DNS/FCP/考察/Knot-resolverについて、ここに記述してください。 NXDOMAIN返答で毒は入れられなかった。(tss test) brau.jp テストでは glueを上書きする。 {{{ $ dig -t txt xxx3.sub.mufj.jp @127.0.0.4 ; <<>> DiG 9.12.3 <<>> -t txt xxx3.sub.mufj.jp @127.0.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27808 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: eae16d61bcc7bdfc82856e165c1036453ac0120845be9d32 (good) ;; QUESTION SECTION: ;xxx3.sub.mufj.jp. IN TXT ;; AUTHORITY SECTION: sub.mufj.jp. 120 IN SOA ns.sub.mufj.jp. admin.e-ontap.com. 1544157204 1200 900 3600000 120 sub.mufj.jp. 120 IN NS ns.e-ontap.com. ;; Query time: 27 msec ;; SERVER: 127.0.0.4#53(127.0.0.4) ;; WHEN: 水 12月 12 07:12:21 JST 2018 ;; MSG SIZE rcvd: 157 }}} {{{ [ 0][plan] plan 'xxx3.sub.mufj.jp.' type 'TXT' [13313][iter] 'xxx3.sub.mufj.jp.' type 'TXT' id was assigned, parent id 0 [13313][cach] => no NSEC* cached for zone: sub.mufj.jp. [13313][resl] => going insecure because there's no covering TA [13313][zcut] found cut: sub.mufj.jp. (rank 002 return codes: DS -2, DNSKEY -2) [51934][iter] 'xxx3.sub.mufj.jp.' type 'TXT' id was assigned, parent id 0 [51934][resl] => querying: '219.94.248.25' score: 17 zone cut: 'sub.mufj.jp.' qname: 'XxX3.SUB.mUFJ.JP.' qtype: 'TXT' proto: 'udp' [51934][iter] <= rcode: NXDOMAIN [51934][cach] => not overwriting NS sub.mufj.jp. [51934][cach] => not overwriting SOA sub.mufj.jp. [51934][cach] => stashed packet: rank 020, TTL 120, TXT xxx3.sub.mufj.jp. (118 B) [51934][resl] <= server: '219.94.248.25' rtt: 27 ms [ 0][resl] AD: request NOT classified as SECURE [51934][resl] finished: 0, queries: 1, mempool: 49200 B }}}