MoinQ:

DNSSEC/dns.jpについて、ここに記述してください。

jpゾーンはDNSSEC

dns.jpゾーンはDNSSECを使っていない。

1. JPゾーン

$ dig +dnssec -t ns jp @a.dns.jp

; <<>> DiG 9.11.2 <<>> +dnssec -t ns jp @a.dns.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7007
;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;jp.                            IN      NS

;; ANSWER SECTION:
jp.                     86400   IN      NS      g.dns.jp.
jp.                     86400   IN      NS      a.dns.jp.
jp.                     86400   IN      NS      h.dns.jp.
jp.                     86400   IN      NS      c.dns.jp.
jp.                     86400   IN      NS      f.dns.jp.
jp.                     86400   IN      NS      e.dns.jp.
jp.                     86400   IN      NS      b.dns.jp.
jp.                     86400   IN      NS      d.dns.jp.
jp.                     86400   IN      RRSIG   NS 8 1 86400 20180212174502 20180113174502 56598 jp. FOirET2OaPdRNYW5uEUTwd4gidC9hChJBgiXXYv4yZJ0GYJm1K/oNUKI yNw1FYOLIRqfnlIUFrLg9vEcB2pYeUTJIeNYu+rGuHAb+KjV657/eN+1 /Pc/WQc4OEILMi4KKMmLKPMik2EQ2OPn+95GRJVFB42tb4YcI2gR7VcS 4uo=

;; Query time: 4 msec
;; SERVER: 203.119.1.1#53(203.119.1.1)
;; WHEN: Thu Jan 18 21:06:36 JST 2018
;; MSG SIZE  rcvd: 325

2. dns.jp ゾーン

$ dig +dnssec -t ns dns.jp @a.dns.jp

; <<>> DiG 9.11.2 <<>> +dnssec -t ns dns.jp @a.dns.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58482
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 10, ADDITIONAL: 12
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;dns.jp.                                IN      NS

;; AUTHORITY SECTION:
dns.jp.                 86400   IN      NS      nsd.dns.jp.
dns.jp.                 86400   IN      NS      nse.dns.jp.
dns.jp.                 86400   IN      NS      nsa.dns.jp.
dns.jp.                 86400   IN      NS      nsf.dns.jp.
dns.jp.                 86400   IN      NS      nsg.dns.jp.
dns.jp.                 86400   IN      NS      nsb.dns.jp.
OI574M80MO30F4GCAHMOT4FS0E6SJ44E.jp. 900 IN NSEC3 1 1 8 1C8F91D450 OICC361LSFV1KGCPKH7J7GJBG9P07LFE  NS SOA RRSIG DNSKEY NSEC3PARAM
OI574M80MO30F4GCAHMOT4FS0E6SJ44E.jp. 900 IN RRSIG NSEC3 8 2 900 20180212174502 20180113174502 56598 jp. XzR65icwM3vmssp5/1+jkAL4iVapBOBFzqTYAToc0mMUXZ1PLuKSO3a4 pWZV8a0gfwgIhfabGzgJ32NSRMfMULGk96xGPjtpd37WBi5NL5tHEabT TQC7gJS4xgjgI+5b4irLR4vr5tSRKGZ5eBV/vrFgFHPa5ZiwhEk4aUml fEo=
QUPNT38365AF1GEKGRU6PGPL074V482I.jp. 900 IN NSEC3 1 1 8 1C8F91D450 QUU65HQ89PIM6C2EG2H8A6O4ERFJNGL4  TXT RRSIG
QUPNT38365AF1GEKGRU6PGPL074V482I.jp. 900 IN RRSIG NSEC3 8 2 900 20180212174502 20180113174502 56598 jp. Ta/+scXnCj88O0yYafAQ35dAQ9v6maxFWwF4q4Pxn3La3JQfXPFTLzZV yysJcL6k9+chYN9zcXBvI49J8Ug9Aj3PDcS9eAi7V3TkMlZRaLrH6dRd BXcZEzRA8rXXjXvhQUQDBOs6ads/mCPCaCb8Idux5PE9KBtOZ7Nx7sk2 Cm0=

;; ADDITIONAL SECTION:
nsa.dns.jp.             86400   IN      A       203.119.1.4
nsb.dns.jp.             86400   IN      A       202.12.30.134
nsd.dns.jp.             86400   IN      A       210.138.175.245
nse.dns.jp.             86400   IN      A       192.50.43.153
nsf.dns.jp.             86400   IN      A       150.100.6.12
nsg.dns.jp.             86400   IN      A       203.119.40.4
nsa.dns.jp.             86400   IN      AAAA    2001:dc4::4
nsb.dns.jp.             86400   IN      AAAA    2001:dc2::2
nsd.dns.jp.             86400   IN      AAAA    2001:240::54
nse.dns.jp.             86400   IN      AAAA    2001:200:c000::99
nsf.dns.jp.             86400   IN      AAAA    2001:2f8:0:100::163

;; Query time: 5 msec
;; SERVER: 203.119.1.1#53(203.119.1.1)
;; WHEN: Thu Jan 18 21:05:45 JST 2018
;; MSG SIZE  rcvd: 872

ここにあるNSEC3がどういう意味をもつのか、分かっていない。

-- ToshinoriMaeno 2018-01-18 12:11:31