MoinQ:

1. watchNS/akadns.net

akamaiのDNSがいかにおそろしい設定をしているか、見てみよう。

1.1. sample domain name

www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net

1.2. akadns.net

$ dnsq ns akadns.net a.gtld-servers.net
2 akadns.net:
333 bytes, 1+0+10+5 records, response, noerror
query: 2 akadns.net
authority: akadns.net 172800 NS a3-129.akadns.net
authority: akadns.net 172800 NS a7-131.akadns.net
authority: akadns.net 172800 NS a11-129.akadns.net
authority: akadns.net 172800 NS a1-128.akadns.net
authority: akadns.net 172800 NS a9-128.akadns.net
authority: akadns.net 172800 NS a5-130.akadns.org
authority: akadns.net 172800 NS a13-130.akadns.org
authority: akadns.net 172800 NS a28-129.akadns.org
authority: akadns.net 172800 NS a12-131.akadns.org
authority: akadns.net 172800 NS a18-128.akadns.org
additional: a3-129.akadns.net 172800 A 96.7.49.129
additional: a7-131.akadns.net 172800 A 23.61.199.131
additional: a11-129.akadns.net 172800 A 84.53.139.129
additional: a1-128.akadns.net 172800 A 193.108.88.128
additional: a9-128.akadns.net 172800 A 184.85.248.128

なぜか、net/orgのNSしかない。

1.3. 一段ずつ進めて、zone cutを探索

$ dnsq ns globalredir.akadns.net a1-128.akadns.net

67 bytes, 1+1+0+0 records, response, noerror
query: 2 globalredir.akadns.net
answer: globalredir.akadns.net 300 CNAME a23.g.akamai.net

$ dnsq a net.globalredir.akadns.net a1-128.akadns.net1

71 bytes, 1+1+0+0 records, response, noerror
query: 1 net.globalredir.akadns.net
answer: net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

$ dnsq ns edgekey.net.globalredir.akadns.net a1-128.akadns.net

79 bytes, 1+1+0+0 records, response, noerror
query: 2 edgekey.net.globalredir.akadns.net
answer: edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

$ dnsq ns com-c-2.edgekey.net.globalredir.akadns.net a1-128.akadns.net

2 com-c-2.edgekey.net.globalredir.akadns.net:
87 bytes, 1+1+0+0 records, response, noerror
query: 2 com-c-2.edgekey.net.globalredir.akadns.net
answer: com-c-2.edgekey.net.globalredir.akadns.net 300 CNAME a23.g.akamai.net

このあたりくれば、さすがになにかおかしい、と気づくはず。-- ToshinoriMaeno 2017-06-04 01:52:18

MoinQ: watchNS/net/akadns.net (last edited 2022-04-05 11:22:32 by ToshinoriMaeno)