## page was renamed from DNS/watch-www/mhlw.go.jp
## page was renamed from DNS/watch/www/mhlw.go.jp
## page was renamed from DNS/watch/www.mhlw.go.jp
DNS/watch/www.mhlw.go.jpについて、ここに記述してください。

== http://www.mhlw.go.jp ==
IPv4 まわりを調べてみる。　(IPv6 は調査できないので）

$ dnsq a www.mhlw.go.jp a.dns.jp

{{{
1 www.mhlw.go.jp:
234 bytes, 1+0+5+4 records, response, noerror
query: 1 www.mhlw.go.jp
authority: mhlw.go.jp 86400 NS ns01.mhlw.go.jp
authority: mhlw.go.jp 86400 NS ns-kg022.ocn.ad.jp
authority: mhlw.go.jp 86400 NS nsipv602.mhlw.go.jp
authority: mhlw.go.jp 86400 NS nsipv601.mhlw.go.jp
authority: mhlw.go.jp 86400 NS ns02.mhlw.go.jp
additional: ns01.mhlw.go.jp 86400 A 210.227.79.197
additional: ns02.mhlw.go.jp 86400 A 210.227.79.229
additional: nsipv601.mhlw.go.jp 86400 28 \040\001\003\200\005\025\000\001\000\000\000\000\000\000\001\001
additional: nsipv602.mhlw.go.jp 86400 28 \040\001\003\200\005\025\000\001\000\000\000\000\000\000\001\021
}}}
$ dnsq a www.mhlw.go.jp 210.227.79.197

{{{
1 www.mhlw.go.jp:
108 bytes, 1+0+2+2 records, response, noerror
query: 1 www.mhlw.go.jp
authority: www.mhlw.go.jp 86400 NS lpns24g.mhlw.go.jp
authority: www.mhlw.go.jp 86400 NS lpns14g.mhlw.go.jp
additional: lpns14g.mhlw.go.jp 86400 A 210.227.79.196
additional: lpns24g.mhlw.go.jp 86400 A 210.227.79.228
}}}
委譲されている。この先がおかしい。

-----
== TTL 5秒 ==
$ dnsq a www.mhlw.go.jp 210.227.79.196

{{{
1 www.mhlw.go.jp:
48 bytes, 1+1+0+0 records, response, authoritative, noerror
query: 1 www.mhlw.go.jp
answer: www.mhlw.go.jp 5 A 210.227.79.234
}}}

　※210.227.79.202を返してくることもある。

$ dnsq any www.mhlw.go.jp 210.227.79.196

{{{
255 www.mhlw.go.jp:
32 bytes, 1+0+0+0 records, response, noerror
query: 255 www.mhlw.go.jp
}}}
A しか返事しないのか。

$ dnsq 28 www.mhlw.go.jp 210.227.79.196

{{{
28 www.mhlw.go.jp:
112 bytes, 1+0+1+0 records, response, authoritative, noerror
query: 28 www.mhlw.go.jp
authority: mhlw.go.jp 86400 SOA mhlw.go.jp administrator.mhlw.go.jp 998545544 28800 7200 604800 86400
}}}
== DNS コンテンツサーバの原則 ==
IPv4, IPv6 にかかわらず、問い合わせには同じ返事を答えるべき。

 . AAAA filtering が間違っているのはこの原則に反していること。

-----
== IPv6アドレスを持つサーバに聞いてみる ==

【その１】JPのルート

{{{
C:\dns\bin>dig +norec @a.dns.jp www.mhlw.go.jp

; <<>> DiG 9.8.0-P1 <<>> +norec @a.dns.jp www.mhlw.go.jp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49592
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4

;; QUESTION SECTION:
;www.mhlw.go.jp.                        IN      A

;; AUTHORITY SECTION:
mhlw.go.jp.             86400   IN      NS      ns01.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      ns02.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      nsipv602.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      ns-kg022.ocn.ad.jp.
mhlw.go.jp.             86400   IN      NS      nsipv601.mhlw.go.jp.

;; ADDITIONAL SECTION:
ns01.mhlw.go.jp.        86400   IN      A       210.227.79.197
ns02.mhlw.go.jp.        86400   IN      A       210.227.79.229
nsipv601.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::101
nsipv602.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::111

;; Query time: 16 msec
;; SERVER: 2001:dc4::1#53(2001:dc4::1)
;; WHEN: Wed Jun 08 23:36:55 2011
;; MSG SIZE  rcvd: 234
}}}

nsipv601.mhlw.go.jpにAを聞いてみる

{{{
C:\dns\bin>dig +norec @nsipv601.mhlw.go.jp www.mhlw.go.jp

; <<>> DiG 9.8.0-P1 <<>> +norec @nsipv601.mhlw.go.jp www.mhlw.go.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10698
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.mhlw.go.jp.                        IN      A

;; ANSWER SECTION:
www.mhlw.go.jp.         86400   IN      A       210.227.79.234
www.mhlw.go.jp.         86400   IN      A       210.227.79.202

;; AUTHORITY SECTION:
mhlw.go.jp.             86400   IN      NS      nsipv602.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      nsipv601.mhlw.go.jp.

;; ADDITIONAL SECTION:
nsipv601.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::101
nsipv602.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::111

;; Query time: 24 msec
;; SERVER: 2001:380:515:1::101#53(2001:380:515:1::101)
;; WHEN: Wed Jun 08 23:37:20 2011
;; MSG SIZE  rcvd: 166
}}}

nsipv602.mhlw.go.jpも同じ答え。v4サーバに聞いたときと答えが異なる

【その３】nsipv601.mhlw.go.jpにAAAAを聞いてみる

{{{
C:\dns\bin>dig +norec @nsipv601.mhlw.go.jp AAAA www.mhlw.go.jp

; <<>> DiG 9.8.0-P1 <<>> +norec @nsipv601.mhlw.go.jp AAAA www.mhlw.go.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9327
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.mhlw.go.jp.                        IN      AAAA

;; ANSWER SECTION:
www.mhlw.go.jp.         86400   IN      AAAA    2001:380:515:1:0:12:a1d:465
www.mhlw.go.jp.         86400   IN      AAAA    2001:380:515:1:0:11:a1d:465

;; AUTHORITY SECTION:
mhlw.go.jp.             86400   IN      NS      nsipv602.mhlw.go.jp.
mhlw.go.jp.             86400   IN      NS      nsipv601.mhlw.go.jp.

;; ADDITIONAL SECTION:
nsipv601.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::101
nsipv602.mhlw.go.jp.    86400   IN      AAAA    2001:380:515:1::111

;; Query time: 23 msec
;; SERVER: 2001:380:515:1::101#53(2001:380:515:1::101)
;; WHEN: Wed Jun 08 23:44:22 2011
;; MSG SIZE  rcvd: 190
}}}

nsipv602.mhlw.go.jpも同じ答え。
やっぱりv4サーバに聞いたときと答えが違う。