DNS/1/security/cookies/返答について、ここに記述してください。
5. DNS Cookies Protocol Specification
5.1. Originating a Request
5.2. Responding to a Request
- If the server responds choosing (2) or (3) above, it SHALL generate its own COOKIE option containing both the Client Cookie copied from the request and a Server Cookie it has generated, and it will add this COOKIE option to the response's OPT record. Servers MUST, at least occasionally, respond to such requests to inform the client of the correct Server Cookie. This is necessary so that such a client can bootstrap to the more secure state where requests and responses have recognized Server Cookies and Client Cookies. A server is not expected to maintain per-client state to achieve this. For example, it could respond to every Nth request across all clients.
-- ToshinoriMaeno 2017-04-06 00:23:13
1. example
$ dig microsoft.com @ns1.msft.net
; <<>> DiG 9.11.0-P3 <<>> microsoft.com @ns1.msft.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 35038 ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ; COOKIE: 7cd9faea642d0270 (echoed) ;; QUESTION SECTION: ;microsoft.com. IN A ;; ANSWER SECTION: microsoft.com. 3600 IN A 23.100.122.175 microsoft.com. 3600 IN A 23.96.52.53 microsoft.com. 3600 IN A 191.239.213.197 microsoft.com. 3600 IN A 104.40.211.35 microsoft.com. 3600 IN A 104.43.195.251 ;; Query time: 6 msec ;; SERVER: 208.84.0.53#53(208.84.0.53) ;; WHEN: Fri Apr 07 10:12:12 JST 2017 ;; MSG SIZE rcvd: 134