DNSのつっつきかた2 - ham68616dのメモ

委譲状態のチェック
ここでは、正引き・逆引きそれぞれについて、.(root)ゾーンからdns.jpゾーンがどのように委譲されているかをチェックする。
正引き
root serverへの問い合わせ

$ dig @a.root-servers.net ns dns.jp

; <<>> DiG 9.6.0-APPLE-P2 <<>> @a.root-servers.net ns dns.jp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5089
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 13
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;dns.jp. IN NS
;; AUTHORITY SECTION:
jp. 172800 IN NS e.dns.jp.
jp. 172800 IN NS f.dns.jp.
jp. 172800 IN NS d.dns.jp.
jp. 172800 IN NS b.dns.jp.
jp. 172800 IN NS a.dns.jp.
jp. 172800 IN NS c.dns.jp.
jp. 172800 IN NS g.dns.jp.
;; ADDITIONAL SECTION:
a.dns.jp. 172800 IN A 203.119.1.1
a.dns.jp. 172800 IN AAAA 2001:dc4::1
b.dns.jp. 172800 IN A 202.12.30.131
b.dns.jp. 172800 IN AAAA 2001:dc2::1
c.dns.jp. 172800 IN A 156.154.100.5
c.dns.jp. 172800 IN AAAA 2001:502:ad09::5
d.dns.jp. 172800 IN A 210.138.175.244
d.dns.jp. 172800 IN AAAA 2001:240::53
e.dns.jp. 172800 IN A 192.50.43.53
e.dns.jp. 172800 IN AAAA 2001:200:c000::35
f.dns.jp. 172800 IN A 150.100.2.3
f.dns.jp. 172800 IN AAAA 2001:2f8:0:100::153
g.dns.jp. 172800 IN A 203.119.40.1
;; Query time: 540 msec
;; SERVER: 2001:503:ba3e::2:30#53(2001:503:ba3e::2:30)
;; WHEN: Thu May 19 22:39:54 2011
;; MSG SIZE rcvd: 416

jpゾーンのNSであるa.dns.jpに対し問い合わせ

$ dig @a.dns.jp ns dns.jp

; <<>> DiG 9.6.0-APPLE-P2 <<>> @a.dns.jp ns dns.jp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45696
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 13
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;dns.jp. IN NS
;; ANSWER SECTION:
dns.jp. 86400 IN NS c.dns.jp.
dns.jp. 86400 IN NS f.dns.jp.
dns.jp. 86400 IN NS a.dns.jp.
dns.jp. 86400 IN NS g.dns.jp.
dns.jp. 86400 IN NS e.dns.jp.
dns.jp. 86400 IN NS d.dns.jp.
dns.jp. 86400 IN NS b.dns.jp.
;; ADDITIONAL SECTION:
a.dns.jp. 86400 IN A 203.119.1.1
a.dns.jp. 86400 IN AAAA 2001:dc4::1
b.dns.jp. 86400 IN A 202.12.30.131
b.dns.jp. 86400 IN AAAA 2001:dc2::1
c.dns.jp. 86400 IN A 156.154.100.5
c.dns.jp. 86400 IN AAAA 2001:502:ad09::5
d.dns.jp. 86400 IN A 210.138.175.244
d.dns.jp. 86400 IN AAAA 2001:240::53
e.dns.jp. 86400 IN A 192.50.43.53
e.dns.jp. 86400 IN AAAA 2001:200:c000::35
f.dns.jp. 86400 IN A 150.100.2.3
f.dns.jp. 86400 IN AAAA 2001:2f8:0:100::153
g.dns.jp. 86400 IN A 203.119.40.1
;; Query time: 15 msec
;; SERVER: 2001:dc4::1#53(2001:dc4::1)
;; WHEN: Thu May 19 22:42:16 2011
;; MSG SIZE rcvd: 416

逆引き
www.dns.jpのアドレスである202.11.16.167がどのように委譲されているのかを調べる。

$ dig @a.root-servers.net ns 202.in-addr.arpa

; <<>> DiG 9.6.0-APPLE-P2 <<>> @a.root-servers.net ns 202.in-addr.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60594
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;202.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa.
;; ADDITIONAL SECTION:
a.in-addr-servers.arpa. 172800 IN A 199.212.0.73
a.in-addr-servers.arpa. 172800 IN AAAA 2001:500:13::73
b.in-addr-servers.arpa. 172800 IN A 199.253.183.183
b.in-addr-servers.arpa. 172800 IN AAAA 2001:500:87::87
c.in-addr-servers.arpa. 172800 IN A 196.216.169.10
c.in-addr-servers.arpa. 172800 IN AAAA 2001:43f8:110::10
d.in-addr-servers.arpa. 172800 IN A 200.10.60.53
d.in-addr-servers.arpa. 172800 IN AAAA 2001:13c7:7010::53
e.in-addr-servers.arpa. 172800 IN A 203.119.86.101
e.in-addr-servers.arpa. 172800 IN AAAA 2001:dd8:6::101
f.in-addr-servers.arpa. 172800 IN A 193.0.9.1
f.in-addr-servers.arpa. 172800 IN AAAA 2001:67c:e0::1
;; Query time: 563 msec
;; SERVER: 2001:503:ba3e::2:30#53(2001:503:ba3e::2:30)
;; WHEN: Thu May 19 22:50:46 2011
;; MSG SIZE rcvd: 410

$ dig @a.in-addr-servers.arpa. ns 202.in-addr.arpa

; <<>> DiG 9.6.0-APPLE-P2 <<>> @a.in-addr-servers.arpa. ns 202.in-addr.arpa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41719
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;202.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
202.in-addr.arpa. 86400 IN NS tinnie.arin.net.
202.in-addr.arpa. 86400 IN NS ns1.apnic.net.
202.in-addr.arpa. 86400 IN NS dns1.telstra.net.
202.in-addr.arpa. 86400 IN NS sec1.authdns.ripe.net.
202.in-addr.arpa. 86400 IN NS ns4.apnic.net.
202.in-addr.arpa. 86400 IN NS ns3.apnic.net.
202.in-addr.arpa. 86400 IN NS apnic1.dnsnode.net.
;; ADDITIONAL SECTION:
tinnie.arin.net. 43200 IN A 199.212.0.53
tinnie.arin.net. 43200 IN AAAA 2001:500:13::c7d4:35
;; Query time: 201 msec
;; SERVER: 199.212.0.73#53(199.212.0.73)
;; WHEN: Thu May 19 22:53:00 2011
;; MSG SIZE rcvd: 255

$ dig @ns1.apnic.net ns 11.202.in-addr.arpa

; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns1.apnic.net ns 11.202.in-addr.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52055
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;11.202.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
11.202.in-addr.arpa. 86400 IN NS d.dns.jp.
11.202.in-addr.arpa. 86400 IN NS e.dns.jp.
11.202.in-addr.arpa. 86400 IN NS f.dns.jp.
11.202.in-addr.arpa. 86400 IN NS g.dns.jp.
11.202.in-addr.arpa. 86400 IN NS a.dns.jp.
11.202.in-addr.arpa. 86400 IN NS b.dns.jp.
;; Query time: 420 msec
;; SERVER: 2001:dc0:2001:0:4608::25#53(2001:dc0:2001:0:4608::25)
;; WHEN: Thu May 19 22:54:01 2011
;; MSG SIZE rcvd: 139

$ dig @a.dns.jp ns 16.11.202.in-addr.arpa

; <<>> DiG 9.6.0-APPLE-P2 <<>> @a.dns.jp ns 16.11.202.in-addr.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26504
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;16.11.202.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
16.11.202.in-addr.arpa. 86400 IN NS ns01.jprs.co.jp.
16.11.202.in-addr.arpa. 86400 IN NS ns02.jprs.co.jp.
;; Query time: 17 msec
;; SERVER: 2001:dc4::1#53(2001:dc4::1)
;; WHEN: Thu May 19 22:56:23 2011
;; MSG SIZE rcvd: 88

$ dig @ns01.jprs.co.jp ns 167.16.11.202.in-addr.arpa

; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns01.jprs.co.jp ns 167.16.11.202.in-addr.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22610
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;167.16.11.202.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
16.11.202.in-addr.arpa. 86400 IN SOA ns01.jprs.co.jp. postmaster.jprs.co.jp. 2011042201 3600 900 604800 86400
;; Query time: 13 msec
;; SERVER: 2001:df0:8:6::10#53(2001:df0:8:6::10)
;; WHEN: Thu May 19 22:58:10 2011
;; MSG SIZE rcvd: 106

…と、ここまでやって本当にやりたかったCIDR委譲のチェックが167.16.11.202.in-addr.arpaでは出来ない事に気づく。
なのであとで当たり障りのなさそうなアドレスを探す事にする。