1. DNS/qname-minimisation/unbound

unbound-1.7.2 から qname-minimisation: yes )(Default)

Stop minimisation when RCODE is not NOERROR–DONOT_MINIMISE_STATE: 
  send full QNAME and original QTYPE 

https://indico.dns-oarc.net/event/22/session/2/contribution/16/material/slides/0.pdf

OARC 24 (Buenos Aires) - March 2016

https://www.nlnetlabs.nl/ page 9

QNAME minimisation in Unbound
 • Version 1.5.7
 • Default off
 • Enable in config:

    server:
      qname­minimisation: yes

https://twitter.com/NLnetLabs/status/1006134922006888448

Two years ago we introduced QNAME minimisation in #Unbound.
The implementation has proven to be so reliable that in version 1.7.2 we are enabling it by default.
 #privacy #dnsprivacy Some background: https://indico.dns-oarc.net/event/22/contributions/332/ …

1.1. example

$ dig -t mx www.trap.qmail.jp @127.0.0.2

unboundはquery minimisationで、trap.qmail.jp NSを得るところから始める。

server log

@400000005ab58a28165fb304 276e870c:8931:55bc + S0002 tRap.qMAiL.JP
@400000005ab58a28175aef6c 276e870c:2db6:acd4 + S0002 WwW.TraP.QMAil.jp
@400000005ab58a2817fc24f4 276e870c:c3f2:1aa9 + S0002 weB.qMAiL.JP
@400000005ab58a2818a5beec 276e870c:f34b:3e62 + S0002 WWw.qMAil.JP
@400000005ab58a281988df74 276e870c:609c:10d2 + S000f www.qmAil.jP

1.2. dig の結果

; <<>> DiG 9.12.0 <<>> -t mx www.trap.qmail.jp @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32435
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;www.trap.qmail.jp.             IN      MX

;; ANSWER SECTION:
www.trap.qmail.jp.      600     IN      CNAME   web.qmail.jp.
web.qmail.jp.           86400   IN      CNAME   www.qmail.jp.

;; AUTHORITY SECTION:
qmail.jp.               900     IN      SOA     a.ns.qmail.jp. hostmaster.m.qmail.jp. 1521378346 16384 2048 1048576 900
qmail.jp.               20617   IN      NS      b.ns.qmail.jp.

;; ADDITIONAL SECTION:
b.ns.qmail.jp.          85417   IN      A       14.192.44.5

;; Query time: 64 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Mar 24 08:13:34 JST 2018
;; MSG SIZE  rcvd: 168

MoinQ: DNS/qname-minimisation/unbound (last edited 2020-11-03 22:05:35 by ToshinoriMaeno)