カスタムネームサーバーが委任しないのはなぜですか?

tag-icon tag-icon linux networking dns
カスタムネームサーバーが委任しないのはなぜですか?

「google.com を参照」するように言われる前に、私の設定は機能しており、「通常の」問題はすべて解決しており、6 か月以上調査しているがまったく成果が上がっていないことを明確にする必要があります。また、Name.com のサポートにも問い合わせたところ、プライベート / カスタム / バニティ ネームサーバーは問題ではないと言われました。公平に言えば、ネームサーバーの使用は機能しますが、コントロール パネルから追加した A または AAAA レコードはアドバタイズされません。

タイトルに概説されているように、問題はネームサーバーが委任されないことです。 - Linux 側で IPTables (mod_sec および mod_evasive) を使用しており、ルーター側のファイアウォールに問題がないことが確認できます (IPv6 ルーティング パケットが許可され、オン、オフ、または厳密なルールのオンのいずれでも違いはありません)。

Web サーバーへのアクセスは IPv4 側のルーティングされたサブネット経由で行われ、IPv6 接続は IPv6 サブネットのアドレスを使用して PPP 接続経由で確立されるため、追加の構成なしで IPv6 接続が機能 (検証済み) しますが、/29 IPv4 は最初のアドレスをルーティングされたサブネットのゲートウェイとして使用し、残りのアドレスは Linux イーサネット アダプターに接続されます。これも機能し、NAT をバイパスすることを目的としていますが、残りの (ゲートウェイではない) IPv4 アドレスのポートを DNS アドレス用に構成し、ポート 53 と 80 の両方を開いて、両方向 (TCP と UDP) の DNS と HTTPD 接続を確保できます。

私の名前付き.conf(rndcキーを削除した場合)名前付き実行、 そして名前付き.insurgent.info(クリア フォーム、私のサーバー上の DNSSEC 形式バージョン) ファイルは以下のとおりです。詳細や説明が必要な場合はお知らせください。

名前付き.conf:

options {
    listen-on { any; };
    allow-query { any; };
    listen-on-v6 { any; };

    directory           "/var/named";
    dump-file           "/var/named/data/cache_dump.db";
    statistics-file     "/var/named/data/named_stats.txt";
    memstatistics-file  "/var/named/data/named_mem_stats.txt";

    recursion yes;
    // edns-udp-size 1432;
    // allow-new-zones yes;
    allow-transfer { none; };

    dnssec-enable yes;
    dnssec-validation yes;
    managed-keys-directory "/var/named/dynamic";

    version "Damned If I Know";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "insurgent.info" IN {
    type master;
    file "named.insurgent.info";
    auto-dnssec maintain;
    key-directory "/var/named/dynamic";
    update-policy local;
};

zone "46.102.204.in-addr.arpa" IN {
    type master;
    file "named.PTR4.insurgent";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa" IN {
    type master;
    file "named.PTR6.insurgent";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

名前付き.insurgent.info:

$TTL 1D
@                       IN  SOA    ns1.insurgent.info.    hostmaster.insurgent.info. (
                        110     ; serial
                        21600   ; refresh after 6 hours
                        3600    ; retry after 1 hour
                        604800  ; expire after 1 week
                        86400 ) ; minimum TTL of 1 day
;
                        IN  NS  ns1.insurgent.info.
                        IN  NS  ns2.insurgent.info.
;
                        IN  A       46.102.204.226
ns1                     IN  AAAA    2A00:B900:10A4:1::2
                        IN  A       46.102.204.227
ns2                     IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  A       46.102.204.227
insurgent.info.         IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  TXT     protonmail-verification=
;
www                     IN  A       46.102.204.227
www                     IN  AAAA    2A00:B900:10A4:1::4

名前付き実行:

zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 04:09:01.695
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 05:09:01.695
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 06:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 07:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 08:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 09:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 10:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 11:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 12:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 13:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 14:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 15:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 16:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 17:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 18:09:01.698
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 182.254.49.112#53
FORMERR resolving 'ns-tel1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-cmn1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 223.167.83.104#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 19:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 20:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 21:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 22:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 23:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 00:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 01:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 02:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 03:09:01.700
_default: sending trust-anchor-telemetry query '_ta-4a5c-4f66/NULL'
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 04:09:01.700
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 05:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 06:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 07:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 08:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 09:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 10:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 11:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 12:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 13:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 14:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 15:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 16:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 17:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 18:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 19:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 20:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 21:09:01.704
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:09:01.704
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:23.537
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: journal file is out of date: removing journal file
managed-keys-zone: loaded serial 24
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
all zones loaded
running
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:53.608
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
reloading configuration succeeded
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:07.578
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: loaded serial 26
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
addnode: NSEC node already exists
zone localhost.localdomain/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
all zones loaded
running
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:09.955
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 23:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 00:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 01:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 02:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 03:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 04:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 05:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 06:12:09.956
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 07:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 08:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 09:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 10:12:09.957
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 183.2.186.153#53
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 183.2.186.153#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 11:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 12:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 13:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 14:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 15:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 16:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 17:12:09.959
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 18:12:09.959

答え1

タイトルに概説されているように、問題はネームサーバーが委任されないことです。

「委任しない」は、次の 2 つの方法で解釈できます。

  1. ネームサーバーはあなたのネームサーバーにinfo委任しませんinsurgent.info
  2. <something>.insurgent.infoあなたのネームサーバーは他の誰かのネームサーバーに委任されません。

2 番目の解釈は、ゾーンに第 3 レベルの委任 (NS レコード) がないことが示されているため、可能性は低くなります。

最初の解釈が最も可能性が高いですが、infoネームサーバーの NS レコードをチェックすると、すべて正しい情報が含まれているため、誤りであることが証明されます。

$ dnstracer -r1 -t1 -s.insurgent.info
A.ROOT-SERVERS.NET経由でinsurgent.info[a]にトレース、最大1回の再試行
A.ROOT-SERVERS.NET [.] (2001:0503:ba3e:0000:0000:0000:0002:0030)
 |\___ a0.info.afilias-nst.info [情報] (2001:0500:0019:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) 信頼できる回答が得られました
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) 信頼できる回答が得られました
 |\___ a0.info.afilias-nst.info [情報] (199.254.31.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ b2.info.afilias-nst.org [情報] (2001:0500:0049:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 |\___ b2.info.afilias-nst.org [情報] (199.249.121.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ c0.info.afilias-nst.info [情報] (2001:0500:001b:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 |\___ c0.info.afilias-nst.info [情報] (199.254.49.1)
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ d0.info.afilias-nst.org [情報] (2001:0500:001c:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 |\___ d0.info.afilias-nst.org [情報] (199.254.50.1)
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ b0.info.afilias-nst.org [情報] (2001:0500:001a:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 |\___ b0.info.afilias-nst.org [情報] (199.254.48.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ a2.info.afilias-nst.info [情報] (2001:0500:0041:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
  \___ a2.info.afilias-nst.info [情報] (199.249.113.1)
       |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (キャッシュ済み)
       |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
       |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (キャッシュ済み)
        \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *

個々のサーバーを調べると、dig同じ結果が示されます。

$ dig +nocmd +nostats insurgent.info. NS @a0.info.afilias-nst.info
;; 回答が得られました:
;; ->>HEADER<<- オペコード: QUERY、ステータス: NOERROR、ID: 56401
;; フラグ: qr rd; クエリ: 1、回答: 0、権限: 2、追加: 5
;; 警告: 再帰が要求されましたが利用できません

;; OPT擬似セクション:
; EDNS: バージョン: 0、フラグ:; udp: 4096
;; 質問セクション:
;insurgent.info. IN NS

;; 権限セクション:
insurgent.info。86400 IN NS ns2.insurgent.info。
insurgent.info。86400 IN NS ns1.insurgent.info。

;; 追加セクション:
ns1.insurgent.info. 86400 IN AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info. 86400 IN AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info. 86400 IN A 46.102.204.226
ns2.insurgent.info. 86400 IN A 46.102.204.227

$ dig +nocmd +nostats insurgent.info. DS @a0.info.afilias-nst.info
;; 回答が得られました:
;; ->>HEADER<<- オペコード: QUERY、ステータス: NOERROR、ID: 28823
;; フラグ: qr aa rd; クエリ: 1、回答: 1、権限: 0、追加: 1
;; 警告: 再帰が要求されましたが利用できません

;; OPT擬似セクション:
; EDNS: バージョン: 0、フラグ:; udp: 4096
;; 質問セクション:
;insurgent.info. IN DS

;; 回答セクション:
insurgent.info. 86400 IN DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

ご覧のとおり、委任 (NS レコード、グルー A/AAAA レコード、さらには DNSSEC DS レコード) は正しく、独自のゾーンで指定した IP アドレスと完全に一致しています。

ドメインが委任されている個々のサーバーを照会するそれらはすべて「権威ある」フラグ付きの回答を返すので、委任は有効です:

$ dig +nocmd +nostats insurgent.info.SOA @2a00:b900:10a4:1::2
;; 回答が得られました:
;; ->>HEADER<<- オペコード: QUERY、ステータス: NOERROR、ID: 50734
;; フラグ: qr aa rd ra; クエリ: 1、回答: 1、権限: 2、追加: 4

;; OPT擬似セクション:
; EDNS: バージョン: 0、フラグ:; udp: 4096
; クッキー: cc7cec751344643dd263565e5b7c5d3f1915af129394589c (良好)
;; 質問セクション:
;insurgent.info。SOAで

;; 回答セクション:
insurgent.info. 86400 IN SOA ns1.insurgent.info. hostmaster.insurgent.info. 113 21600 3600 604800 86400

;; 権限セクション:
insurgent.info。86400 IN NS ns2.insurgent.info。
insurgent.info。86400 IN NS ns1.insurgent.info。

;; 追加セクション:
ns1.insurgent.info. 86400 IN AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info. 86400 IN AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info. 86400 IN A 46.102.204.227

$ dig +nocmd +nostats insurgent.info. DS @2a00:b900:10a4:1::4
;; 回答が得られました:
;; ->>HEADER<<- オペコード: QUERY、ステータス: NOERROR、ID: 1061
;; フラグ: qr rd ra ad; クエリ: 1、回答: 1、権限: 0、追加: 1

;; OPT擬似セクション:
; EDNS: バージョン: 0、フラグ:; udp: 4096
; クッキー: ffdb2d48b46554e4a6017bda5b7c5d0e3a07a163aa55d6d5 (良好)
;; 質問セクション:
;insurgent.info. IN DS

;; 回答セクション:
insurgent.info. 86255 IN DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

しかし:

$ dig +nocmd +nostats insurgent.info を実行します。 46.102.204.227 のSOA
;; 接続がタイムアウトしました。サーバーにアクセスできませんでした

上記のログでは、ネームサーバーがDNSクエリに応答しないUDP/IPv4 経由、TCP/IPv4、UDP/IPv6、TCP/IPv6 のみを受け入れます。

これは「タイトルに概説されている」問題とは何の関係もありませんが、ドメイン名を実際に解決しようとすると確かに問題を引き起こします(TCPではなくUDPがデフォルトのDNSトランスポートであり、UDP応答がないためです)。しないTCP フォールバックが発生します)。

関連情報