The following example is based on a signed zone that is empty apart
from the nameservers. We will query for WWW.XX.EXAMPLE showing
initial response and again 10 minutes later. Note 1: during the
intervening 10 minutes the NS records for XX.EXAMPLE have expired.
Note 2: the TTL of the SIG records are not explicitly set in the zone
file and are hence the TTL of the RRset they are the signature for.
以下の例はネームサーバを除くと空の署名されたゾーンに基づいている。
WWW.XX.EXAMPLEに問合せた最初の結果と10分後の結果を示す。
ノート1: 10分たつ間に XX.EXAMPLE の NS レコードの期限が切れる。
ノート2: SIG レコードの TTL はゾーンファイルでは明示的に設定されていないので、
シグネチャが付けられている RRset の TTL となる。
Zone File:
$TTL 86400
$ORIGIN XX.EXAMPLE.
@ IN SOA NS1.XX.EXAMPLE. HOSTMATER.XX.EXAMPLE. (
1997102000 ; serial
1800 ; refresh (30 mins)
900 ; retry (15 mins)
604800 ; expire (7 days)
1200 ) ; minimum (20 mins)
IN SIG SOA ...
1200 IN NXT NS1.XX.EXAMPLE. A NXT SIG SOA NS KEY
IN SIG NXT ... XX.EXAMPLE. ...
300 IN NS NS1.XX.EXAMPLE.
300 IN NS NS2.XX.EXAMPLE.
IN SIG NS ... XX.EXAMPLE. ...
IN KEY 0x4100 1 1 ...
IN SIG KEY ... XX.EXAMPLE. ...
IN SIG KEY ... EXAMPLE. ...
NS1 IN A 10.0.0.1
IN SIG A ... XX.EXAMPLE. ...
1200 IN NXT NS2.XX.EXAMPLE. A NXT SIG
IN SIG NXT ...
NS2 IN A 10.0.0.2
IN SIG A ... XX.EXAMPLE. ...
1200 IN NXT XX.EXAMPLE. A NXT SIG
IN SIG NXT ... XX.EXAMPLE. ...
Initial Response:
Header:
RDCODE=NXDOMAIN, AA=1, QR=1, TC=0
Query:
WWW.XX.EXAMPLE. IN A
Answer:
<empty>
Authority:
XX.EXAMPLE. 1200 IN SOA NS1.XX.EXAMPLE. ...
XX.EXAMPLE. 1200 IN SIG SOA ... XX.EXAMPLE. ...
NS2.XX.EXAMPLE. 1200 IN NXT XX.EXAMPLE. NXT A NXT SIG
NS2.XX.EXAMPLE. 1200 IN SIG NXT ... XX.EXAMPLE. ...
XX.EXAMPLE. 86400 IN NS NS1.XX.EXAMPLE.
XX.EXAMPLE. 86400 IN NS NS2.XX.EXAMPLE.
XX.EXAMPLE. 86400 IN SIG NS ... XX.EXAMPLE. ...
Additional
XX.EXAMPLE. 86400 IN KEY 0x4100 1 1 ...
XX.EXAMPLE. 86400 IN SIG KEY ... EXAMPLE. ...
NS1.XX.EXAMPLE. 86400 IN A 10.0.0.1
NS1.XX.EXAMPLE. 86400 IN SIG A ... XX.EXAMPLE. ...
NS2.XX.EXAMPLE. 86400 IN A 10.0.0.2
NS3.XX.EXAMPLE. 86400 IN SIG A ... XX.EXAMPLE. ...
After 10 Minutes:
Header:
RDCODE=NXDOMAIN, AA=0, QR=1, TC=0
Query:
WWW.XX.EXAMPLE. IN A
Answer:
<empty>
Authority:
XX.EXAMPLE. 600 IN SOA NS1.XX.EXAMPLE. ...
XX.EXAMPLE. 600 IN SIG SOA ... XX.EXAMPLE. ...
NS2.XX.EXAMPLE. 600 IN NXT XX.EXAMPLE. NXT A NXT SIG
NS2.XX.EXAMPLE. 600 IN SIG NXT ... XX.EXAMPLE. ...
EXAMPLE. 65799 IN NS NS1.YY.EXAMPLE.
EXAMPLE. 65799 IN NS NS2.YY.EXAMPLE.
EXAMPLE. 65799 IN SIG NS ... XX.EXAMPLE. ...
Additional
XX.EXAMPLE. 65800 IN KEY 0x4100 1 1 ...
XX.EXAMPLE. 65800 IN SIG KEY ... EXAMPLE. ...
NS1.YY.EXAMPLE. 65799 IN A 10.100.0.1
NS1.YY.EXAMPLE. 65799 IN SIG A ... EXAMPLE. ...
NS2.YY.EXAMPLE. 65799 IN A 10.100.0.2
NS3.YY.EXAMPLE. 65799 IN SIG A ... EXAMPLE. ...
EXAMPLE. 65799 IN KEY 0x4100 1 1 ...
EXAMPLE. 65799 IN SIG KEY ... . ...