1. DNS/1/EDNS/KnotResolver
について、ここに記述してください。
EDNS flag dayを告知するページに誤り(嘘?)が目立つので、なにが問題なのか、調べてみる。
- まずはEDNS queryに返事をしないサーバーを作る。(qmail.jp)
Contents
2. knot
Knot Resolver by CZ.NIC has been standard-compliant from the beginning and its default configuration does not try to work around incompatibilities caused by not complying with these standards. However, it is very important to check your servers to ensure compatibility with software by other standard-complying developers.
defaultコンフィグではもともと標準動作をしている。(ワークアラウンド動作しない)
3. 調査
4. qmail.jp query
UDP ではEDNSに返事をしない設定で運用中
[ 0][plan] plan 'qmail.jp.' type 'NS' [54318][iter] 'qmail.jp.' type 'NS' id was assigned, parent id 0 [54318][cach] => trying zone: . [54318][cach] => NSEC sname: range search found inconsistent entry [54318][zcut] found cut: . (return codes: DS -2, DNSKEY -2) [54318][resl] => querying: '199.7.83.42' score: 10 zone cut: '.' qname: 'jP.' qtype: 'NS' proto: 'udp' [54318][iter] <= loaded 8 glue addresses [54318][iter] <= referral response, follow [54318][cach] => stashed rank: 002, NS jp. (111 B total, incl. 0 RRSIGs) [54318][cach] => stashed also 15 nonauth RRsets [54318][resl] <= server: '199.7.83.42' rtt: 113 ms [ 626][iter] 'qmail.jp.' type 'NS' id was assigned, parent id 0 [ 626][resl] => querying: '65.22.40.25' score: 10 zone cut: 'jp.' qname: 'QmAiL.JP.' qtype: 'NS' proto: 'udp' [ 626][iter] <= loaded 1 glue addresses [ 626][iter] <= referral response, follow [ 626][cach] => stashed rank: 002, NS qmail.jp. (32 B total, incl. 0 RRSIGs) [ 626][cach] => stashed also 1 nonauth RRsets [ 626][resl] <= server: '65.22.40.25' rtt: 165 ms [32178][iter] 'qmail.jp.' type 'NS' id was assigned, parent id 0 [32178][resl] => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp' [32178][resl] => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp' [32178][resl] => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp' [32178][resl] => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qMAil.jP.' qtype: 'NS' proto: 'udp' [32178][wrkr] => server: '14.192.44.5' flagged as 'bad' [ 8443][iter] 'qmail.jp.' type 'NS' id was assigned, parent id 0 [ 8443][wrkr] => connecting to: '14.192.44.5' [ 8443][wrkr] => connected to '14.192.44.5' [ 8443][resl] => querying: '14.192.44.5' score: 10 zone cut: 'qmail.jp.' qname: 'qmaIL.Jp.' qtype: 'NS' proto: 'tcp' [ 8443][iter] <= rcode: NOERROR [ 8443][cach] => stashed rank: 020, NS qmail.jp. (32 B total, incl. 0 RRSIGs) [ 8443][resl] <= server: '14.192.44.5' rtt: 24 ms [ 0][resl] AD: secure (start) [ 0][resl] AD: secure (between ANS and AUTH) [ 8443][resl] finished: 0, queries: 1, mempool: 98352 B