1. DNS/flag_day/2020/dns-oarc

/ISPリゾルバー   /oarc_response  

Contents

  1. DNS/flag_day/2020/dns-oarc
    1. 公開リゾルバー
    2. 1.1.1.1
    3. 8.8.8.8
    4. 9.9.9.9

resolver が権威サーバーから受け取る返答のサイズを調べる。 /oarc_response

reply size test https://www.dns-oarc.net/oarc/services/replysizetest 

$ dig +bufsize=1024 rs.dns-oarc.net TXT @1.1.1.1

あとは、権威サーバー側でtcpdumpを使って確認しよう。 /ISPリゾルバー

1.1. 公開リゾルバー

@1.1.1.1       1452
@149.112.112.112  4096
@185.228.169.168  1204
@185.228.169.9  1204
@64.6.64.6    1280
@64.6.65.6
@74.82.42.42  1232
@8.8.4.4    ----
@8.8.8.8    ----
@81.3.27.54 1232
@9.9.9.9    1232 4096

1.2. 1.1.1.1

$ dig +bufsize=1024 rs.dns-oarc.net TXT @1.1.1.1

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +bufsize=1024 rs.dns-oarc.net TXT @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55843
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;rs.dns-oarc.net.               IN      TXT

;; ANSWER SECTION:
rs.dns-oarc.net.        60      IN      CNAME   rst.x1433.rs.dns-oarc.net.
rst.x1433.rs.dns-oarc.net. 59   IN      CNAME   rst.x1408.x1433.rs.dns-oarc.net.
rst.x1408.x1433.rs.dns-oarc.net. 58 IN  CNAME   rst.x1414.x1408.x1433.rs.dns-oarc.net.
rst.x1414.x1408.x1433.rs.dns-oarc.net. 57 IN TXT "162.158.117.233 DNS reply size limit is at least 1433"
rst.x1414.x1408.x1433.rs.dns-oarc.net. 57 IN TXT "162.158.117.233 sent EDNS buffer size 1452"

;; Query time: 1491 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Oct 02 09:31:34 JST 2020
;; MSG SIZE  rcvd: 237

1.3. 8.8.8.8

$ dig +bufsize=1024 rs.dns-oarc.net TXT @8.8.8.8

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +bufsize=1024 rs.dns-oarc.net TXT @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49042
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rs.dns-oarc.net.               IN      TXT

;; ANSWER SECTION:
rs.dns-oarc.net.        59      IN      CNAME   rst.x4090.rs.dns-oarc.net.
rst.x4090.rs.dns-oarc.net. 58   IN      CNAME   rst.x4060.x4090.rs.dns-oarc.net.
rst.x4060.x4090.rs.dns-oarc.net. 57 IN  CNAME   rst.x4066.x4060.x4090.rs.dns-oarc.net.
rst.x4066.x4060.x4090.rs.dns-oarc.net. 56 IN TXT "2404:6800:400b:c002::103 DNS reply size limit is at least 4090"
rst.x4066.x4060.x4090.rs.dns-oarc.net. 56 IN TXT "2404:6800:400b:c002::103 sent EDNS buffer size 4096"

;; Query time: 1034 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 02 09:35:35 JST 2020
;; MSG SIZE  rcvd: 255

1.4. 9.9.9.9

 dig +bufsize=1024 rs.dns-oarc.net TXT @9.9.9.9

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +bufsize=1024 rs.dns-oarc.net TXT @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12923
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rs.dns-oarc.net.               IN      TXT

;; ANSWER SECTION:
rs.dns-oarc.net.        60      IN      CNAME   rst.x1188.rs.dns-oarc.net.
rst.x1188.rs.dns-oarc.net. 59   IN      CNAME   rst.x1198.x1188.rs.dns-oarc.net.
rst.x1198.x1188.rs.dns-oarc.net. 58 IN  CNAME   rst.x1204.x1198.x1188.rs.dns-oarc.net.
rst.x1204.x1198.x1188.rs.dns-oarc.net. 57 IN TXT "74.63.21.242 sent EDNS buffer size 1232"
rst.x1204.x1198.x1188.rs.dns-oarc.net. 57 IN TXT "74.63.21.242 DNS reply size limit is at least 1204"

;; Query time: 1573 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Fri Oct 02 09:37:01 JST 2020
;; MSG SIZE  rcvd: 231

$ dig +bufsize=4096 rs.dns-oarc.net TXT @9.9.9.9

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +bufsize=4096 rs.dns-oarc.net TXT @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13537
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rs.dns-oarc.net.               IN      TXT

;; ANSWER SECTION:
rs.dns-oarc.net.        60      IN      CNAME   rst.x4050.rs.dns-oarc.net.
rst.x4050.rs.dns-oarc.net. 57   IN      CNAME   rst.x4060.x4050.rs.dns-oarc.net.
rst.x4060.x4050.rs.dns-oarc.net. 57 IN  CNAME   rst.x4064.x4060.x4050.rs.dns-oarc.net.
rst.x4064.x4060.x4050.rs.dns-oarc.net. 57 IN TXT "74.63.21.242 sent EDNS buffer size 4096"
rst.x4064.x4060.x4050.rs.dns-oarc.net. 57 IN TXT "74.63.21.242 DNS reply size limit is at least 4064"

;; Query time: 3210 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Fri Oct 02 10:16:36 JST 2020
;; MSG SIZE  rcvd: 231

MoinQ: DNS/flag_day/2020/dns-oarc (last edited 2020-10-03 23:57:04 by ToshinoriMaeno)