DNS/FCP/考察/Knot-resolverについて、ここに記述してください。

NXDOMAIN返答で毒は入れられなかった。(tss test)

• brau.jp テストでは glueを上書きする。

$ dig -t txt xxx3.sub.mufj.jp @127.0.0.4

; <<>> DiG 9.12.3 <<>> -t txt xxx3.sub.mufj.jp @127.0.0.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: eae16d61bcc7bdfc82856e165c1036453ac0120845be9d32 (good)
;; QUESTION SECTION:
;xxx3.sub.mufj.jp.              IN      TXT

;; AUTHORITY SECTION:
sub.mufj.jp.            120     IN      SOA     ns.sub.mufj.jp. admin.e-ontap.com. 1544157204 1200 900 3600000 120
sub.mufj.jp.            120     IN      NS      ns.e-ontap.com.

;; Query time: 27 msec
;; SERVER: 127.0.0.4#53(127.0.0.4)
;; WHEN: 水 12月 12 07:12:21 JST 2018
;; MSG SIZE  rcvd: 157

[    0][plan] plan 'xxx3.sub.mufj.jp.' type 'TXT'
[13313][iter]   'xxx3.sub.mufj.jp.' type 'TXT' id was assigned, parent id 0
[13313][cach]   => no NSEC* cached for zone: sub.mufj.jp.
[13313][resl]   => going insecure because there's no covering TA
[13313][zcut]   found cut: sub.mufj.jp. (rank 002 return codes: DS -2, DNSKEY -2)
[51934][iter]   'xxx3.sub.mufj.jp.' type 'TXT' id was assigned, parent id 0
[51934][resl]   => querying: '219.94.248.25' score: 17 zone cut: 'sub.mufj.jp.' qname: 'XxX3.SUB.mUFJ.JP.' qtype: 'TXT' proto: 'udp'
[51934][iter]   <= rcode: NXDOMAIN
[51934][cach]   => not overwriting NS sub.mufj.jp.
[51934][cach]   => not overwriting SOA sub.mufj.jp.
[51934][cach]   => stashed packet: rank 020, TTL 120, TXT xxx3.sub.mufj.jp. (118 B)
[51934][resl]   <= server: '219.94.248.25' rtt: 27 ms
[    0][resl]   AD: request NOT classified as SECURE
[51934][resl]   finished: 0, queries: 1, mempool: 49200 B