## page was renamed from DNS/1/ゾーンサーバ/移転/観察/実験4 ## page was renamed from DNS/1/ゾーンサーバ/移転/実験4 ## page was renamed from DNS/基礎知識/ゾーンサーバ/移転/実験4 ## page was renamed from DNS/用語/ゾーンサーバ/移転/実験4 ## page was renamed from DNS/ゾーンサーバ/移転/実験4 ## page was renamed from DNS/ゾーンサーバ移転/実験4 #pragma section-numbers off = 実験4 旧ゾーンサーバが旧ゾーンデータを持ったまま動作しているケース = -- [[tss]] <> 旧ゾーンサーバが持っている旧ゾーンデータがクライアント側のキャッシュサーバに及ぼす影響を試す実験 なお、旧ゾーンサーバはキャッシュは兼用しているがオープンリゾルバではない (BIND 9.8.4-P1) 「浸透おそい」と言いそう。(言うな) {{{ root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11934 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 60 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 180 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 300 IN A 172.16.17.1 ;; Query time: 3 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:44:57 2013 ;; MSG SIZE rcvd: 79 }}} この間に .nom サーバにおいて委譲を172.16.1.1 に切り替える。 {{{ root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60248 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 1 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 121 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 241 IN A 172.16.17.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:45:56 2013 ;; MSG SIZE rcvd: 79 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 60 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 118 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 238 IN A 172.16.17.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:45:59 2013 ;; MSG SIZE rcvd: 79 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7392 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 1 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 59 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 179 IN A 172.16.17.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:46:58 2013 ;; MSG SIZE rcvd: 79 }}} server3 には NS+A のキャッシュが残っているために旧ゾーンサーバに問い合わせ、繰り返し旧 www.bind.nom の A (172.16.17.1) を得てしまうことがわかる。 {{{ root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 193 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 60 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 57 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 177 IN A 172.16.17.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:47:00 2013 ;; MSG SIZE rcvd: 79 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33707 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 4 IN A 172.16.17.1 ;; AUTHORITY SECTION: bind.nom. 1 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 121 IN A 172.16.17.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:47:56 2013 ;; MSG SIZE rcvd: 79 }}} 次に旧ゾーンサーバの NS のキャッシュが切れ、委譲をたどりなおし、新しいデータを得る。(ルートの NS が一旦入るのは server3 がルートを辿ったものではなく、キャッシュを兼用している旧ゾーンサーバから得たものに見える) {{{ root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 2 IN A 172.16.17.1 ;; AUTHORITY SECTION: . 518219 IN NS a.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 518219 IN A 192.168.255.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:47:58 2013 ;; MSG SIZE rcvd: 93 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12535 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 1800 IN A 172.16.1.1 ;; AUTHORITY SECTION: bind.nom. 600 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 300 IN A 172.16.1.1 ;; Query time: 1 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:48:10 2013 ;; MSG SIZE rcvd: 79 root@server3:/ # dig www.bind.nom ; <<>> DiG 9.8.4-P1 <<>> www.bind.nom ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48612 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bind.nom. IN A ;; ANSWER SECTION: www.bind.nom. 1789 IN A 172.16.1.1 ;; AUTHORITY SECTION: bind.nom. 589 IN NS ns.bind.nom. ;; ADDITIONAL SECTION: ns.bind.nom. 289 IN A 172.16.1.1 ;; Query time: 0 msec ;; SERVER: 172.16.33.1#53(172.16.33.1) ;; WHEN: Sat Nov 2 07:48:21 2013 ;; MSG SIZE rcvd: 79 }}}