DNSを学ぶために再帰的にdigる。

DNS network

以下のように問い合わせる。

  1. 答えを知っていそうなネームサーバに問い合わせる。(最初はrootから)

  2. 返事を確認

    1. ANSWER SECTION を確認し、もしアドレスが含まれていたら完了                  
    2. AUTHORITY SECTION を確認し、NSレコードが含まれていれば、次に問い合わせるべきベームサーバのドメイン名を知ることができる。
    3. ADDITIONAL SECTIONを確認し、AUTHORITY SECTIONにあったNSが"glue record"に含まれていれば次に問い合わせるべきネームサーバのIP Addressがわかる。1へ(新たなネームサーバに問い合わせる)。
      もし、glue recordがなければ、AUTHORITY SECTIONのNSをまず調べる。調べたら1へ(新たなネームサーバに問い合わせる)。
    4. もし、AUTHORITY SECTIONでNSが含まれていなければ困った!失敗!

 

wikipedia.orgを名前解決してみる。

まず、rootに聞く。

% dig wikipedia.org @m.root-servers.net.

; <<>> DiG 9.10.6 <<>> wikipedia.org @m.root-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32887
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;wikipedia.org.         IN  A

;; AUTHORITY SECTION:
org.            172800  IN  NS  a0.org.afilias-nst.info.
org.            172800  IN  NS  b2.org.afilias-nst.org.
org.            172800  IN  NS  b0.org.afilias-nst.org.
org.            172800  IN  NS  a2.org.afilias-nst.info.
org.            172800  IN  NS  c0.org.afilias-nst.info.
org.            172800  IN  NS  d0.org.afilias-nst.org.

;; ADDITIONAL SECTION:
d0.org.afilias-nst.org. 172800  IN  A   199.19.57.1
c0.org.afilias-nst.info. 172800 IN  A   199.19.53.1
b2.org.afilias-nst.org. 172800  IN  A   199.249.120.1
b0.org.afilias-nst.org. 172800  IN  A   199.19.54.1
a2.org.afilias-nst.info. 172800 IN  A   199.249.112.1
a0.org.afilias-nst.info. 172800 IN  A   199.19.56.1
d0.org.afilias-nst.org. 172800  IN  AAAA    2001:500:f::1
c0.org.afilias-nst.info. 172800 IN  AAAA    2001:500:b::1
b2.org.afilias-nst.org. 172800  IN  AAAA    2001:500:48::1
b0.org.afilias-nst.org. 172800  IN  AAAA    2001:500:c::1
a2.org.afilias-nst.info. 172800 IN  AAAA    2001:500:40::1
a0.org.afilias-nst.info. 172800 IN  AAAA    2001:500:e::1

;; Query time: 13 msec
;; SERVER: 2001:dc3::35#53(2001:dc3::35)
;; WHEN: Sun Sep 25 13:57:37 JST 2022
;; MSG SIZE  rcvd: 447

 

ADDITIONAL SECTION に glue recordsが含まれていたためそのうちひとつ

d0.org.afilias-nst.org. 172800 IN A 199.19.57.1

から次は199.19.57.1に問い合わせる。

 

% dig wikipedia.org @199.19.57.1

; <<>> DiG 9.10.6 <<>> wikipedia.org @199.19.57.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24037
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;wikipedia.org.         IN  A

;; AUTHORITY SECTION:
wikipedia.org.      3600    IN  NS  ns2.wikimedia.org.
wikipedia.org.      3600    IN  NS  ns1.wikimedia.org.
wikipedia.org.      3600    IN  NS  ns0.wikimedia.org.

;; ADDITIONAL SECTION:
ns0.wikimedia.org.  3600    IN  A   208.80.154.238
ns1.wikimedia.org.  3600    IN  A   208.80.153.231
ns2.wikimedia.org.  3600    IN  A   91.198.174.239

;; Query time: 12 msec
;; SERVER: 199.19.57.1#53(199.19.57.1)
;; WHEN: Sun Sep 25 13:57:47 JST 2022
;; MSG SIZE  rcvd: 154

 

ADDITIONAL SECTION に glue recordsが含まれていたためそのうちひとつ

ns0.wikimedia.org. 3600 IN A 208.80.154.238

から208.80.154.238に問い合わせる。

 

% dig wikipedia.org @208.80.154.238

; <<>> DiG 9.10.6 <<>> wikipedia.org @208.80.154.238
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63701
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
;; QUESTION SECTION:
;wikipedia.org.         IN  A

;; ANSWER SECTION:
wikipedia.org.      600 IN  A   103.102.166.224

;; Query time: 184 msec
;; SERVER: 208.80.154.238#53(208.80.154.238)
;; WHEN: Sun Sep 25 13:58:03 JST 2022
;; MSG SIZE  rcvd: 58

そして名前解決をすることができた!

;; ANSWER SECTION: wikipedia.org. 600 IN A 103.102.166.224

 

 

 

dig +trace すると再帰的に問い合わせる様子が見える。

% dig wikipedia.org. +trace

; <<>> DiG 9.10.6 <<>> wikipedia.org. +trace
;; global options: +cmd
.           280571  IN  NS  b.root-servers.net.
.           280571  IN  NS  f.root-servers.net.
.           280571  IN  NS  m.root-servers.net.
.           280571  IN  NS  g.root-servers.net.
.           280571  IN  NS  a.root-servers.net.
.           280571  IN  NS  j.root-servers.net.
.           280571  IN  NS  d.root-servers.net.
.           280571  IN  NS  h.root-servers.net.
.           280571  IN  NS  l.root-servers.net.
.           280571  IN  NS  e.root-servers.net.
.           280571  IN  NS  c.root-servers.net.
.           280571  IN  NS  i.root-servers.net.
.           280571  IN  NS  k.root-servers.net.
.           280571  IN  RRSIG   NS 8 0 518400 20221005040000 20220922030000 20826 . DO8gA3Mjxp+8mxytLZ0ITfEjQcb0O1QUO2n7igWF7D/xnbK7HjHJRHc0 3m3mAXz0ZuFdx7i8A+A1fhhhUkvz74DA+zTfImByVRr9/zvF2nG+P5we ZSJNJ00y5/+/88bIRpVb5o3jeYVzKzIP46pfGQ68N8D9qaHVS4syhUma ylq+FlrFMW0qfhcIWXLLp3giqd7reD6w94Pyk+V9rblYO4zdiwVx99EX hVha/+6/4kiPa6C7SIT9vt9RsS3IhkYJtWSXecU/5hji6mbY250B7ipi vXVn7e8JUss7snW+0D1OCmuSLRpM/DY4uNuzwYwW83ywTSalG6BdUcp0 agS28w==
;; Received 525 bytes from 240b:10:b420:3c00:5a52:8aff:fe57:b959#53(240b:10:b420:3c00:5a52:8aff:fe57:b959) in 17 ms

org.            172800  IN  NS  b0.org.afilias-nst.org.
org.            172800  IN  NS  b2.org.afilias-nst.org.
org.            172800  IN  NS  c0.org.afilias-nst.info.
org.            172800  IN  NS  d0.org.afilias-nst.org.
org.            172800  IN  NS  a0.org.afilias-nst.info.
org.            172800  IN  NS  a2.org.afilias-nst.info.
org.            86400   IN  DS  26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org.            86400   IN  RRSIG   DS 8 1 86400 20221007160000 20220924150000 20826 . ZsBhfjLoUwkO1rC8+cqrs+JF1fCwQhXnTkEU+K4a0k49klJ9dzge2OrM 0+B/CcZ3wku4hyQrmRUXzfkESepx2tVvInW9PeGuHS5O1Ub++kui5Hw9 mn4a7E6QeCdeW1A0p0hC3N0K90crEKMNnoTUj4hlCH4SdUh1gvnl8yuS GNK6MqzI18JNyv3lNKhZJGypUXUy24gw8Uf0RvCXn22ndX9A9Kib55zD WFHxhW2jKqp12QTULgQOKR2/PyUVIZjE6QIPQpIpBK2bWokMv0XcJv2h VF0Hl4QEkeq59I2Qs04Y7c/hE5ZpITCE7kSV/aMHMcACqCiLx7bQY51C JTsGuQ==
;; Received 782 bytes from 2001:dc3::35#53(m.root-servers.net) in 12 ms

wikipedia.org.      3600    IN  NS  ns0.wikimedia.org.
wikipedia.org.      3600    IN  NS  ns1.wikimedia.org.
wikipedia.org.      3600    IN  NS  ns2.wikimedia.org.
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 3600 IN NSEC3 1 1 0 332539EE7F95C32A GDTREA8KMJ2RNEQEN4M2OGJ26KFSUKJ7  NS SOA RRSIG DNSKEY NSEC3PARAM
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 3600 IN RRSIG NSEC3 8 2 3600 20221016050244 20220925040244 56124 org. cr4LvNKu3sqDukgIMyPf57HDfZONHGCelMlTsKXZQW/2DsWnzig6gjwJ yUwz4ht5y8xVWOTk/aaVlwitoXvImGuE5asNt5XRQnTIQRtfhuXoasCt 9h6tTKcI6hb04uTX0a1+sVZ303keKfCNqhO+70KWcppbrnlf+ktYvg5q NWM=
tpeahq77pcfqu9h00c3mh570ah1f4g65.org. 3600 IN NSEC3 1 1 0 332539EE7F95C32A TPEESGJUPU0G7LLLUQEA296C6EAUG5AU  NS DS RRSIG
tpeahq77pcfqu9h00c3mh570ah1f4g65.org. 3600 IN RRSIG NSEC3 8 2 3600 20221008152354 20220917142354 56124 org. fdnmYd7gnrhlwf0xkHHmybh/CheOIGWo/hIJ19En1f0xF6Ldf7sjitzZ PZpiwj0pQKRX4rQoJ6DBzBT/N9hdMzvzgJ4eK5GukwG6Qf4knPUnqZ36 zWqyQtqm3HEu+wXqmw+TI14p8tljdvqCemN0qNMKbz2ZhiBiiLHgxQ// A18=
;; Received 655 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 12 ms

wikipedia.org.      600 IN  A   103.102.166.224
;; Received 58 bytes from 208.80.153.231#53(ns1.wikimedia.org) in 151 ms