ccTLD/cz/Knot-resolverについて、ここに記述してください。

-- ToshinoriMaeno 2015-10-14 06:36:06

$ kdig -t a podpora.nic.cz @127.0.0.3 

;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 60275
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; podpora.nic.cz.              IN      A

;; ANSWER SECTION:
podpora.nic.cz.         1800    IN      CNAME   www.nic.cz.
www.nic.cz.             1800    IN      A       217.31.205.50

;; Received 70 B
;; Time 2015-10-14 14:39:06 JST
;; From 127.0.0.3@53(UDP) in 937.5 ms

[plan] plan 'podpora.nic.cz.' type 'A'
[resl]   => root priming query
[plan]   plan '.' type 'NS'
[resl]     => querying: '192.228.79.201' score: 10 zone cut: '.' m12n: '.' type: 'NS'
[iter]     <= rcode: NOERROR
[resl]   => querying: '198.41.0.4' score: 10 zone cut: '.' m12n: 'Cz.' type: 'NS'
[iter]   <= referral response, follow
[resl]   => querying: '194.0.13.1' score: 10 zone cut: 'cz.' m12n: 'Nic.cz.' type: 'NS'
[iter]   <= rcode: NOERROR
[iter]   <= found cut, retrying with non-minimized name
[resl]   => querying: '194.0.12.1' score: 10 zone cut: 'cz.' m12n: 'pOdPorA.Nic.cz.' type: 'A'
[iter]   <= rcode: NOERROR
[resl] finished: 4, queries: 2, mempool: 16392 B

nic.cz は子ゾーンなのだが、そうとは認められないらしい。(親子同居が理由なのだろう)

CNAMEの問い合せなおしもしていないのか。

$ kdig -t soa nic.cz @127.0.0.3 

;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 28624
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; nic.cz.                      IN      SOA

;; ANSWER SECTION:
nic.cz.                 1800    IN      SOA     a.ns.nic.cz. hostmaster.nic.cz. 1444344903 10800 3600 1209600 7200

;; Received 76 B
;; Time 2015-10-14 14:42:31 JST
;; From 127.0.0.3@53(UDP) in 525.8 ms

[plan] plan 'nic.cz.' type 'SOA'
[resl]   => querying: '194.0.14.1' score: 10 zone cut: 'cz.' m12n: 'nic.Cz.' type: 'SOA'
[iter]   <= referral response, follow
[resl]   => querying: '193.29.206.1' score: 10 zone cut: 'nic.cz.' m12n: 'Nic.CZ.' type: 'SOA'
[iter]   <= rcode: NOERROR
[resl] finished: 4, queries: 1, mempool: 16392 B

この状態では、なぜかzone扱いされている。

$ dnsq soa nic.cz a.ns.nic.cz 

6 nic.cz:
254 bytes, 1+1+3+6 records, response, authoritative, noerror
query: 6 nic.cz
answer: nic.cz 1800 SOA a.ns.nic.cz hostmaster.nic.cz 1444344903 10800 3600 1209600 7200
authority: nic.cz 1800 NS b.ns.nic.cz
authority: nic.cz 1800 NS d.ns.nic.cz
authority: nic.cz 1800 NS a.ns.nic.cz
additional: a.ns.nic.cz 1800 A 194.0.12.1
additional: a.ns.nic.cz 1800 28 \040\001\006x\000\017\000\000\000\000\000\000\000\000\000\001
additional: b.ns.nic.cz 1800 A 194.0.13.1
additional: b.ns.nic.cz 1800 28 \040\001\006x\000\020\000\000\000\000\000\000\000\000\000\001
additional: d.ns.nic.cz 1800 A 193.29.206.1
additional: d.ns.nic.cz 1800 28 \040\001\006x\000\001\000\000\000\000\000\000\000\000\000\001

Knot DNS (Authoritative Server) はauthority, additional は付けないのではなかったか。 ([abd].nic.cz はすべておなじ)

$ dnsq soa cz a.ns.nic.cz 

6 cz:
138 bytes, 1+1+4+0 records, response, authoritative, noerror
query: 6 cz
answer: cz 18000 SOA a.ns.nic.cz hostmaster.nic.cz 1444799399 900 300 604800 900
authority: cz 18000 NS c.ns.nic.cz
authority: cz 18000 NS a.ns.nic.cz
authority: cz 18000 NS b.ns.nic.cz
authority: cz 18000 NS d.ns.nic.cz

別のサーバに問い合わせてみると、

$ dnsq soa cz b.ns.nic.cz 

6 cz:
279 bytes, 1+1+4+6 records, response, authoritative, noerror
query: 6 cz
answer: cz 18000 SOA a.ns.nic.cz hostmaster.nic.cz 1444799399 900 300 604800 900
authority: cz 18000 NS a.ns.nic.cz
authority: cz 18000 NS b.ns.nic.cz
authority: cz 18000 NS c.ns.nic.cz
authority: cz 18000 NS d.ns.nic.cz
additional: a.ns.nic.cz 18000 A 194.0.12.1
additional: a.ns.nic.cz 18000 28 \040\001\006x\000\017\000\000\000\000\000\000\000\000\000\001
additional: b.ns.nic.cz 18000 A 194.0.13.1
additional: b.ns.nic.cz 18000 28 \040\001\006x\000\020\000\000\000\000\000\000\000\000\000\001
additional: d.ns.nic.cz 18000 A 193.29.206.1
additional: d.ns.nic.cz 18000 28 \040\001\006x\000\001\000\000\000\000\000\000\000\000\000\001

$ dnsq soa cz c.ns.nic.cz 

6 cz:
138 bytes, 1+1+4+0 records, response, authoritative, noerror
query: 6 cz
answer: cz 18000 SOA a.ns.nic.cz hostmaster.nic.cz 1444799399 900 300 604800 900
authority: cz 18000 NS b.ns.nic.cz
authority: cz 18000 NS d.ns.nic.cz
authority: cz 18000 NS a.ns.nic.cz
authority: cz 18000 NS c.ns.nic.cz

だが、これをみると、子ゾーンとしては扱われてはいないようだ。 -- ToshinoriMaeno 2015-10-14 06:40:54 

[plan] plan 'podpora.nic.cz.' type 'A'
[resl]   => querying: '193.29.206.1' score: 174 zone cut: 'cz.' m12n: 'NIC.cz.' type: 'NS'
[iter]   <= rcode: NOERROR
[iter]   <= found cut, retrying with non-minimized name
[resl]   => querying: '193.29.206.1' score: 159 zone cut: 'cz.' m12n: 'pODPOra.NIc.Cz.' type: 'A'
[iter]   <= rcode: NOERROR
[resl] finished: 4, queries: 1, mempool: 16392 B