Transcription of DNS再入門 - JPRS
1 DNS . 2002 12 19 . 2003 1 16 . Internet Week 2002/DNS DAY. ( ) (JPRS).. DNS .. DNS .. 2002/12/19 Internet Week 2002/DNS DAY 2. DNS . SOA . SOA TTL $TTL.. NS. MX. CNAME. 2002/12/19 Internet Week 2002/DNS DAY 3. SOA .. SOA . $ORIGIN $TTL 86400. @ IN SOA (. 2002121901 ; serial 86400 ; refresh 21600 ; retry 2419200 ; expire 1200 ; minimum ). 2002/12/19 Internet Week 2002/DNS DAY 4. SOA . Serial ( : ).. (BIND ). BIND YYYYMMDDnn (RFC1912). djbdns ( ). Refresh ( : ). (Serial) . 20 2 ( ) . BIND Notify . djbdns . 1 . (RFC1912). 2002/12/19 Internet Week 2002/DNS DAY 5. SOA . Retry ( : ). Refresh . (Retry) . Refresh . Refresh 1 . Expire ( : ).. 2 4 (RFC1912) . Expire Refresh . 2002/12/19 Internet Week 2002/DNS DAY 6. SOA . Minimum ( : ). TTL . (RFC1035) (RFC2308) .. ( . ) . 2002/12/19 Internet Week 2002/DNS DAY 7. SOA TTL $TTL. SOA TTL(SOA Minimum) . (RFC1035,RFC1918). RR TTL. (RFC2308).
2 TTL. TTL $TTL . BIND . 2002/12/19 Internet Week 2002/DNS DAY 8. SOA TTL $TTL. SOA TTL 1 5 (RFC1912).. 1 (=86400) . SOA TTL TTL . (RFC2308). : . SOA TTL.. 1 1 .. ( ) . (2003 1 16 ) BIND djbdns . TTL . 2002/12/19 Internet Week 2002/DNS DAY 9. TTL . BIND . SOA TTL. 10 (RFC2308 20 (=1200)). $TTL. 1 3 (RFC2308 1 (=86400)). djbdns . ( ). SOA TTL: 2560 (42 40 ). TTL: 86400(1 ). NS NS A TTL: 259200(3 ). 2002/12/19 Internet Week 2002/DNS DAY 10. (SOA ). Minimum TTL.. (RFC2308 ). TTL . SOA TTL: 10 .. TTL($TTL): 1 3 . 2002/12/19 Internet Week 2002/DNS DAY 11.. RR. NS, MX, CNAME. 2002/12/19 Internet Week 2002/DNS DAY 12. NS .. (DNS 1 ). $ORIGIN @ IN NS IN NS 2( DNS ). $ORIGIN @ IN NS IN NS 2002/12/19 Internet Week 2002/DNS DAY 13.. ( ) 100% .. DNS .. 1 ( . ) . 2 ( ). 2002/12/19 Internet Week 2002/DNS DAY 14. MX .. $ORIGIN @ IN MX 10 2002/12/19 Internet Week 2002/DNS DAY 15.. ( ) 100%.
3 DNS.. 2002/12/19 Internet Week 2002/DNS DAY 16. CNAME .. $ORIGIN www IN CNAME 2002/12/19 Internet Week 2002/DNS DAY 17.. ( ) . CNAME .. DNS .. (DNS ) .. 2002/12/19 Internet Week 2002/DNS DAY 18.. ( ) .. NS( . MX) NS A .. ( NS ) .. 3 . 2002/12/19 Internet Week 2002/DNS DAY 19. (NS). IP NS (A) . NS . (NS): $ORIGIN @ IN NS IN NS . secondary IN A ;DNS IP .. ( ) . secondary A . 2002/12/19 Internet Week 2002/DNS DAY 20. (MX). NS MX (A) . MX . (MX). $ORIGIN @ IN MX 10 mx1 IN A ; IP .. mx1 A . 2002/12/19 Internet Week 2002/DNS DAY 21. (CNAME). CNAME . A CNAME .. CNAME . DNS . CNAME . ( ). 2002/12/19 Internet Week 2002/DNS DAY 22. ( ). NS, MX . ( ) .. ( ) . DNS . ( ).. CNAME .. 2002/12/19 Internet Week 2002/DNS DAY 23. DNS .. NS . NS . DNS . DNS query ID, . MS DNS . 2002/12/19 Internet Week 2002/DNS DAY 24.. RFC2317(BCP) . CNAME .. ( ) ( ) . IP .. 2002/12/19 Internet Week 2002/DNS DAY 25.
4 : CNAME . (BIND ). ( ) . $ORIGIN @ IN SOA . IN NS . subnet136 IN NS 136 IN CNAME 137 IN CNAME 138 IN CNAME 139 IN CNAME 140 IN CNAME 141 IN CNAME 142 IN CNAME 143 IN CNAME 2002/12/19 Internet Week 2002/DNS DAY 26. : CNAME . (BIND ).. $ORIGIN @ IN SOA . IN NS 136 IN PTR 137 IN PTR 138 IN PTR 139 IN PTR 140 IN PTR 141 IN PTR 142 IN PTR 143 IN PTR 2002/12/19 Internet Week 2002/DNS DAY 27. : CNAME . (BIND ). ( ) . $ORIGIN 136 IN NS 137 IN NS 138 IN NS 139 IN NS 140 IN NS 141 IN NS 142 IN NS 143 IN NS 2002/12/19 Internet Week 2002/DNS DAY 28. : CNAME . (BIND ).. $ORIGIN @ IN SOA . IN NS IN PTR $ORIGIN @ IN SOA . IN NS IN PTR .. 2002/12/19 Internet Week 2002/DNS DAY 29.. CNAME . BIND . BIND CNAME .. RFC 1998 BIND . ( Best Current Practice . ). BIND . CNAME IP .. 1 .. CNAME .. 2002/12/19 Internet Week 2002/DNS DAY 30.. BIND CNAME . ( ).. @ PTR .. CNAME .. 2002/12/19 Internet Week 2002/DNS DAY 31.
5 CNAME . ( ) ( . ).. 2002/12/19 Internet Week 2002/DNS DAY 32. NS . NS . : TTL . (jp). $ORIGIN jp. $TTL 86400. example IN NS ( ). $ORIGIN $TTL 259200. @ IN NS DNS NS . (TTL ) . 86400? 259200? 2002/12/19 Internet Week 2002/DNS DAY 33.. BIND 86400 NS .. BIND NS query 86400 MX A. query NS 259200 .. BIND NS query 259200 .. djbdns (2003 1 16 ) NS query 86400 . MX A query NS . 259200 ( ). 2002/12/19 Internet Week 2002/DNS DAY 34. NS . RFC1034 . The RRs that describe cuts around the bottom of the zone are NS RRs that name the servers for the subzones. Since the cuts are between nodes, these RRs are NOT part of the authoritative data of the zone, and should be exactly the same as the corresponding RRs in the top node of the subzone.. BIND , djbdns .. BIND . ( ). 2002/12/19 Internet Week 2002/DNS DAY 35. DNS . 2002 11 CERT/CC Knowledge Base (KB): Vulnerability Note VU#457875: Various DNS service implementations generate multiple simultaneous queries for the same resource record BIND DNS.
6 Vulnerable . 2002 12 5 Vulnerable . 2002/12/19 Internet Week 2002/DNS DAY 36.. BIND (4, 8, 9 ) DNS . UDP .. brute-force attack .. BIND DNS query ID . ( ). ISC DNSSEC .. 2002/12/19 Internet Week 2002/DNS DAY 37.. query . ( BIND. ). DNS query ID(16 ) : 216. : 232. djbdns . DNS query ID 16 .. 2002/12/19 Internet Week 2002/DNS DAY 38. MS DNS . Microsoft DNS .. cache poisoning 1997 . BIND .. DNS . ;ja;jp241352. 2002/12/19 Internet Week 2002/DNS DAY 39. MS DNS . (2002 12 18 ).. IP IP DNS . ( ) . (MS Web Page). Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default DNS Query ID ( ) .. URL. 2 Esecurity&t=%3 Cmid%2D25%2 Dsecurity%40jwntug%2 Eor%2 Ejp %3E. 2002/12/19 Internet Week 2002/DNS DAY 40. : ( ) .. BIND4 BIND8 .. ISC . RFC . DNS RFC .. RFC(RFC2317 ). RFC1034: Domain names - concepts and facilities. RFC1035: Domain names - implementation and specification.
7 RFC1912: Common DNS Operational and Configuration Errors. RFC2181: Clarifications to the DNS Specification. RFC2308: Negative Caching of DNS Queries (DNS NCACHE). 2002/12/19 Internet Week 2002/DNS DAY 41.
