Contents
DNS queryの返答が信用できない。
sharp.co.jp ゾーンは尊重するしかない。watchA/sharp.co.jp/ns1.sharp.co.jp
だが、sharp (TLD)ゾーンは信用できない。(脆弱である。)
責任をもつはずの jp.sharp ゾーンを持っていない。
1. TLD からの委譲
1.1. jpから
$ dig -t soa sharp.co.jp @a.dns.jp ; <<>> DiG 9.16.1-Ubuntu <<>> -t soa sharp.co.jp @a.dns.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38241 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; NSID: 61 32 31 2e 74 79 6f ("a21.tyo") ; COOKIE: 204c27fcd20cb6da35d7e09f621179a5bc877ce70f63f8e2 (good) ;; QUESTION SECTION: ;sharp.co.jp. IN SOA ;; AUTHORITY SECTION: sharp.co.jp. 86400 IN NS tg1.sharp.co.jp. sharp.co.jp. 86400 IN NS ns1.sharp.co.jp. ;; ADDITIONAL SECTION: tg1.sharp.co.jp. 86400 IN A 61.214.248.155 ns1.sharp.co.jp. 86400 IN A 61.214.248.154 ;; Query time: 4 msec ;; SERVER: 203.119.1.1#53(203.119.1.1) ;; WHEN: 日 2月 20 08:13:41 JST 2022 ;; MSG SIZE rcvd: 147
1.2. sharpから
sharp. 86400 IN SOA a.gmoregistry.net. noc.gmoregistry.net. 1645309084 1800 900 604800 3600 sharp. 86400 IN NS a.gmoregistry.net. sharp. 86400 IN NS b.gmoregistry.net. sharp. 86400 IN NS k.gmoregistry.net. sharp. 86400 IN NS l.gmoregistry.net.
$ dig -t ns jp.sharp @l.gmoregistry.net. ; <<>> DiG 9.16.1-Ubuntu <<>> -t ns jp.sharp @l.gmoregistry.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33925 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; NSID: 64 6e 73 31 2e 6a 70 74 79 6f 31 ("dns1.jptyo1") ;; QUESTION SECTION: ;jp.sharp. IN NS ;; AUTHORITY SECTION: jp.sharp. 86400 IN NS ns1.sharp.co.jp. jp.sharp. 86400 IN NS tg1.sharp.co.jp. ;; Query time: 4 msec ;; SERVER: 37.209.198.4#53(37.209.198.4) ;; WHEN: 日 2月 20 08:16:15 JST 2022 ;; MSG SIZE rcvd: 99
1.3. jp.zone がない
$ dig -t ns jp.sharp @ns1.sharp.co.jp ; <<>> DiG 9.16.1-Ubuntu <<>> -t ns jp.sharp @ns1.sharp.co.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21935 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 4b41a6e1bac498106232eb1962117abc4f032995db7a00b6 (good) ;; QUESTION SECTION: ;jp.sharp. IN NS ;; ANSWER SECTION: jp.sharp. 300 IN CNAME ualsharp.hs.llnwd.net. ;; Query time: 16 msec ;; SERVER: 61.214.248.154#53(61.214.248.154) ;; WHEN: 日 2月 20 08:18:20 JST 2022 ;; MSG SIZE rcvd: 100
2. 問い合わせが間違っているが
こんな返事もある。sharp TLDゾーンを管理しているつもりか。
$ dig -t soa sharp @ns1.sharp.co.jp ; <<>> DiG 9.16.1-Ubuntu <<>> -t soa sharp @ns1.sharp.co.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29985 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 03b4474c79073feaa8a70e0062117af51f91e23c7bd5df57 (good) ;; QUESTION SECTION: ;sharp. IN SOA ;; ANSWER SECTION: sharp. 600 IN SOA ns1.sharp.co.jp. postmaster.sharp.co.jp. 2022020401 3600 1800 1209600 3600 ;; AUTHORITY SECTION: sharp. 600 IN NS tg1.sharp.co.jp. sharp. 600 IN NS ns1.sharp.co.jp. ;; ADDITIONAL SECTION: ns1.sharp.co.jp. 43200 IN A 61.214.248.154 tg1.sharp.co.jp. 60 IN A 61.214.248.155 ;; Query time: 15 msec ;; SERVER: 61.214.248.154#53(61.214.248.154) ;; WHEN: 日 2月 20 08:19:17 JST 2022 ;; MSG SIZE rcvd: 188