watch-www/mhlw.go.jp - moin.dnsq.info

DNS/watch/www.mhlw.go.jpについて、ここに記述してください。

1. http://www.mhlw.go.jp

IPv4 まわりを調べてみる。　(IPv6 は調査できないので）

$ dnsq a www.mhlw.go.jp a.dns.jp

1 www.mhlw.go.jp:
234 bytes, 1+0+5+4 records, response, noerror
query: 1 www.mhlw.go.jp
authority: mhlw.go.jp 86400 NS ns01.mhlw.go.jp
authority: mhlw.go.jp 86400 NS ns-kg022.ocn.ad.jp
authority: mhlw.go.jp 86400 NS nsipv602.mhlw.go.jp
authority: mhlw.go.jp 86400 NS nsipv601.mhlw.go.jp
authority: mhlw.go.jp 86400 NS ns02.mhlw.go.jp
additional: ns01.mhlw.go.jp 86400 A 210.227.79.197
additional: ns02.mhlw.go.jp 86400 A 210.227.79.229
additional: nsipv601.mhlw.go.jp 86400 28 \040\001\003\200\005\025\000\001\000\000\000\000\000\000\001\001
additional: nsipv602.mhlw.go.jp 86400 28 \040\001\003\200\005\025\000\001\000\000\000\000\000\000\001\021

$ dnsq a www.mhlw.go.jp 210.227.79.197

1 www.mhlw.go.jp:
108 bytes, 1+0+2+2 records, response, noerror
query: 1 www.mhlw.go.jp
authority: www.mhlw.go.jp 86400 NS lpns24g.mhlw.go.jp
authority: www.mhlw.go.jp 86400 NS lpns14g.mhlw.go.jp
additional: lpns14g.mhlw.go.jp 86400 A 210.227.79.196
additional: lpns24g.mhlw.go.jp 86400 A 210.227.79.228

委譲されている。この先がおかしい。

2. TTL 5秒

$ dnsq a www.mhlw.go.jp 210.227.79.196

1 www.mhlw.go.jp:
48 bytes, 1+1+0+0 records, response, authoritative, noerror
query: 1 www.mhlw.go.jp
answer: www.mhlw.go.jp 5 A 210.227.79.234

※210.227.79.202を返してくることもある。

$ dnsq any www.mhlw.go.jp 210.227.79.196

255 www.mhlw.go.jp:
32 bytes, 1+0+0+0 records, response, noerror
query: 255 www.mhlw.go.jp

A しか返事しないのか。

$ dnsq 28 www.mhlw.go.jp 210.227.79.196

28 www.mhlw.go.jp:
112 bytes, 1+0+1+0 records, response, authoritative, noerror
query: 28 www.mhlw.go.jp
authority: mhlw.go.jp 86400 SOA mhlw.go.jp administrator.mhlw.go.jp 998545544 28800 7200 604800 86400

3. DNS コンテンツサーバの原則

IPv4, IPv6 にかかわらず、問い合わせには同じ返事を答えるべき。

AAAA filtering が間違っているのはこの原則に反していること。

4. IPv6アドレスを持つサーバに聞いてみる

【その１】JPのルート

C:\dns\bin>dig +norec @a.dns.jp www.mhlw.go.jp

; <<>> DiG 9.8.0-P1 <<>> +norec @a.dns.jp www.mhlw.go.jp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49592
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4

;; QUESTION SECTION:
;www.mhlw.go.jp.                        IN      A

;; AUTHORITY SECTION:
mhlw.go.jp.             86400   IN      NS      ns01.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      ns02.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      nsipv602.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      ns-kg022.ocn.ad.jp.
mhlw.go.jp.             86400   IN      NS      nsipv601.mhlw.go.jp.

;; ADDITIONAL SECTION:
ns01.mhlw.go.jp.        86400   IN      A       210.227.79.197
ns02.mhlw.go.jp.        86400   IN      A       210.227.79.229
nsipv601.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::101
nsipv602.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::111

;; Query time: 16 msec
;; SERVER: 2001:dc4::1#53(2001:dc4::1)
;; WHEN: Wed Jun 08 23:36:55 2011
;; MSG SIZE  rcvd: 234

nsipv601.mhlw.go.jpにAを聞いてみる

C:\dns\bin>dig +norec @nsipv601.mhlw.go.jp www.mhlw.go.jp

; <<>> DiG 9.8.0-P1 <<>> +norec @nsipv601.mhlw.go.jp www.mhlw.go.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10698
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.mhlw.go.jp.                        IN      A

;; ANSWER SECTION:
www.mhlw.go.jp.         86400   IN      A       210.227.79.234
www.mhlw.go.jp.         86400   IN      A       210.227.79.202

;; AUTHORITY SECTION:
mhlw.go.jp.             86400   IN      NS      nsipv602.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      nsipv601.mhlw.go.jp.

;; ADDITIONAL SECTION:
nsipv601.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::101
nsipv602.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::111

;; Query time: 24 msec
;; SERVER: 2001:380:515:1::101#53(2001:380:515:1::101)
;; WHEN: Wed Jun 08 23:37:20 2011
;; MSG SIZE  rcvd: 166

nsipv602.mhlw.go.jpも同じ答え。v4サーバに聞いたときと答えが異なる

【その３】nsipv601.mhlw.go.jpにAAAAを聞いてみる

C:\dns\bin>dig +norec @nsipv601.mhlw.go.jp AAAA www.mhlw.go.jp

; <<>> DiG 9.8.0-P1 <<>> +norec @nsipv601.mhlw.go.jp AAAA www.mhlw.go.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9327
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.mhlw.go.jp.                        IN      AAAA

;; ANSWER SECTION:
www.mhlw.go.jp.         86400   IN      AAAA    2001:380:515:1:0:12:a1d:465
www.mhlw.go.jp.         86400   IN      AAAA    2001:380:515:1:0:11:a1d:465

;; AUTHORITY SECTION:
mhlw.go.jp.             86400   IN      NS      nsipv602.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      nsipv601.mhlw.go.jp.

;; ADDITIONAL SECTION:
nsipv601.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::101
nsipv602.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::111

;; Query time: 23 msec
;; SERVER: 2001:380:515:1::101#53(2001:380:515:1::101)
;; WHEN: Wed Jun 08 23:44:22 2011
;; MSG SIZE  rcvd: 190

nsipv602.mhlw.go.jpも同じ答え。やっぱりv4サーバに聞いたときと答えが違う。

MoinQ: watch-www/mhlw.go.jp

1. http://www.mhlw.go.jp

2. TTL 5秒

3. DNS コンテンツサーバの原則

4. IPv6アドレスを持つサーバに聞いてみる