おー、gov 、org などなど、DNSSEC 対応になってますね。
ほぼ全ての Auth , Cache が DNSSEC 対応になるのがいつかは、 ? だけど、
リゾルバが DO ビット付きで、Cacheに問い合わせるようになるのは、、、
うーん、いつなんだろう。
[root@alaska ~]# unbound -v
[1259689259] unbound[10542:0] notice: Start of unbound 1.3.4.
[root@alaska ~]#dig @127.1 +dnssec gov. ns
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-13.P2.fc12 <<>> @127.1 +dnssec gov. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41183
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;gov. IN NS
;; ANSWER SECTION:
gov. 259193 IN NS E.USADOTGOV.NET.
gov. 259193 IN NS F.USADOTGOV.NET.
gov. 259193 IN NS C.USADOTGOV.NET.
gov. 259193 IN NS A.USADOTGOV.NET.
gov. 259193 IN NS B.USADOTGOV.NET.
gov. 259193 IN NS D.USADOTGOV.NET.
gov. 259193 IN NS G.USADOTGOV.NET.
gov. 259193 IN RRSIG NS 7 1 259200 20091206121702 20091201121702 51998 gov. n3b2uqD1MtElJ6x68nh/Tz1QtXdMCfXDPrnKUQZRzWkGL84AH52HpYXP NoqCd1Nx1wuJaa4GI42yfA/+Xl8ybX9NZg00i4Pti5fh+waXLmuvpoSp U+sAOLhaCSMcJczQHktruUHREmG6GrrvpJtfPCRkOghthEvpcnthrwYq l34=
[root@alaska ~]# dig @127.1 +dnssec A.USADOTGOV.NET
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-13.P2.fc12 <<>> @127.1 +dnssec A.USADOTGOV.NET
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8251
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;A.USADOTGOV.NET. IN A
;; ANSWER SECTION:
A.USADOTGOV.NET. 86365 IN A 74.208.172.129
A.USADOTGOV.NET. 86365 IN RRSIG A 7 3 86400 20100127111434 20091029111434 24722 usadotgov.net. kHveFca27gywFlZrhIuosrZsfoXgas0nW5oRWRnhVE1K9wbLdyp6O4nC 83PH/HmaWL2kddmADQty7Udc0zXceyAmjbtn5s0CWV6LTcRTSz2pPbMn dbxpvYdL7WE5NMfR0f4beGpq8l2LOli6b8RLaYvYIZs33LS+0CfOI2Ml Bq52+6LI1pKybZ0BM6iCjpZ2XNWY0j3GDJA4bqGnS3sB8RnPNdDPozoZ acTxMNU+ZxkEe6+sr9FAK/ZG5YohXEn2f9QRS2euMJmuLMx3VqH5s0mJ HrdO84o5owLcj6Zfbcgqeqm3LAN40SDeYNEpDxJFAhByfvg4/4bzCN6l 2qH4fQ==
;; AUTHORITY SECTION:
USADOTGOV.NET. 86364 IN NS dnssec7.datamtn.com.
USADOTGOV.NET. 86364 IN NS dnssec11.datamtn.com.
USADOTGOV.NET. 86364 IN NS dnssec9.datamtn.com.
USADOTGOV.NET. 86364 IN NS dnssec10.datamtn.com.
USADOTGOV.NET. 86364 IN NS dnssec14.datamtn.com.
USADOTGOV.NET. 86364 IN NS dnssec12.datamtn.com.
USADOTGOV.NET. 86364 IN RRSIG NS 7 2 86400 20100127111434 20091029111434 24722 usadotgov.net. FPtdFWEJwpFye9O4xxRndOA+tEQctzExoPG3YEG0bqfke3Mh+wgNfnqQ EriFPwt1xe8uoanhk+KiEn/3BDlQsoiXG70NZzQYzuynK0Wc9uOycxYc Sm+67Ku0LnYcbauvaMt1eK/Zt+7qgaQLgoQ/EMKkCVVFidW57VLfiURu gMpWWT6arHPiidbU8HFK0/sWl44ahzM5TxlLcyMNliJ35ADtPW/Bz3IQ wDelG8NRwTbumMKfuWamPSXodJCk9Rkabl7HYn2adwP5QyH2P2sderPY r/iZ23HrVs4w0GSwUCmFtxzIpBM5c31P3aYU/oWilGg38Qttq4Fri24h mVBQlQ==
[root@alaska ~]# dig @127.1 org +dnssec
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-13.P2.fc12 <<>> @127.1 org +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32428
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;org. IN A
;; AUTHORITY SECTION:
org. 900 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2008921137 1800 900 604800 86400
org. 900 IN RRSIG SOA 7 1 900 20091215173927 20091201163927 5273 org. I+iRalo3GGeGgBGnGNxLlPgcekSFsuQYeoWwuvcJTbKK0ZKJWMr7RGK3 U3KkGN8gejyaAIuvGyF+iLUsbW4jrGOuWiHSKtHB9CTfGrxjXzD2wFIE DtbTh0GAq1MEtpLYSqKwUvmalEJC8i3MomZURDW8ee5MsPeJ3yOYA+ZD NaY=
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9RDA3IB0G7GL8OQI5I5CMOC8RBIGOAG NS SOA RRSIG DNSKEY NSEC3PARAM
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20091215173927 20091201163927 5273 org. M3GCP1Sx5S7nfDQRxjL71JdrL0DQC+YOBvtehQkBk6xGQ63zmULmVfJW Mchek8XVBq3nfBbscYAtVAPdTbIn3V3SYKKXFFlS6sATt3a67I3gUPVv 6YvM4ANUIsZgFAwY/TqTe4tcrYBVkXm3JrMpvQx0FPIlS2ErTWxqzZHP RjA=
[root@alaska ~]# dig @127.1 +dnssec unbound.net ns
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-13.P2.fc12 <<>> @127.1 +dnssec unbound.net ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49614
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;unbound.net. IN NS
;; ANSWER SECTION:
unbound.net. 6800 IN NS nom-ns1.nominet.org.uk.
unbound.net. 6800 IN NS ns.secret-wg.org.
unbound.net. 6800 IN NS open.nlnetlabs.nl.
unbound.net. 6800 IN RRSIG NS 5 2 7200 20091231005006 20091201005006 8114 unbound.net. NL1fdcHRz8Ile1tL/wfC/6jj7E/n16p8K3j4g/HfpthyzebiG4M1z/od N3aiyTQHhs0TMDfIIcd4nCEg/oi6NC3Wv6CPhQb4yI2lUSAcfAo68f3x +5u1FRoXybtxucQWUomCwJdqCnK384Q2utcM5WGrdGuFF0eywShxMYMI 4PEKkNYD/l8b/zKYT9SvxtSxd5SDswmaS3Y3Q/k5v0E7vyWvM5rL6Bg1 cyJemdPgd8KiLdLC1XQREkWulTL6gxBhwrmjHm1zLJftpELQs2G2C7m/ GrWBpE6xKvIUsyZRBXrPR2bBijg2TLSi+UTAzegXdnyiuf+xPQdqVICw nDwuEg==
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.