resolv.conf
domain と search について
man を読んでも大したこと書いてないし、日英ともに外部サイトは「ホントかよ」みたいな内容が多い。 とりあえず手元で動かしてどうなるか確認。 「これらのキーワードが 2 つ以上記述されている場合、最後に記述されているものが有効になる。」これが正しいかの再確認だろう。
▼ domain が下に来る resolv.conf
resolv.conf
search sear1.yokohei.corp sear2.yokohei.corp
domain dom.yokohei.corp pcap 結果
17:12:36.971234 IP 172.31.0.26.59715 > 172.31.0.2.domain: 14689+ A? yokohei.dom.yokohei.corp. (42)
17:12:36.990460 IP 172.31.0.2.domain > 172.31.0.26.59715: 14689 NXDomain 0/1/0 (117)
17:12:36.990500 IP 172.31.0.26.35686 > 172.31.0.2.domain: 62761+ A? yokohei. (25)
17:12:36.991055 IP 172.31.0.2.domain > 172.31.0.26.40505: 46135 NXDomain 0/1/0 (129)domain を下に書いてるので、 domain だけを利用。 search は使われない。
▼ search が下に来る resolv.conf
resolv.conf
domain dom.yokohei.corp
search sear1.yokohei.corp sear2.yokohei.corp pcap 結果
17:13:33.943296 IP 172.31.0.26.54504 > 172.31.0.2.domain: 12426+ A? yokohei.sear1.yokohei.corp. (44)
17:13:33.956272 IP 172.31.0.2.domain > 172.31.0.26.54504: 12426 NXDomain 0/1/0 (119)
17:13:33.956464 IP 172.31.0.26.45576 > 172.31.0.2.domain: 62232+ A? yokohei.sear2.yokohei.corp. (44)
17:13:33.975554 IP 172.31.0.2.domain > 172.31.0.26.45576: 62232 NXDomain 0/1/0 (119)
17:13:33.975708 IP 172.31.0.26.51491 > 172.31.0.2.domain: 57286+ A? yokohei. (25)
17:13:33.976035 IP 172.31.0.2.domain > 172.31.0.26.51491: 57286 NXDomain 0/1/0 (100)search を下に書いてるので、 search だけを利用。 domain は使われない。
▼ domain と ndots について
domain オプションについても ndots は考慮される模様。 また、 ndots により先にサフィックスをつけたものを検索して、結果がなければ domain を考慮しないもとの問い合わせクエリを試行するようだ。
resolve.conf
options timeout:2 attempts:2 ndots:5
nameserver 172.31.0.2
domain ama.localcurl yokohei.com 結果
19:16:06.657254 IP ip-172-31-0-200.eu-west-1.compute.internal.41469 > 172.31.0.2.domain: 39504+ A? yokohei.com.ama.local. (39)
19:16:06.657746 IP 172.31.0.2.domain > ip-172-31-0-200.eu-west-1.compute.internal.41469: 39504 NXDomain 0/1/0 (114)
19:16:08.659536 IP ip-172-31-0-200.eu-west-1.compute.internal.41469 > 172.31.0.2.domain: 39504+ A? yokohei.com.ama.local. (39)
19:16:08.660049 IP 172.31.0.2.domain > ip-172-31-0-200.eu-west-1.compute.internal.41469: 39504 NXDomain 0/1/0 (114)
19:16:10.661727 IP ip-172-31-0-200.eu-west-1.compute.internal.44904 > 172.31.0.2.domain: 63327+ A? yokohei.com. (29)
19:16:10.662336 IP 172.31.0.2.domain > ip-172-31-0-200.eu-west-1.compute.internal.44904: 63327 4/0/0 A 99.86.122.107, A 99.86.122.26, A 99.86.122.32, A 99.86.122.34 (93)
19:16:12.663889 IP ip-172-31-0-200.eu-west-1.compute.internal.44904 > 172.31.0.2.domain: 63327+ A? yokohei.com. (29)
19:16:12.664560 IP 172.31.0.2.domain > ip-172-31-0-200.eu-west-1.compute.internal.44904: 63327 4/0/0 A 99.86.122.34, A 99.86.122.107, A 99.86.122.26, A 99.86.122.32 (93)attempts について
タイムアウトしてリトライし、 attempts 回目でも失敗した場合は search のサフィックスを付加して再度要領でクエリを投げる。
$ cat /etc/resolv.conf
options timeout:2 attempts:5
; generated by /sbin/dhclient-script
search search.yokohei.corp
nameserver 8.8.8.8
$ sudo iptables -A INPUT -p udp --sport 53 -j DROP
$ sudo tcpdump port 53
$ curl localdomain.test
curl: (6) Could not resolve host: localdomain.test
$ sudo iptables -D INPUT -p udp --sport 53 -j DROP2 秒ごとに localdomain.test. の A レコードを問い合わせるクエリを 2 秒ごとに 5 回投げ、 5 回目で終了。 その後、引き続き 2 秒ごとに localdomain.test.search.yokohei.corp. へのクエリを 5 回。
pcap 結果
19:41:37.819816 IP 172.31.0.26.34985 > 8.8.8.8.domain: 38938+ A? localdomain.test. (34)
19:41:39.822141 IP 172.31.0.26.34985 > 8.8.8.8.domain: 38938+ A? localdomain.test. (34)
19:41:41.824498 IP 172.31.0.26.34985 > 8.8.8.8.domain: 38938+ A? localdomain.test. (34)
19:41:43.826791 IP 172.31.0.26.34985 > 8.8.8.8.domain: 38938+ A? localdomain.test. (34)
19:41:45.829087 IP 172.31.0.26.34985 > 8.8.8.8.domain: 38938+ A? localdomain.test. (34)
...
19:41:47.831464 IP 172.31.0.26.46149 > 8.8.8.8.domain: 19601+ A? localdomain.test.search.yokohei.corp. (54)
19:41:49.833794 IP 172.31.0.26.46149 > 8.8.8.8.domain: 19601+ A? localdomain.test.search.yokohei.corp. (54)
19:41:51.836123 IP 172.31.0.26.46149 > 8.8.8.8.domain: 19601+ A? localdomain.test.search.yokohei.corp. (54)
19:41:53.838450 IP 172.31.0.26.46149 > 8.8.8.8.domain: 19601+ A? localdomain.test.search.yokohei.corp. (54)
19:41:55.840746 IP 172.31.0.26.46149 > 8.8.8.8.domain: 19601+ A? localdomain.test.search.yokohei.corp. (54)nameserver について
▼ 複数 nameserver
resolv.conf
options timeout:2 attempts:2
nameserver 172.31.0.2
nameserver 8.8.8.8pcap 結果
16:36:46.181195 IP 172.31.0.130.35714 > 172.31.0.2.domain: 55053+ A? yokohei.com. (29)
16:36:46.206610 IP 172.31.0.2.domain > 172.31.0.130.35714: 55053 4/0/0 A 54.192.29.89, A 54.192.29.123, A 54.192.29.221, A 54.192.29.237 (93)
16:36:48.183173 IP 172.31.0.130.42826 > 8.8.8.8.domain: 55053+ A? yokohei.com. (29)
16:36:48.225939 IP 8.8.8.8.domain > 172.31.0.130.42826: 55053 4/0/0 A 54.192.29.221, A 54.192.29.89, A 54.192.29.237, A 54.192.29.123 (93)
16:36:50.185307 IP 172.31.0.130.35714 > 172.31.0.2.domain: 55053+ A? yokohei.com. (29)
16:36:50.185781 IP 172.31.0.2.domain > 172.31.0.130.35714: 55053 4/0/0 A 54.192.29.237, A 54.192.29.89, A 54.192.29.123, A 54.192.29.221 (93)
16:36:52.187459 IP 172.31.0.130.42826 > 8.8.8.8.domain: 55053+ A? yokohei.com. (29)
16:36:52.188595 IP 8.8.8.8.domain > 172.31.0.130.42826: 55053 4/0/0 A 54.192.29.221, A 54.192.29.89, A 54.192.29.237, A 54.192.29.123 (93)上の nameserver -> timeout 秒 -> 次の nameserver -> timeout 秒 -> ... といった流れになる。 nameserver 数 × attempts 回繰り返す。
▼ 複数 nameserver + search
resolv.conf
options timeout:2 attempts:2
search yokohei.local
nameserver 172.31.0.2
nameserver 8.8.8.8pcap 結果
16:50:17.213215 IP 172.31.0.130.56574 > 172.31.0.2.domain: 27563+ A? yokohei.com. (29)
16:50:17.253194 IP 172.31.0.2.domain > 172.31.0.130.56574: 27563 4/0/0 A 54.192.29.89, A 54.192.29.123, A 54.192.29.221, A 54.192.29.237 (93)
16:50:19.215229 IP 172.31.0.130.47819 > 8.8.8.8.domain: 27563+ A? yokohei.com. (29)
16:50:19.242383 IP 8.8.8.8.domain > 172.31.0.130.47819: 27563 4/0/0 A 54.192.29.237, A 54.192.29.89, A 54.192.29.123, A 54.192.29.221 (93)
16:50:21.217365 IP 172.31.0.130.56574 > 172.31.0.2.domain: 27563+ A? yokohei.com. (29)
16:50:21.217907 IP 172.31.0.2.domain > 172.31.0.130.56574: 27563 4/0/0 A 54.192.29.237, A 54.192.29.89, A 54.192.29.123, A 54.192.29.221 (93)
16:50:23.219513 IP 172.31.0.130.47819 > 8.8.8.8.domain: 27563+ A? yokohei.com. (29)
16:50:23.220689 IP 8.8.8.8.domain > 172.31.0.130.47819: 27563 4/0/0 A 54.192.29.237, A 54.192.29.89, A 54.192.29.123, A 54.192.29.221 (93)
16:50:25.221700 IP 172.31.0.130.44023 > 172.31.0.2.domain: 20880+ A? yokohei.com.yokohei.local. (43)
16:50:25.223332 IP 172.31.0.2.domain > 172.31.0.130.44023: 20880 NXDomain 0/1/0 (130)
16:50:27.223872 IP 172.31.0.130.58963 > 8.8.8.8.domain: 20880+ A? yokohei.com.yokohei.local. (43)
16:50:27.224989 IP 8.8.8.8.domain > 172.31.0.130.58963: 20880 NXDomain 0/1/0 (118)
16:50:29.226007 IP 172.31.0.130.44023 > 172.31.0.2.domain: 20880+ A? yokohei.com.yokohei.local. (43)
å16:50:29.226418 IP 172.31.0.2.domain > 172.31.0.130.44023: 20880 NXDomain 0/1/0 (130)
16:50:31.228165 IP 172.31.0.130.58963 > 8.8.8.8.domain: 20880+ A? yokohei.com.yokohei.local. (43)
16:50:31.229303 IP 8.8.8.8.domain > 172.31.0.130.58963: 20880 NXDomain 0/1/0 (118)上の 複数 nameserver のときのものを実施し、その後サフィックスを付けて同じ流れ。
rotate について
resolv.conf
options timeout:10 attempts:1 rotate
nameserver 172.31.0.2
nameserver 8.8.8.8この設定で、 2 つの terminal から curl yokohei-1st.com と curl yokohei-2nd.com を実施。
pcap 結果を見ると、最初に問い合わせるネームサーバがラウンドロビンになるように見える。
その後は、普通に nameserver を交互に。
pcap 結果
17:12:12.987775 IP 172.31.0.130.42144 > 172.31.0.2.domain: 6191+ A? yokohei-1st.com. (33)
17:12:13.006424 IP 172.31.0.2.domain > 172.31.0.130.42144: 6191 NXDomain 0/1/0 (106)
17:12:15.003626 IP 172.31.0.130.33192 > 8.8.8.8.domain: 44094+ A? yokohei-2nd.com. (33)
17:12:15.021886 IP 8.8.8.8.domain > 172.31.0.130.33192: 44094 NXDomain 0/1/0 (106)
17:12:22.997846 IP 172.31.0.130.54731 > 8.8.8.8.domain: 6191+ A? yokohei-1st.com. (33)
17:12:23.026771 IP 8.8.8.8.domain > 172.31.0.130.54731: 6191 NXDomain 0/1/0 (106)
17:12:25.013772 IP 172.31.0.130.56879 > 172.31.0.2.domain: 44094+ A? yokohei-2nd.com. (33)
17:12:25.047713 IP 172.31.0.2.domain > 172.31.0.130.56879: 44094 NXDomain 0/1/0 (106)