1. DNS/messages

DNS問合せ(queries)と返答(responses)に使用されるメッセージの形式など

DNS/RFC/1035/4

../queries../response とに共通する形式である。

返答にいろいろ返してくるサーバーもあれば、/minimal_responsesするサーバもある。

https://isc.sans.edu/diary/When+attackers+use+your+DNS+to+check+for+the+sites+you+are+visiting/16955

2. RFC 1034 four sections

The four sections are:

Question        Carries the query name and other query parameters.

Answer          Carries RRs which directly answer the query.

Authority       Carries RRs which describe other authoritative servers.
                May optionally carry the SOA RR for the authoritative
                data in the answer section.

Additional      Carries RRs which may be helpful in using the RRs in the
                other sections.

4.3.1. Queries and responses

4.3.2. Algorithm

  1. Start matching down, label by label, in the zone. The
    • matching process can terminate several ways:

referral を返す場合:

         b. If a match would take us out of the authoritative data,
            we have a referral.  This happens when we encounter a node
            with NS RRs marking cuts along the bottom of a zone.

            Copy the NS RRs for the subzone into the authority
            section of the reply.  Put whatever addresses are
            available into the additional section, using glue RRs
            if the addresses are not available from authoritative
            data or the cache.  Go to step 4.

CNAMEでない返答(match):

            Otherwise, copy all RRs which match QTYPE into the
            answer section and go to step 6.

   6. Using local data only, attempt to add other RRs which may be
      useful to the additional section of the query.  Exit.

ここの記述が気になる。(Authority SectionにNSを入れる起源か)

4. Start matching down in the cache.  If QNAME is found in the
      cache, copy all RRs attached to it that match QTYPE into the
      answer section.  If there was no delegation from
      authoritative data, look for the best one from the cache, and
      put it in the authority section.  Go to step 6.

Authoritative Serverからの返事に空でないAnswer Sectionが含まれているときに、

RFC1034ではDNSゾーンサーバの移転時の問題を 分かっていたとは思えないので、

それをRFC2181で正当化したということか。

https://lists.nic.cz/pipermail/knot-dns-users/2015-September/000710.html

Moin2Qmail: DNS/1/messages (last edited 2020-08-31 06:39:27 by ToshinoriMaeno)