DNS/毒盛/Additionalについて、ここに記述してください。
Contents
UnboundがAdditionalをどう扱っているかを調べる。
今後はharden-referral-path no (default) を調査する。-- ToshinoriMaeno 2018-12-04 03:09:18
$ unbound-control flush_zone jp ok removed 202 rrsets, 19 messages and 0 key entries $ dig -t a xxxxx.00a.jp $ dig -t a zzz.003.jp
1. unbound log
[1543884179] unbound[1587:0] info: control cmd: flush_zone jp [1543884193] unbound[1587:0] info: resolving xxxxx.00a.jp. A IN [1543884194] unbound[1587:0] info: response for xxxxx.00a.jp. A IN [1543884194] unbound[1587:0] info: reply from <.> 198.97.190.53#53 [1543884194] unbound[1587:0] info: query response was REFERRAL [1543884194] unbound[1587:0] info: response for xxxxx.00a.jp. A IN [1543884194] unbound[1587:0] info: reply from <jp.> 210.138.175.244#53 [1543884194] unbound[1587:0] info: query response was REFERRAL [1543884194] unbound[1587:0] info: response for xxxxx.00a.jp. A IN [1543884194] unbound[1587:0] info: reply from <00a.jp.> 219.94.200.246#53 [1543884194] unbound[1587:0] info: query response was ANSWER [1543884232] unbound[1587:0] info: resolving zzz.003.jp. A IN [1543884232] unbound[1587:0] info: response for zzz.003.jp. A IN [1543884232] unbound[1587:0] info: reply from <jp.> 150.100.6.8#53 [1543884232] unbound[1587:0] info: query response was REFERRAL [1543884232] unbound[1587:0] info: response for zzz.003.jp. A IN [1543884232] unbound[1587:0] info: reply from <003.jp.> 219.94.203.247#53 [1543884232] unbound[1587:0] info: query response was ANSWER
はっきりしているのは、JPサーバーから返るAdditional (真のglueではない)を 使って問合せているということだ。
$ unbound-control get_option harden-glue no $unbound-control get_option harden-referral-path no
-- ToshinoriMaeno 2018-12-04 00:54:27
2. harden glue yes
[1543884680] unbound[1587:0] info: control cmd: get_option harden-glue [1543884714] unbound[1587:0] info: control cmd: set_option harden-glue yes [1543884719] unbound[1587:0] info: control cmd: flush_zone jp
[1543884734] unbound[1587:0] info: resolving xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: reply from <.> 198.97.190.53#53
[1543884734] unbound[1587:0] info: query response was REFERRAL
[1543884734] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: reply from <jp.> 203.119.40.1#53
[1543884734] unbound[1587:0] info: query response was REFERRAL
[1543884734] unbound[1587:0] info: response for xxxxx.00a.jp. A IN
[1543884734] unbound[1587:0] info: reply from <00a.jp.> 183.90.224.226#53
[1543884734] unbound[1587:0] info: query response was ANSWER
[1543884754] unbound[1587:0] info: resolving zzz.003.jp. A IN
[1543884754] unbound[1587:0] info: response for zzz.003.jp. A IN
[1543884754] unbound[1587:0] info: reply from <jp.> 65.22.40.25#53
[1543884754] unbound[1587:0] info: query response was REFERRAL
[1543884754] unbound[1587:0] info: response for zzz.003.jp. A IN
[1543884754] unbound[1587:0] info: reply from <003.jp.> 219.94.200.164#53
[1543884754] unbound[1587:0] info: query response was ANSWER
== harden-referral-path yes ==
{{{
$ unbound-control set_option harden-referral-path yes
ok
tmaeno@u16:~$ unbound-control get_option harden-referral-path
yes