#act Known:read,write All: == DNS/awsdns/ゾーン運用/同居 == <> <> awsdnsではNSセットを指定してゾーンが作れるらしい。 便利ですね。(危険ですね、の意味も) https://www.slideshare.net/twovs/reusable-delegation-set-route53-60772045 -- ToshinoriMaeno <> http://blog.serverworks.co.jp/tech/2017/11/02/route53-cli53/ https://docs.aws.amazon.com/ja_jp/Route53/latest/DeveloperGuide/white-label-name-servers.html https://twitter.com/beyondDNS/status/1272838388479979520?s=20 どれくらい利用されているか、調査を始めた。-- ToshinoriMaeno <> There is a default limit of 100 hosted zones that can use the same reusable delegation set. For information about requesting a limit increase, see 制限 (Limits) in the Route 53 Developer Guide: == CreateReusableDelegationSet == https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html {{{ You can also create a reusable delegation set that uses the four name servers that are associated with an existing hosted zone. Specify the hosted zone ID in the CreateReusableDelegationSet request. }}} 特定のドメイン名に対して、事前に取得しておいたNS群を割り付けることができる。 {{{ reusable delegation set A set of four authoritative name servers that you can use with more than one hosted zone. By default, Route 53 assigns a random selection of name servers to each new hosted zone. To make it easier to migrate DNS service to Route 53 for a large number of domains, you can create a reusable delegation set and then associate the reusable delegation set with new hosted zones. (You can't change the name servers that are associated with an existing hosted zone.) }}} == 登録されているゾーン == {{{ 117yen.com. 3600 IN NS ns4.117yen.com. 117yen.com. 3600 IN NS ns3.117yen.com. 117yen.com. 3600 IN NS ns1.117yen.com. 117yen.com. 3600 IN NS ns2.117yen.com. ;; ADDITIONAL SECTION: ns1.117yen.com. 300 IN A 205.251.192.51 ns2.117yen.com. 300 IN A 205.251.194.2 ns3.117yen.com. 300 IN A 205.251.197.220 ns4.117yen.com. 300 IN A 205.251.199.228 tcpreplay.net. 300 IN NS ns4.tcpreplay.net. tcpreplay.net. 300 IN NS ns1.tcpreplay.net. tcpreplay.net. 300 IN NS ns3.tcpreplay.net. tcpreplay.net. 300 IN NS ns2.tcpreplay.net. ns1.tcpreplay.net. 300 IN A 52.213.198.181 ns2.tcpreplay.net. 300 IN A 52.213.198.181 ns3.tcpreplay.net. 300 IN A 52.213.198.181 ns4.tcpreplay.net. 300 IN A 52.213.198.181 }}} これらは同居ではない。だが、205.251.199.228 には tcpreplay.net ゾーンもある。 つまり、tcpreplay.net ゾーンのNSを指定して作成できたことを意味すると考える。危険ではないか。-- ToshinoriMaeno <> {{{ $ dig exist.tcpreplay\.net. @\ns-2020.awsdns-60\.co.uk. ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> exist.tcpreplay.net. @ns-2020.awsdns-60.co.uk. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43799 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;exist.tcpreplay.net. IN A ;; ANSWER SECTION: exist.tcpreplay.net. 99 IN CNAME cname-exist.117yen.com. ;; AUTHORITY SECTION: tcpreplay.net. 300 IN NS ns1.tcpreplay.net. tcpreplay.net. 300 IN NS ns2.tcpreplay.net. tcpreplay.net. 300 IN NS ns3.tcpreplay.net. tcpreplay.net. 300 IN NS ns4.tcpreplay.net. ;; ADDITIONAL SECTION: ns1.tcpreplay.net. 300 IN A 205.251.192.51 ns2.tcpreplay.net. 300 IN A 205.251.194.2 ns3.tcpreplay.net. 300 IN A 205.251.197.220 ns4.tcpreplay.net. 300 IN A 205.251.199.228 ;; Query time: 5 msec ;; SERVER: 205.251.199.228#53(205.251.199.228) ;; WHEN: Tue Jun 16 08:01:39 JST 2020 ;; MSG SIZE rcvd: 220 }}}