MoinQ:

DNS/qname-minimisation/検索例/kresdについて、ここに記述してください。

この例ではKnot Resolverの動作の方がスマートに見える。

1. kresd

$ dig -t txt u.v.w.x.y.z.brau.jp @127.0.0.4

; <<>> DiG 9.12.3 <<>> -t txt u.v.w.x.y.z.brau.jp @127.0.0.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25288
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;u.v.w.x.y.z.brau.jp.           IN      TXT

;; AUTHORITY SECTION:
brau.jp.                2560    IN      SOA     a.ns.brau.jp. hostmaster.brau.jp. 1546586853 16384 2048 1048576 2560
brau.jp.                3600    IN      NS      a.ns.brau.jp.

;; Query time: 180 msec
;; SERVER: 127.0.0.4#53(127.0.0.4)
;; WHEN: 金  1月 04 16:38:35 JST 2019
;; MSG SIZE  rcvd: 119

@400000005c2f0d85149c449c 276e870c:c0c8:fd0c + S0002 z.braU.JP
@400000005c2f0d8515430804 276e870c:9afb:d6fb + S0010 u.v.W.x.Y.Z.bRAU.jp

2. log

[00000.00][plan] plan 'u.v.w.x.y.z.brau.jp.' type 'TXT' uid [25288.00]
[25288.00][iter]   'u.v.w.x.y.z.brau.jp.' type 'TXT' new uid was assigned .01, parent uid .00
[25288.01][cach]   => skipping unfit NS RR: rank 002, new TTL -461402
[25288.01][cach]   => no NSEC* cached for zone: jp.
[25288.01][cach]   => skipping zone: jp., NSEC, hash 0;new TTL -123456789, ret -2
[25288.01][cach]   => skipping zone: jp., NSEC, hash 0;new TTL -123456789, ret -2
[25288.01][resl]   => going insecure because there's no covering TA
[25288.01][zcut]   found cut: jp. (rank 002 return codes: DS -2, DNSKEY -2)
[25288.01][resl]   => id: '30990' querying: '65.22.40.25#00053' score: 10 zone cut: 'jp.' qname: 'BRAU.JP.' qtype: 'NS' proto: 'udp'
[25288.01][iter]   <= loaded 1 glue addresses
[25288.01][iter]   <= referral response, follow
[25288.01][cach]   => stashed brau.jp. NS, rank 002, 30 B total, incl. 0 RRSIGs
[25288.01][cach]   => stashed also 1 nonauth RRsets
[25288.01][resl]   <= server: '65.22.40.25' rtt: 157 ms

[25288.01][iter]   'u.v.w.x.y.z.brau.jp.' type 'TXT' new uid was assigned .02, parent uid .00
[25288.02][resl]   => id: '64780' querying: '14.192.44.29#00053' score: 10 zone cut: 'brau.jp.' qname: 'z.braU.JP.' qtype: 'NS' proto: 'udp'
[25288.02][iter]   <= loaded 1 glue addresses
[25288.02][iter]   <= rcode: NOERROR
[25288.02][iter]   <= retrying with non-minimized name

[25288.02][cach]   => not overwriting A a.ns.brau.jp.
[25288.02][cach]   => stashed packet: rank 020, TTL 2560, NS z.brau.jp. (121 B)
[25288.02][resl]   <= server: '14.192.44.29' rtt: 12 ms

[25288.02][iter]   'u.v.w.x.y.z.brau.jp.' type 'TXT' new uid was assigned .03, parent uid .00
[25288.03][resl]   => id: '55035' querying: '14.192.44.29#00053' score: 12 zone cut: 'brau.jp.' qname: 'u.v.W.x.Y.Z.bRAU.jp.' qtype: 'TXT' proto: 'udp'
[25288.03][iter]   <= loaded 1 glue addresses
[25288.03][iter]   <= rcode: NOERROR
[25288.03][cach]   => not overwriting NS brau.jp.
[25288.03][cach]   => stashed brau.jp. SOA, rank 020, 70 B total, incl. 0 RRSIGs
[25288.03][cach]   => not overwriting A a.ns.brau.jp.
[25288.03][cach]   => stashed packet: rank 020, TTL 2560, TXT u.v.w.x.y.z.brau.jp. (131 B)
[25288.03][resl]   <= server: '14.192.44.29' rtt: 11 ms
[25288.03][resl]   AD: request NOT classified as SECURE
[25288.03][resl]   finished: 0, queries: 1, mempool: 16400 B