
authority: root-servers.net 3600000 NS a.root-servers.net
authority: root-servers.net 3600000 NS b.root-servers.net
authority: root-servers.net 3600000 NS c.root-servers.net
authority: root-servers.net 3600000 NS d.root-servers.net
authority: root-servers.net 3600000 NS e.root-servers.net
authority: root-servers.net 3600000 NS f.root-servers.net
authority: root-servers.net 3600000 NS g.root-servers.net
authority: root-servers.net 3600000 NS h.root-servers.net
authority: root-servers.net 3600000 NS i.root-servers.net
authority: root-servers.net 3600000 NS j.root-servers.net
authority: root-servers.net 3600000 NS k.root-servers.net
authority: root-servers.net 3600000 NS l.root-servers.net
authority: root-servers.net 3600000 NS m.root-servers.net
additional: b.root-servers.net 3600000 A 192.228.79.201
additional: c.root-servers.net 3600000 A 192.33.4.12
additional: d.root-servers.net 3600000 A 199.7.91.13
additional: e.root-servers.net 3600000 A 192.203.230.10
additional: f.root-servers.net 3600000 A 192.5.5.241
additional: g.root-servers.net 3600000 A 192.112.36.4
additional: h.root-servers.net 3600000 A 128.63.2.53
additional: i.root-servers.net 3600000 A 192.36.148.17
additional: j.root-servers.net 3600000 A 192.58.128.30
additional: k.root-servers.net 3600000 A 193.0.14.129
additional: l.root-servers.net 3600000 A 199.7.83.42
additional: m.root-servers.net 3600000 A 202.12.27.33
additional: a.root-servers.net 3600000 28 ----
additional: d.root-servers.net 3600000 28 ----

MoinQ: TLD/net (last edited 2021-05-26 05:25:02 by ToshinoriMaeno)