DNS/watch/www.qmail.jp-dnssecについて、ここに記述してください。

DNSSECを使っていないドメインへの委譲の返事

$ dig +dnssec a www.qmail.jp @a.dns.jp 

; <<>> DiG 9.7.3 <<>> +dnssec a www.qmail.jp @a.dns.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17866
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.qmail.jp.                  IN      A

;; AUTHORITY SECTION:
qmail.jp.               86400   IN      NS      uz5b3p79vgf8v8yttum0fr1cbpg4tr0gdywhvwzdmb6u3hj6b8lk30.a.ns.qmail.jp.
qmail.jp.               86400   IN      NS      a.ns.qmail.jp.
OO9GE367E3O0MAJ9IH4FI7UNLLJ6OG10.jp. 900 IN NSEC3 1 1 8 933F085BED OOQPP70DBB5R8N6P6B8VHOPSOP0RJ2MH NS SOA RRSIG DNSKEY NSEC3PARAM
OO9GE367E3O0MAJ9IH4FI7UNLLJ6OG10.jp. 900 IN RRSIG NSEC3 8 2 900 20110711174503 20110611174503 3189 jp. lpo27oD86kCuiR4SxXq+0odpileeRpSBN8/ZdkTIy7fS4ixQ/80PUFXJ LAX56HiDWfNtAYoRrZ50pHLhnSfw4fF+gcdBiBkvDX3jYju1eLKCGy9L zadVHyy08Qiuu+lLdy3lhWLck1wxDkzDH/hJ3AxXHcctBt6hnF0dsgOH 8zQ=
8EI1OM1ACPGRFT7OONGJ2J7JB671B0I3.jp. 900 IN NSEC3 1 1 8 933F085BED 8MJNUCS8PP2AT2BH5LGPIMTBG1KUQ4AQ NS DS RRSIG
8EI1OM1ACPGRFT7OONGJ2J7JB671B0I3.jp. 900 IN RRSIG NSEC3 8 2 900 20110711174503 20110611174503 3189 jp. WiyDSTHKUtWUgAuQdvThfOZKcLxxZlTgOqbP4yT8yQtfi3igfzHD9u5K y+1FZvj/BqSHtBTESugPmdt2Ds4CIDIlX4D0bTehpogOd9Fj0LB8E2dA shaYvKduJAeCmsmDmx7xI8XaVQdeSaWIoX3Fg55/rMSWUgauEm+C+mbB 6M8=

;; ADDITIONAL SECTION:
a.ns.qmail.jp.          86400   IN      A       202.41.218.243
a.ns.qmail.jp.          86400   IN      A       218.44.237.137
uz5b3p79vgf8v8yttum0fr1cbpg4tr0gdywhvwzdmb6u3hj6b8lk30.a.ns.qmail.jp. 86400 IN A 59.106.175.222

;; Query time: 51 msec
;; SERVER: 203.119.1.1#53(203.119.1.1)
;; WHEN: Mon Jun 13 20:47:46 2011
;; MSG SIZE  rcvd: 670

qmail.jp に対する委譲は偽造かもしれない。

qmail.jp についてはDSが存在しないことが保証されるのか。(2つめのNSEC3) -- ToshinoriMaeno 2011-06-20 16:03:27