dns ipv6 ipv6 - supercsi サービス · ipv6 ipv4 a $origin wide.ad.jp. www in a 203.178.136.57...
TRANSCRIPT
DNS IPv6IPv6
�
� � �
���������/WIDE Project
� � � � � DNS ������� ������� � DNS �! "�# IPv6 � $ %'&)( *,+ -!. � Anycast � Root Zone - IPv6 /�0 � JP 12(�3�-�465 � Root 12(�3872- IPv6 /�0
IPv6 � � � � � � �
� �� � - � � -���� ����-����7 � ��� -�� -�� � � IPv4 !#"$&%&'�() * + , -/.103234153687:9 , ;=<?>A@CBED1FHGJI1FLKNMPOHQSRUT1VUWLXPY � IPv6 Z [�\�] ^`_�a bNc�*�* de[&^�fhg , ikj IPv4 lnmpoNqEr3@�stjtuwv:xpqLy{z , |N}E~PFJ�3�:i{OC415 � IPv6 ��\ d �������� � ����� , �L�UO IPv4 � IPv6 ���N�
DNS � �#� -���� � ��� ����� � Domain Name System � �#��� [e�#�� �¡ � ¢ [�£ ¤ ¥�a#¦ § � Name Space : "." ¨ root �=© #�ª � «h¬� [��® ��¯�° , �S±U²S4w³N´ µ·¶E�:¸JQSR � ¹ º»�#�h ¼ domain c½&¾�¿�À OK , eg. www.csi.ad.jp, www.keio.ac.jp � FQDN : Fully Qualified Domain Name � FQDN ^ÂÁ#à ��Ä&Å&Æ#Ç , Root ¸JÈSÉ:4Ê9 ...
DNS � Domain Name System � �#�h* ��������� Z [�� �=�� , Q: www.keio.ac.jp FE;=<?>A@:O�� , R: 131.113.1.1 iSx � ��� ��a ���� ^���� ����� ¥ ���[ Á�� , TCP/UDP F port 53 � �! �#"�$%��&' a(�) ^ * �#��+� -,%. , ;=<?>A@:O0/21k943N415 , ;=<?>A@:O ISP �6521/qP�45871q 9 :�;%<�= >?%@BA�C D�E�F�G%H�I J KML N O DNS P-Q R S T UWVYX�Z\[^]W_a`6bdc T eMfg]W_2hWikjmlonqpqrWsut4v2w T x�w6yY`0vut4v2w
DNS z { | } ~ � � � DNS <�=�� �B�������B� N O ��� ����� Root DNS ������� �a� ��R O � �BP�� ��� ��R T � �2h^¡¢hWikjmlon£[ xxxx ¤0¥§¦ O ¨ © DNS ����� ªk«�¬ k® R T �°¯a[0±dt4v2w0v³²6¦ T �´eMf0²Ww¶µ³`¸·8w^¹Wº8»�t¢¼½¦ T �¾²Ww¶µ£hWikjmlon£[W¿¶v§º2` xxxx e¸À¸¥§¦ T ÁÃÂgÄ¢Åƹ£»�t6w¸ÇaÈ�¼½É O Ê�Ë�Ì�©�Í ��Î�Ì ÏÑÐ�� �BP�Ò�� R T ¿aÓ0Å2Ôm¤ÖÕ¶×Wظp§s§s2Ù
DNS z { | } ~ � � � � ������� =���� �� �����
O ������� ��� �B� O � � ©�!�"$# O �����%©�%�& © ')( ��*+�,.- T /Y`1032�j5436870h:9<;>= � ? � @�� �A� ����� �B O C record ��� TTL P$DFE T DNS hHGJILKLMa`ON<P�c O JP Ð�� Q�R (86400 S ) T Root � 41 R O U�V RAW�X�Y P Z�R��©���[ � T \3]£×³`_^:`£pbadcqÀaÙfebg>h T APNIC h ISP \3]a`Li§ÙkjmlLnWh>^:` O %�&%Ò�o pu���rq.s �r[ Îrt �ru Rrv�w � T 60 x
DNS z { | } ~ � � � y�z {}|}~.�� � � ��� ����.��� N}{F���� O ��� ��© DNS ����� ����ÎAw V�� R O � ©(������P$��� �$+�� ��ªr����u R T »�t6w¸ÇaÈ1�k�J�¢Ù O ��� �$+�� �BP$� �M® R T �_�ah3�_�>�a[Mtqc6¿_� O ��®�P DNS ������+�© � T Á��>�¢[ÆÉ DHCP/IPCP p_ m¡¶¹ucgÄ2Ù ¢ £ ¤�© ¥ ¦�§©¨ ª «§Ð.¬�Ê Cache ®:¯>°L±J²d³d´¶µ§ÙH·>¸
DNS �
IPv6 � IPv6 {������ �<{�� ¢ Class "IN" ª IPv4 ¬�Ê.u � 687��_;������ ®���� ����� IP version �����! ÑÈ#"%$ &('*)�",+.- ³>ebg ¢ Class "IN6" /AE�0.u � µ(1�243657".����8*9¶�OM(: IPv4 ; IPv6 ®�<(= ^:`>�:adc�?#"%$ @BA�C!DB�6EGF.H.���d³�I("%J K ebg>h.L � MON�P QSR T�U ¢ Class "IN"
DNS �
IPv6 � V�WYX[Z�\ ¢ IPv6 ] ^B_a` / b�c�dOe�f �g E7hji�h�kGlnm�o ®�prq s IPv6 /ut vxw�y{z |x}�~��������g � ���!h��.�(�����prq � ��� ����� �BX�V�W��[�Y� s IPv4 /ut vxw IPv4 ] ^B_a` /�� � s IPv4 /ut vxw IPv6 ] ^B_a` /�� � s IPv6 /ut vxw IPv4 ] ^B_a` /�� � s IPv6 /ut vxw IPv6 ] ^B_a` /�� �
IPv6 � � � � � � �
� IPv4 � ����� A � �� �
$ORIGIN wide.ad.jp. www IN A 203.178.136.57
� IPv6 � ����� AAAA � �� � s A � 32bit � � 128bit ��� | ���
$ORIGIN wide.ad.jp. www IN AAAA 2001:200:0:1::5
s RFC1886 ����� � 1995 � 12 ��� s Yw�| DNS !#" $&%('�]��*),+#- $ � .0/%�21436543*�4798B�;:=<?>0@ .... � A : AAAA B6C=D2EGF A BIHKJ � type L�M N OQP R S�TGU(V*W �YX �[Z \ s ] ^B_a` ]^ _,` $,dOe�f �
IPv6 � � � � � � � acb d e
� A6 � �� � s IPv6 ] ^B_a`Y|[f*gih j#]lknm � oqp �r/Kst@2u>�rv*�0wtx?C=D2E0y s ] ^B_a`�z|{,} ~l�|�����n� � p��=���t�7�?����D?�����6�9� � �6�4��F������K�=�.����F¡ K¢ � 2001 £ X IETF ¤¦¥#§ s ¨#© ~^ª «{||¬®(¯[°���±�²��¦³�´ µ s DNS � ¶¸· ¹qº®»�¼ | ½n¾Gf*gih j � ¿nÀ : AAAA ÁàN s A6 � "experimental �QÄ�ŠƦ�[� " ~YÇ*È
IPv6 � � � � a � � � e
� AAAA Á������ ��� #g �®),- _���� IPv6 �|��� ��� ��� � ���(Z�� DNS � WEB � �#º ]"!�#%$ &�� ')( '+* DNS h j�� IPv6 �|�
server IN A 192.0.2.1 IN AAAA 2001:db8::1
IPv6 �|��, web client - IPv6 . try �0/ IPv4 x fallback
ns IN A 192.0.2.1 IN AAAA 2001:db8::1 www IN A 192.0.2.1
1 2 3 4 IPv6 5 687:9 ; <>=�?�@�A BC* : D�E FG* . ��H I ip6.arpa D�J K�� L : 2001:200:0:1::5 �CM�N
$ORIGIN 1.0.0.0.0.0.0.0.0.0.2.0.1.0.0.2.ip6.arpa.
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.wide.ad.jp.
O &�K PQ*�R�S T�U�V W%�XA Y8��T%Z�[ F]\%^�_X��T`, &C( a - bdcGe xgfdhjilknmporqts 4 u v�w8x y�z�{}|%~%� � � � � ���`���%��� : Z%�C��� � ���C( a � End Host : <���* P���'>� a}��( - �j� 64bit ���Gm��d���+� ...
DNS � � � � �
4 ��u ��wX{ UDP �� � RFC1123 : [�= UDP D� � MUST � 4 u�� ��w�|%~%������� � TCP � ����� UDP ��� ���! "�O �$#�% D'& �!(�M�N � Zone Z�( DNS )� ��X��*�[ F+��,�- D/. (�M�N 0 132Gm DNS 4+57698n� m;:35=<jm9>@? 4 A�CBED � � UDP F GIH J�N!KML NI���!O�P Q 0 qtsSR9TVUWRS4+576 mYX7Z o7[VU � TCP \ N 3 RTT 7 � ���! " 0 ]^UWX7Z9R7_`UWRS4+576balm@cSdSeSf 4 g�� Bih UDP wX{!j k�l!m n/o �$p�q � 512byte 0 fragment rts`udk;v9w
DNS � � � � � x
4 y{z � AAAA |~}� �]T�� B�� 0 A �Y�b5~� 16byte 0 AAAA �Y�b5~� 28byte � � ��\ K~F G�Z�[ F�J{�!F � 0 �I� AAAA o��S�i���7�VUY��Ub�� 4 �!� ���~��� ��� wX{$y{z w�� � � ������F G$�8�� ¡�¢%���$£$¤
DNS � � � � � x
�
�!� �����C� �/��� ��j k�l!m n � ������F G$�8�� ¡�¢%���$£$¤
$ORIGIN ad.jp. wide IN NS ns-wide.wide
� ��� �� � IP � � |���T xxx �'¤
ns-wide.wide IN A 203.178.136.59 IN AAAA 2001:200:0:1::5
�
� ��wX{ ��� � DNS ��m�� � ��� � ����. (�� � |�� ����� � IPv6 � �����C¤�. ( N � ���! "! #" ( 0 512byte r qts%$'&)(+*+,)-
DNS � � � � � x
�
.0/ : EDNS0 (RFC2671, 1999 1 8 2 ) 3 DNS 4 5�687 9C¡�:�. ;=<?>A@0B 3 CED8F�G ¡=H8I �J��� K LNMPO xxx byte QSRUT�VXW+Y[Z]\ �
EDNS0 .�^`_�a bc�?d�� 3 SERVFAIL �Je�f 3 gihkj�D�l EDNS0 m npoAq�r�s0f0t n u v�w�x y!a z {�|8d }�~#a � � ��x���� 3 �0� �)� �!� �ch0� �8� ��n��?CE� 3 Fragmentation �#� �E�`� 3 IPv6 : Minimum MTU 128byte K �+�U�]� Path MTU discovery ���[� 3 ���� �¡ g�¢�o���£�¤ K DNSSEC �¥T¦�¨§=© 3 bind-8.3 ª?«�l bind-9 o!:�¬ 3 :�¬ ®�¯�° nc± ²�� � ²´³0µ �E�0;
� � � � � � � � � � � �� �
u ��� �`~������ 3 IPv4 o AAAA ���k7 � h�CED8F�G K Q����! #"p�S� 3 IPv6 $�±&% � A ���k7 � h�CED8F�G K T('()+*-,/. T¦� u NS 0�1kd 2%~�354 687�9�: ;=<�> ? @ �A�CB#HED �F�G�f H K I-JST¦�LKNM+OQP(RTSVU QST¦� ? IPv4 o � IPv6 o �=W X K A/AAAA YQZ\[�V^])�+�_.`)U�`aLbP� K c�dfehg�i(j(SVkLbP� K l�monqprSVs � K EDNS0 �`tvu+w�x
y z { | } ~ u �E���54���� ;��?d���� IPv6 only � ��� 4 � ? �E� � IPv4 @ �A�CB���� � j�� u IPv4 ;���a DNS �?d���� ���������E�E��_?y!a b � � �����?o`� Name Split � � ² u �q���� ¡�¢�£ ? ¤���¥�¦�§ ��¨E©5ª�«¬ �5H ®�� ? ¯ °5$�@5±�²EB�¬?�H�³ ´�²q³`� �!�A³ µ ¶ ·5¸ ? IPv6 only ¹ DNS º»�¼E½��&%¿¾ À�Á�Á ? Â�Ã&Ä H DNS º»�¼ Å�°�Æ IPv4 � Ç5H ®�È
Root DNS Server ¶ DNS
��� ��� �¿����� � � 13 " �� " ����� � � [A-M].ROOT-SERVERS.NET � �����������! �"�#%$'&!(!) � 1995 *�+-,�.0/1����2�34&05�6 ¶ 1997 7 1 8 9;:=< A-I
�?>�@BA�C � ’I’ ¥?D�� U.S. E�F ¥ Root º»�¼�G HJI � ’K’ � 1997 K 5 L Å London ¬�MON PJQ � ’M’ � 1997 K 8 L ÅSR�TOU�MON PJQ V 13 <JWYX=Z\[�]Y^ � EDNS Å Â�à _�` ÁJa Ácb�d eBf�g h i�j V Root k���lB:nmYo pSqYr s��=t � � TLD � ARPA u IN-ADDR.ARPA v
M-Root w x y z { V |�} ~S��� � ��� � �;H u��Y��� �\�
Priming
V DNS k���lO< ����� � r Root ��� � � � "root.cache" � ��� ����� � ftp://ftp.internic.net/domain/named.root � ��� ���;a � ��u?v ����� ���! Hc` �#"Sb�d�$ V BIND <&%�q �!'�( )�*,+�r.- � � /�0 i�� 1 Root �!2�3 �54�687#9 � : e&; <.=�d�>.? � QNAME= . QTYPE=NS QCLASS=IN � @BADC / Root EGFIHKJML /ON�PRQTS &VUXWZY � [ " u����,\�]O��^ <`_a�#" � bdcOefNDg�hTikj�,ml��nEGFIHporqIsDt � u!v�_&: e�\�] ��w <�x�y �{z | V }�~&��� < "priming" *��!�\qYr s#� � /�0 iD�����,� � ` v ���,�
� � � � � � � � V Priming ~5�a� � 436 bytes � �&� � fixed header + 13 NS + 13 A + 0 AAAA � ����� IPv6 �,� ~� � * 800 bytes � fixed header + 13 NS + 13 A + 13 AAAA � ¡#",��_ 811 (EDNS0 pseudo-RR 6a¢ ) � Priming £¤�. ¥§¦8¨�©.ª � «�¬¤§®�¯ _;�#� 255 bytes ° ±�²´³ 241 bytes � µ�¶ �·�¸ ¹�º »¼¢ ½¿¾ À�Á� à � NS Ä�Å&Æ ÇGÈ&É Ê�Ë ÌÎÍ � Ï,Ð`Ñ �`Ò Ó�Ï�Ô�Ñ � ¡#Ó ° Anycasting ³ÖÕX×IØpÙdÚnÛ
Anycasting (RFC3258)
� ��� È������ Ê��aÉ È� ���� Ì���� � ���
� IGP ������� ¹ BGP
AS7500
202.12.27.0/24
AS7500
202.12.27.0/24
202.12.27.0/24
M−Root ParisAS7500
M−Root Tokyo
M−Root San Francisco
The Internet
Anycasting (2)
� �! #" DNS È�$�%�£#"'& ¥ � (�) *�+�,-#.{«�/ Ó�0�12 3 4�56'7 "�8 9�È�:!Æ�; <>=�? @> A � B�C ¹D(�) *�+�,-�EGF H � ÃGI J§ÃLK À J{¹�M ½¿¾ À N BGP OQPSRSTSUWV AS-Path XWY[Z]\!^ 3 :!Æ�;�_#`!È�a�b�c�dfeGg�h�&�i�5 <�"�jlk�m � (�)�B�C�E�n�o Ó Jqpfr s�+�E t�u � ��� v TCP .lw#Ó�pfr s�+�¹�x�y 3 z�{ (idempotent) & UDP :!Æ |��}l~ � DNS ¹�� v����l�
Root � � � � �
Anycasting
3 ���` 144 cluster � A/B/D/E/G/H : anycasting � � ��� � C : IAD, LAX, CHI, NYC (IGP anycast) F : YOW, KPAO, SJC, NYC, SFO, MAD, HKG, LAX, ROM F : AKL, SAO, PEK, SEL, MOW, TPE, DXB, PAR, SIN F : BNE, YTO, MRY, LIS, JNB, TLV, JKT, MUC F : OSA, PRA, AMS, BCN, NBO, MAA, LON, SCL, DAC F : KHI, TRN, CHI, BUE, CCS, OSL, PTY, UIO I : STO, HEL, MIL, LON, GVA, AMS, OSL, BKK, HKG I : BRU, FRA, ANK, BBU, CHI, WAS, TYO, KUL, KPAO I : JKL, WLG, JNB, PER, SFO, NYC, SIN, MIA I : IAD, BOM, PEK, MNe, DOH J : IAD(2), MIA, ATL, SEA, CHI, NYC, LAX, Mountain View J : SFO, AMS, LON, ARN, TYO, SEL, PEK, SIN, DUB, J : KUN, NBO, YUL, SYD, CAI, WAW, BSB, SOF, J : PRG, JNB, YYZ, BUE, MAD, VIE K : LON, AMS, FRA, ATH, DOH, MIL, RKV, HEL, GVA K : POZ, BUD, AUH, TYO, BNE, MIA, DEL, OVB L : LAX, MIA M : TYO, SEL, PAR, SFO
Root Zone � �
IPv6 3 Root Zone `!È IPv6 È�� Ç�Ä ��� � JP J KR ¹ 2004 � 7 � 21 �>.���� N Root �GÚ�� V���� �"!$#&%$')(+*�,.-0/2143 � pfr�5�E7698 v TLD :<; = � �7> ½ N IPv6 ? V&@�A O TLD BDC O&E�F$GIH.J � IPv6 K L MON+PKRQ!Ó TLDs 8 S�µ�TUK 271 V N 106 �GÚ���W 110 TLD N 2005 X 11 Y V 68/68 1[Z�#
AD, AE, AERO, AF, AG, AM, AN, AQ, AR, AS, ASIA, AT, AU, BE, BI, BIZ, BR, BT, BW, CA, CAT, CH, CI, CL, CN, COM, CX, CY, CZ, DE, FI, FM, FR, GA, GB, GG, GH, GI, GN, GR, GT, GW, GY, HK, HN, HU, ID, IE, IL, IN, INFO, INT, IT, JE, JP, KG, KH KI, KR, LC, LI, LK, LR, LS, LU, MD, ME, ML, MN, MOBI, MT, NA, NET, NG, NL, NP, NR, NU, NZ, ORG, PH, PL, PM, PT, PY, RE, RS, SC, SD, SE, SG, SI, TEL, TF, TN, TL, TN, TP, TRAVEL, TW, UK, US, UY, VA, VC, VE, WF, YT, ZA, ZM
JP TLD 3 5
� È DNS :!Æ�; � A.DNS.JP : JPRS (TYO, OSA), IPv4/IPv6 � B.DNS.JP : JPNIC (TYO), IPv4 v�� � D.DNS.JP : IIJ (TYO, OSA, SFO, JFK), IPv4/IPv6 � E.DNS.JP : WIDE (TYO, SFO, CDG), IPv4/IPv6 � F.DNS.JP : NII (TYO), IPv4/IPv6 � B.DNS.JP � IPv6 p���r ��� t 3 � � " 15min ���f`���� � Incremental zone transfer :����
JP TLD 3 ����� NS ����� "! # � � � v H%$ &(')� IPv6 *�+ � 5 NS + 5 A + 4 AAAA = 272 bytes � 5 NS + 5 A + 5 AAAA = 300 bytes � x-,o7� v�. / v�0�1 � 255 bytes N 2 Y 512 byte Y V4365)C87:9<;>=(? N @BA�B]O>CEDGFIH�%$'$GKJ�C87:9 � LU�M. /ON 195 bytes P�Q)R S N 5 (NS/A/AAAA) V&@�A OK � T U V EDNS0 ��W�X
Root � � � �
IPv6 � �
� ������� ��� � Root DNS �)� � ����� � ICANN RSSAC/SSAC � ������� ��� ������� � Root zone ��� AAAA record � M�"! #�$ � %�&('*),+�- � .0/(1�2N(3�4�R 5(R 6���7�8 ? 9 :<;>=@?BABCEDGF 9 H I�J K LNM OQPSR 6STQU 9 EDNS0 VXW69Y;>ZY[]\_^ 9 EDNS0 `baNc]dEegfhVjilkbm]nporqb=ts H IPv6 ��uwv(x�y�zw{�x H |�} ~ K���� ��7*��� ����/��"�w� 9 A record Vj�l�_�]�>a,s
Root � � � � IPv6 � �
� Firewall ����� � �����w�w� ��(�(� H � $ Cisco PIX 9 UDP �B B¡X¢¤£¤¥ 512byte §¦¨[©alª¬«] 9 Firmware ®Y¯N°�±r²B³b®Y´B¯¤¥¶µ]· H ¸�¹(4*� zone ºQ»�¼�7*½�¾ 5g¾ 6�¿�À º 9 EDNS0 VjÁ�¤¡B po@�bÃXF§±Xa 9 (EDNS0 ÄÅÃÆÄ�Ç OK) H ÈgÉ�8 Root Ê�Ë � TQU�Ì Í"7�8S¾ $ � Î�)0Ï�Ð Ñ�Ò�Ó ÔtÕwÖ �g× Ø�Ù Ú�� H Û OÜ Ý �QÞ(ß #à4�á â*º Èg¾ $ã�ä
% dig @a.gtld-servers.net com ns ; 509 bytes % dig @a.gtld-servers.net com ns +bufsiz=1024 ; 520 bytes
Root � � � � IPv6 � �
� EDNS0 )������ H �� Ü��� TQä ����º EDNS0 � | 9 99% ±@ªpo «]�� � "prefer-glue a" ������� � H A record � �����! #"�$�%�& ' H IPv6 O�()'STQä ��� � EDNS0 � | *,+�- H .0/)1 ½�º �)'32 � AAAA record *,4 5�' 6 B/D/F/G/H/K/L/M 798�o_à kpªB¡ : ; <�; <>="ß*º ?�?0=A@ B < C : D E� 0FQß*º ?�?0=A@ B < C
Root � � � � IPv6 � � � G H
� SSAC I0J�K L�MAN�O P 2007 Q 1 R�S
Accommodating IP Version 6 Address Resource Records for the Root of Domain Name System
http://www.icann.org/committees/security/sac018.pdf
� ICANN Board I!T�U : 2007 V 12 W 31 X,Y,Z�[ : "AAAA records to be added for root servers" : 2008 V 2 W 4 X,Y]\!^ = _ : 6 `�= Root Serves aA��b *,c d 6 A/F/H/J/K/M 6 Priming egfihj7gkl7 615 bytes
% dig . ns +norec +bufsize=1024
Root � � � �
IPv6 � � � G H � M-Root � � : ��� ���!.���� � 6 ����������� � : !" #A=$ ���&% =('�) 6 2008 � 1 *,+.-0/2143 : Tokyo(3), San Francisco, Paris . Anycast 6 Seoul 5 7 IPv6 6�798�:(;=<2>@?BADCEA : IX F�= IPv6 G�b HJILK
Root � � � �
IPv6 � � M N�O P QSR
1
2
5
10
20
50
100
200
500
1000
2000
5000
10000
20000
50000
Feb Mar Apr May Jun Jul Aug Sep
quer
y/se
cond
Date (2008)
IPv4IPv6
Root � � � �
IPv6 � � M EDNS
���
0%
20%
40%
60%
80%
100%
Feb Mar Apr May Jun Jul Aug Sep
ED
NS
rat
io
Date (2008)
IPv6
IPv4
Root � � � �
IPv6 � � M ��� ��� : ��� ����� ��� �� : � Y���� ����� "!�� � � � : IPv6 Y�#����$&%�' � 1% (�) * +-,/.103254�687���C�9 M M-Root �:� IPv6 ;�<=�>�?&@�A : B�C � Paris D$ ����FFE�G : H IJ��KL M�aFN�O : US F:D IPv6 aFP � �Q� R�S�� FL� � � * Tier-1 ISP 0 e peering T/U
IPv6 � � � � � � � � � �
M � � DNS ��� �� IPv4 ������� : ` � I�� AAAA ��� � � a�� ����� M �! cache ; A record !#"�$ % &(' = & : S�!L� AAAA a�� � S�� H�)�*�+ � , : -�! ��.#� AAAA /F� � /0.#1�2 ��� � � � , M 3 �54�6 �87�9;:=< : >C �&��$&%�'0?A@=B;+ �5C;D;E ? F� : Root % D���$&%�' /HGI? � S���. * JLKNMPOPQ�5SR BIND9 CUT
V W X W � �
M Kaminsky’s Attack : Cache Posisoning : Birthday attack H�Y�" * DNS R ID 2 16bit Z\[�CEA * ]P^L_a`cbedLfgKihejlkSmaJLK * nPopRNqsrgtvuxwzyN{}|S`}~e�P�s� : Authoritative only ������FL�A����� � * Root/TLD/.. 2}�L�l� : DNS D recursive �����;�:D��I� * �P�����s�e�s���l�P�(�NfgK * Source UDP port ���s }¡l¢£� * ¤£¥g� 1/100 ¦lQg� § ¨I© ªA����« ¬ DNSSEC
� � �
� DNS ������� ����� ���������� § IPv6 � ������ ! § Anycasting § "$# % &(' ) *�+ � ,$- � TLD/Root ��.�/ 01��� § 2 3 IPv6 ��« 3�45�6